Not Just Apple: GnuTLS Bug Means Security Flaw For Major Linux Distros

According to an article at Ars Technica, a major security bug faces Linux users, akin to the one recently found in Apple's iOS (and which Apple has since fixed). Says the article:"The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates. The coding error, which may have been present in the code since 2005, causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical 'goto fail' flaw that for months put users of Apple's iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug." And while Apple can readily fix a bug in its own software, at least for users who keep up on patches, "Linux" refers to a broad range of systems and vendors, rather than a single company, and the affected systems include some of the biggest names in the Linux world, like Red Hat, Debian, and Ubuntu.

Real question

Who uses GnuTLS over OpenSSL anyway?!

Re:Real question

[GPLHost-Thomas]

Anyone who can't get into the trap of the OpenSSL non-advertising licensing issue which is not compatible with the GPL license.

Re:Real question

[MightyYar]

In my ports tree:
        audio/ario
        audio/pianobar
        deskutils/fusenshi
        deskutils/taskd
        deskutils/taskwarrior
        devel/gwenhywfar
        devel/gwenhywfar-fox16
        devel/gwenhywfar-gtk2
        devel/gwenhywfar-qt4
        devel/librelp
        devel/libvirt
        editors/abiword
        editors/emacs
        editors/emacs-nox11
        emulators/qemu
        emulators/qemu-devel
        ftp/filezilla
        ftp/wput
        ftp/wzdftpd
        games/pokerth
        irc/bitlbee
        irc/ctrlproxy
        irc/weechat
        japanese/jd
        lang/gnustep-base
        mail/anubis
        mail/claws-mail
        mail/libvmime
        mail/xfce4-mailwatch-plugin
        multimedia/ffmpeg
        multimedia/libav
        net/csync2
        net/glib-networking
        net/gtk-vnc
        net/morebalance
        net/net6
        net/remmina-plugin-vnc
        net/samba4
        net/samba41
        net/sixxs-aiccu
        net/tigervnc
        net/vino
        net-im/gloox
        net-im/jabber
        net-im/loudmouth
        net-p2p/gtk-gnutella
        net-p2p/ncdc
        news/nzbget
        security/gnomint
        security/gsasl
        security/libprelude
        security/libpreludedb
        security/openvas-libnasl
        security/openvas-libraries
        security/openvas-plugins
        security/prelude-lml
        security/prelude-manager
        security/py-gnutls
        security/shishi
        sysutils/heartbeat
        textproc/iksemel
        www/gurlchecker
        www/hydra
        www/mod_gnutls
        www/wwwoffle
        www/xombrero
        net-im/jabber.el
        editors/emacs-devel
        multimedia/vlc

And some linux ports of Acrobat Reader and CUPS libraries. There is also a module for Apache.

Re:Real question

Correction, who uses GPL over BSD anyway?!

Re:Real question

[Aethedor]

Not GnuTLS, but PolarSSL. Reason for moving away from OpenSSL is because of it's horrible documentation. Or, better said, the lack of any documentation. Tried to implement SNI support in my open source web server (Hiawatha http://www.hiawatha-webserver....), but there was no proper documentation or example code available. With PolarSSL, it was done within a day. All other SSL features were implemented in a more cleaner way. No ugly callback stuff. Even with the OpenSSL 1.0.0 release some time ago their documentation was still incomplete. I seriously don't now how to take a piece of software (specially libraries) serious with proper and complete documentation. I believe proper documentation and support is even more essential to software than code quality.

Re:Real question

Sadly, hardly anyone. And ith will be free software's undoing.

Kids these days take too much for granted

Re:Real question

[Wootery]

Well, there is this one crazy project.

Re:Real question

[OneAhead]

Not all of these will manifest the flaw in an easily (or remotely) exploitable way. Taking a very lazy glance at the list, samba, the apache module and hydra could of course be a problem, and the ones in mail/ too. Still a serious issue.

Re:Real question

Actually, the real question is why this is showing up as news on Slashdot?

For a start, it's old, has been discussed many times, including here. In addition, it has little impact on most distros, and was patched in all of them within hours of being identified.

So, who's paying to get a story like this on Slashdot's front page, and why are they doing it now? I'm guessing a major commercial vendor is about to have a vulnerability exposed, and wants to poison the well for competitors. Any guesses on who it is?

Re:Real question

They're desperate for cash...

Over the past year, Dice Holdings, Inc. (DHX) has declined 27.82% and underperformed the S&P 500 by over 50%. When comparing this to a bucket of companies in the same industry like Monster Worldwide (MWW), Adecco (OTCPK:AHEXY), Randstad (OTCPK:RANJF), Manpower Group (MAN) and Paychex (PAYX) they have outperformed somewhere between 45%-80% over the past year.

Re:Real question

Score:2, Troll

what??

It's time

[Ol+Olsoc]

This if nothing else, should show everyone it's time to switch to Windows, the OS immune to exploits.

Re:It's time

[INT_QRK]

Mod + 5 "Freakin' Hilarious!"

Re:It's time

The bug is cross platform...

And yet...

Even if the distribution doesn't provide the update as quickly as desired...

The site can get the update directly from the project and apply it themselves.

Re:And yet...

[GPLHost-Thomas]

Please define "as quickly as desired". Debian was fixed on the 3rd of March which is the date of the Debian Security Advisory, that's pretty quick to me. I wonder exactly why this article pops up now, when it's been a long time we've been all patched.

Re:And yet...

"Issuing a patch from the distro" =/= "all systems patched in the wild, in tens of thousands of nodes across dozens of data centers around the world."

For all the speed with which Debian rolled out a patch, it'll still be months or years before this patch makes it into the wild on all the systems it's being used on.

Re:And yet...

The flaw you just described is cross-platform ;)

Re:And yet...

[Temkin]

Ok, the major "workstation" & server distro's patched. How about the embedded distro's? OpenWRT? DD-WRT? Do you run OpenVPN on your router? Does it even depend on GNUtls?

How about the hundreds of other embedded distro's? Bank ATMs?

Re:And yet...

[houstonbofh]

For all the speed with which Debian rolled out a patch, it'll still be months or years before this patch makes it into the wild on all the systems it's being used on.

When you show me the OS that has a patch for idiot, lazy or incompetent operators, I will buy you a beer.

Re:And yet...

[houstonbofh]

Forget openwrt... How about all the ISP provided "Firewalls" that are total garbage, have one password, and can not be updated?

Re:And yet...

I'd wait until the patch was deployed before buying the beer. Just sayin'.

Re:And yet...

Pretty obvious from Timothy's final comment that he thinks Linux people must be retarded because they don't shell out the cash for iShiny shite.
Equally obvious that he just don't get Linux and how we operate (or why for that matter)

Old news

[David+Jao]

This is quite old news, why is slashdot only picking up on it now?

The impact of this bug does not compare to the goto fail bug. Most Linux distributions use OpenSSL for TLS. Even if a program links to GnuTLS, it may not use GnuTLS for certificate validation, and if it doesn't, then it's not affected by this bug (one example is Google Chrome). It's not like iOS where everything is required (by App Store rules) to use SecureTransport.

Re:Old news

[postbigbang]

It indeed is the same level as the bug Apple fixed. Plentiful access methods are hinged on this lib and code.

It's non-trivial, and affects clients and servers in a wide breadth. Yes, were you watching, you'd have upgraded to fixed versions. Too many, however, don't know the difference between a CVE and a live hand grenade. Or they weren't watching. Same vulnerability result.

Re:Old news

[ganjadude]

its a timmy post...

"Linux" refers to a broad range of systems and vendors, rather than a single company,

really? this is /. timmy, get with the program, everyone knows this because THIS YEAR will be the year of linux on the desktop

Re:Old news

[swillden]

This is quite old news, why is slashdot only picking up on it now?

Slashdot picked it up on March 4th, actually. This is a dupe.

The impact of this bug does not compare to the goto fail bug.

Agreed.

Re:Old news

[Sipper]

Most Linux distributions use OpenSSL for TLS. Even if a program links to GnuTLS, it may not use GnuTLS for certificate validation, and if it doesn't, then it's not affected by this bug (one example is Google Chrome). It's not like iOS where everything is required (by App Store rules) to use SecureTransport.

Another (non-issue) example is MTA (email) transfers; typically on Linux systems MTAs such as Exim use GnuTLS for TLS transfers, but purposely don't do certificate verification (but can be specifically configured to do so).

This is still a serious security issue for anything that does use GnuTLS for certificate verification of course, but off the top of my head I don't have a specific example of where this is done on the Linux platform. [There probably is an example to be found somewhere though.]

Re:Old news

[c4t3l]

What is even funnier is that "one of the biggest names in the Linux world, "RedHat"" fixed the damn bug the day before the original article was published... Nice try idiots (read Ars Technica)...

Re:Old news

[rubycodez]

you are silly, it's already been patched and moreover the gnu crap isn't widely used on web connected servers.

it's a non-issue

Re:Old news

For several years, OpenSSL had no support for virtual hosts. This would have lead to many smaller multi-site servers using GnuTLS. While the feature has been added to OpenSSL, web servers are rarely running the latest and greatest.

Re:Old news

[maccodemonkey]

It's not like iOS where everything is required (by App Store rules) to use SecureTransport.

It's worth noting there is 100% no such rule. There is no app store rule enforcing any certificate validation or networking technology. Almost all the app store rules these days are around content, not technical implementations. The only technical rule I can think of off the top of my head is no using private functions in Apple's libraries, which is a no brainer.

OpenSSL is widely used, and in fact has it's own section in Apple's documentation acknowledging so. From TFM:
"Further, although OpenSSL is commonly used in the open source community, it does not provide a stable API from version to version. For this reason, the programmatic interface to OpenSSL is deprecated in OS X and is not provided in iOS. Use of the Apple-provided OpenSSL libraries by apps is strongly discouraged.

To ensure compatibility, if your app depends on OpenSSL, you should compile it yourself and statically link a known version of OpenSSL into your app. Such use works on both iOS and OS X."

The More You Know(TM).

Re:Old news

Open SSL provides a library.

Why should it make any difference if it is used on a virtual host?

Re:Old news

[hydrofix]

This is quite old news, why is slashdot only picking up on it now?

Slashdot did pick it up earlier already when it was first announced. So it's a dupe, really.

Re:Old news

[neiras]

This is a dupe. We saw this on slashdot weeks ago.

Re:Old news

[BasilBrush]

"The GNU crap". :-)

It's amazing how quite the FOSS community will throw Stallman under the bus, if the alternative is accepting parity with Apple's security bug.

Re:Old news

[David+Jao]

You missed one major technical rule: all browsers on iOS that support local rendering are required to use the system rendering engine.

Re:Old news

[maccodemonkey]

You missed one major technical rule: all browsers on iOS that support local rendering are required to use the system rendering engine.

Yeah. To Google and Mozilla, this is probably a big deal. To a developer? As long as the content runs, it doesn't really matter. I've never really found an instance where I'm going "Gee, I really wish I was able to embed Chrome here."

It is a little frustrating UIWebView on iOS doesn't have all the DOM editing/inspection functions that WebKit on the desktop has, but it is pretty flexible and customizable. In relation to the original article, you can even override the connection functionality and probably override any certificate validation.

Apple's approach is also relevant because by making everyone use the same web engine from the same dylib, Apple can patch security problems in everyone's apps without having apps have to update one by one. It's likely why they have this rule in place.

Re:Old news

There are plenty of people in the "FOSS community" (if such a thing even makes sense) who hate RMS for reasons unrelated to anything to do with Apple.

Re:Old news

Apple's approach is also relevant because by making everyone use the same web engine from the same dylib, Apple can patch security problems in everyone's apps without having apps have to update one by one. It's likely why they have this rule in place.

If that were the case, then why would they allow bundling any library that might potentially have security issues, like say OpenSSL?

Re:Old news

[dgatwood]

You missed one major technical rule: all browsers on iOS that support local rendering are required to use the system rendering engine.

Actually, no, I'm pretty sure they're just not allowed to use any JavaScript engine other than the built-in JavaScriptCore. And as of iOS 7, it's theoretically possible to actually do so without using WebKit.

Re:Old news

[Gunstick]

I checked. Running linux on the desktop since 16 years.
So yeah, no news for me.

There will be no linux on the desktop, because the desktop dissapears. But there is already linux on the smartphone, if you say it's unix on the smartphone, then there are even more... and add all tablets into the mix.

Slow weekend over at Ars?

[Zontar+The+Mindless]

My distro patched this over a month ago.

Re: Slow weekend over at Ars?

Not Ars's fault: "by Dan Goodin - Mar 4, 2014 6:56 pm UTC"

Re: Slow weekend over at Ars?

[Zontar+The+Mindless]

Heh, I might have known. Same day that openSUSE issued their patch, even.

Re:Slow weekend over at Ars?

[thoth]

Slow weekend at Ars? Had you actually looked at the Ars article, you may have noticed it was from one month ago, March 4 2014.

The fact it's here now (and is also a dupe of a previous article here) reflects more on Slashdot and its submitters and editors, than Ars.

Re:Slow weekend over at Ars?

[Zontar+The+Mindless]

Had you actually read this thread, you'd have seen that the article date has already been brought up, and I've already taken note of same. But, hey, thanks for playing.

Re:Slow weekend over at Ars?

Zontar's "touched in the head" by schizophrenic multiple personality disorder http://slashdot.org/comments.p... and manic depression http://slashdot.org/comments.p... now go take those meds, you whacko!

There are rumours...

[gnasher719]

that Apple took notice of some accusations that the NSA managed to modiy some open source codebases, reviewed all code that was checked in at about the suspicious time frame, and found the "goto fail" bug that way. No idea whether this is true, but I'd be curious who checked in this bug.

Re:There are rumours...

[Megol]

There are also rumors that all the worlds leaders are reptilians.

Re:There are rumours...

[swb]

You misspelled "suppressed truth".

Re:There are rumours...

[INT_QRK]

Yep. That one's true, by the war.

Re:There are rumours...

[rastos1]

You mean lizards, right?

Ha!

Funny :) I suppose we should switch all of our web-servers to IIS too?

Re:Ha!

[Cenan]

Of course you blithering idiot, why do you think we have all this bloat lying around, if not for your protection?

Re:Ha!

[rubycodez]

and the blue screening of classic windows provides a hard shield against any rogue processes owning the machine for too long

Re:Ha!

Funny :) I suppose we should switch all of our web-servers to IIS too?

Duh...Sharepoint!

People use GnuTLS?

[aleph]

Is anyone other than Debian zealous enough to use GnuTLS?

I rarely agree with Howard Chu of OpenLDAP fame, but... http://www.openldap.org/lists/...

Re:People use GnuTLS?

On my Fedora 18 system, the only thing that rpm shows needing GnuTLS is OpenConnect, and I don't use it, nor do I know how popular it is.

Re:People use GnuTLS?

[neiras]

Hey! I got the karma for posting that link in the first article, you... you... karma whore! ;)

Re:People use GnuTLS?

Hey jackass, guess what? OpenSSL is in Debian, too. Patched packages for the GnuTLS bug were also released by the Debian security team extremely quickly. Get over yourself.

Near Zero Impact

[marienf]

> Most Linux distributions use OpenSSL for TLS.
> Even if a program links to GnuTLS, it may not use GnuTLS for certificate validation,
> and if it doesn't, then it's not affected by this bug (one example is Google Chrome)

Agree. I've ran through everything that linked to gnutls on my distro (Arch) and although there's
quite a lot of binaries that do, most of those do not offer TLS connections (or any network connectivity at all), so my
guess (without knowing GNuTLS at all) is that they use some other feature offered by the library.

Of those that I know actually capable of SSL/TLS connections, all (also) link to OpenSSL.

So without making a definitive statement, AFAICT this should have near zero impact on GNU/Linux.

Re:Near Zero Impact

so my guess (without knowing GNuTLS at all) is that they use some other feature offered by the library.

Probably because just like OpenSSL it provides implementations of hash functions (MD5 SHA1 etc), private key algorithms etc
http://gnutls.org/manual/gnutls.html#Using-GnuTLS-as-a-cryptographic-library

Re:Near Zero Impact

Check the arch reverse dependencies - wget might be impacted. Pretty much nothing else that's popularly used is affected. As others have said, fortunately, this was patch last month.

Stop using GNU TLS

And use OpenSSL. As awkward as it may be, it doesn't have the design flaws that GNU TLS does.

Re:Stop using GNU TLS

OpenSSL's code is even more of a pile of indirected multiply abstracted crap than GNU TLS. Frankly both need to be refactored in separately and parallel for maximum simplicity and security.

(CAPTCHA: entrap ;-) )

Re:Stop using GNU TLS

[aleph]

OpenSSL is far far from great (the API, my eyes, they burn! don't get me started on openssl error codes/messages), but it's not quite the steaming pile of something smelly GnuTLS is.

Although it has improved somewhat over the past few years, at least on the "other SSL clients will actually interoperate" side of things.

Re:Stop using GNU TLS

[wiredlogic]

You should poke through the OpenSSL code some day. It's pretty stinky.

What the hell is this, timothy?

Are you trolling for an Apple-vs-Linux flame war? do you have a zealous attachment to Apple? or are you just dull?

1) This is old news, and the /. has already reported on it;

2) Hardly anything uses the GNU TLS library, and for the same reason people have been advising against Apple's rewrite of security libraries: because it's better to use something that's had over a decade of development and review and is widely deployed across a series of platforms;

3) You're arguing about the heterogeneity of the Linux platform as if it's a bad thing, while in fact this acts in Linux's favour. Even though the GNU project might like people to use gnutls, distros have chosen not to. Apple either discourages choice or makes it impossible, depending on what exactly you're targeting, which is why everything was affected.

Re:What the hell is this, timothy?

[sirlark]

And what's this saying that heterogeneity of the Linux world will make fixing it more difficult? Fix it upstream, and most distros, and ALL the major ones will have it out a s a security update in less than a week.

yep, it is old news - already fixed in most Linux

[mpb]

Fixed at the beginning of March.
Example: http://advisories.mageia.org/MGASA-2014-0117.html

"Nothing to see here. Move on."

If GNUTls is unneeded, then create a NO-OP library

[Marrow]

Create a library with that name that does nothing, or logs errors for any entry points. Why is something being shipped that is insecure. I understand that the builds have to be changed. But the library could be replaced with a skeleton right now, can't it?
And maybe we would see that its not quite as in-active as people think.

Nonsense

[K.+S.+Kyosuke]

"Linux" refers to a broad range of systems and vendors

Actually, Linux refers to the operating system kernel which has nothing to do with GnuTLS. (Wow, someone actually uses GnuTLS?)

Re:Nonsense

[Bengie]

"Linux" refers to whatever people want it to refer to. Language is decided by the majority and you're the minority, meaning you're using it incorrectly.

Open source can't be patched?

[tomhath]

From the Really Bad Submission:

And while Apple can readily fix a bug in its own software, at least for users who keep up on patches, "Linux" refers to a broad range of systems and vendors, rather than a single company, and the affected systems include some of the biggest names in the Linux world, like Red Hat, Debian, and Ubuntu.

Gee. it sure is a problem that Red Hat, Debian, or Ubuntu couldn't just, you know, fix the bug and recompile the source code. Oh wait, they already did

FTFA

GnuTLS developers published this bare-bones advisory that urges all users to upgrade to version 3.2.12. The flaw, formally indexed as CVE-2014-0092, is described by a GnuTLS developer as "an important (and at the same time embarrassing) bug discovered during an audit for Red Hat." Debian's advisory is here.

Re:Open source can't be patched?

[exomondo]

Gee. it sure is a problem that Red Hat, Debian, or Ubuntu couldn't just, you know, fix the bug and recompile the source code. Oh wait, they already did

I think the point TFS is trying to make is that GnuTLS maintainers can't just fix the issue and push the fix to end users, it has to go through the vendors first. The same PITA issue that Android users have with OS updates having to go through carriers where sure the tech-savvy minority that happen to know about it can chase down the fix, recompile and re-install their systems but the vast majority of people can't and so are exposed to vulnerabilities for a much longer time.

NO LONGER AN ISSUE

This is a problem only where sysadmins don't regularly update their systems.
It's Okay, boys: this is FIXED already.

Re:If GNUTls is unneeded, then create a NO-OP libr

[Sipper]

Create a library with that name that does nothing, or logs errors for any entry points. Why is something being shipped that is insecure. I understand that the builds have to be changed. But the library could be replaced with a skeleton right now, can't it?
And maybe we would see that its not quite as in-active as people think.

There are two distinct part of SSL/TLS; encryption and authentication. In this case it's only the authentication portion that has an issue, not the encryption portion. There are several places in which GnuTLS is used for encryption but not authentication such as MTA (email) transfers over TLS (at least most of the time).

As for why GnuTLS exists, AFAIK it's mainly because of licensing issues -- compiling a GPLv2+ program against OpenSSL gets into licensing troubles, so there needed to be a GPL compatible alternative.

Only when

You pay 5.5 billion for a supprt contract for XP

Re:Trust No One

That's why I use semaphore code, no freaking computers for me, as I couldn't investigate the hardware AND software myself, and, as you say, trust no one. But I CAN trust my semaphore flags. I sometimes use morse code, but I'm not sure if there are any bugs in the transmission of it.

Re:Trust No One

[mark-t]

The difference is that with closed source, the only exploits that are discovered by third parties and get fixed are those that have already been exploited, and already resulted in vulnerable systems.

With open source, exploits can potentially be discovered and reported by other parties *before* the exploit has actually ever been used, meaning that a fix is available at the same time that the exploit becomes public knowledge, and anyone who updates as soon as such an exploit becomes known has a higher level of confidence that their system will have not yet been compromised. The very fact that open source may also make it easier for a third party to find a way to exploit a previously unknown vulnerability also makes it easier for a third party to take action that will lead to the issue being corrected.

With open source, such critical bugs can and actually *will* be fixed, a sufficiently technically competent individual could even do so themselves, where with closed source, absolutely everyone is at the whim of the development team's schedule.

Re:Trust No One

[Arker]

Free/Open code is a necessary but not sufficient condition for security.

Welcome to the New World Order

This will be the last post you ever make. The black helicopters will swoop you up and take you to the area 51 where aliens will perform experiments on you on the set where they faked the moon landing.

And lmfao, the captia was "abortion"!

Re:Welcome to the New World Order

[Immerman]

Who said anything about aliens? The reptilians are actually an earlier sentient species of Earthling, driven underground by the asteroid impact that ushered in the extinction of the dinosaurs. They're only meddling in primitive Human politics to keep us from interfering with their space program.

Re:Welcome to the New World Order

[geminidomino]

When they're not entering into eeeeebil same-sex relationships with their deceptively mousey ninja-housemaid hybrids...

Re:If GNUTls is unneeded, then create a NO-OP libr

[swillden]

There are two distinct part of SSL/TLS; encryption and authentication. In this case it's only the authentication portion that has an issue, not the encryption portion.

Unauthenticated public key encryption is useless against an active attacker (one able to modify traffic, rather than just eavesdrop on it).

There are several places in which GnuTLS is used for encryption but not authentication such as MTA (email) transfers over TLS (at least most of the time).

Huh? Even for SSMTP, certificates can -- and must! -- be checked.

Editor's "editing"

[oldhack]

And while Apple can readily fix a bug in its own software, at least for users who keep up on patches, "Linux" refers to a broad range of systems and vendors, rather than a single company, and the affected systems include some of the biggest names in the Linux world, like Red Hat, Debian, and Ubuntu.

Now, who was this comment for? Half the stories generate complaints about obcure acronyms and lack of context in the summary, but you manage to throw that in?

Re:Editor's "editing"

I agree. Even if this is a problem for many distros, it still only gets fixed in one place and the distros pick up the fix.

Wow, that made it seem 10 times worse, thanks!

[Marrow]

Yes its used, but only sometimes. Only for that mail stuff, and hey maybe only if someone else is handling authentication because we know thats broken. And we need the stuff there for legal reasons and we need it there as an alternative. Just in case we need to use it, even though we know its broken.

So tell me, why cant we have the parts we know are insecure issue a log each time they are run?

Re:Wow, that made it seem 10 times worse, thanks!

[Sipper]

So tell me, why cant we have the parts we know are insecure issue a log each time they are run?

I understand what you're trying to get at; you'd like to have a log of the failure. However unfortunately that wouldn't tell you what you needed to know in this case; if you did have logging on this, the result you'd get would be "client authenticated" even though it was possible that the authentication actually didn't succeed. :-(

The unfortunate truth is that software bugs happen, and bugs that report success are harder to find than bugs that cause a failure.

Re:Wow, that made it seem 10 times worse, thanks!

You appear to be quite confused.

Re:Trust No One

[Lawrence_Bird]

The difference is that with closed source, the only exploits that are discovered by third parties and get fixed are those that have already been exploited, and already resulted in vulnerable systems.

This is an unprovable statement. You have no idea how many exploits are discovered by the authors or those in charge of maintaining closed code nor how many of those are fixed.

What your statement really is saying is that the only publicized exploits are those found by third parties. And this is, for the most part, the same with open source code.

With open source, such critical bugs can and actually *will* be fixed,....

Eight years later? And this in code needed for security. Are you saying my confidence in open source code review should be increased now?

Re:Trust No One

[serviscope_minor]

This story should prove once and for all that ... "open source" does not provide any different level of security than closed source.

Um how? It proves that OSS is not perfect. No one ever claimed otherwise. An isolated incident proves nothing about the reltive security of the two.

OpenBSD (OSS) has had a couple of security flaws over the years. Windows 95 also had "some". Doesn't mean they're equally secure.

xubuntu seems patched

[Marrow]

libgnutls26:amd64 2.12.23-1ubuntu4.2

zless /usr/share/doc/libgnutls26/changelog.Debian.gz

gnutls26 (2.12.23-1ubuntu4.2) saucy-security; urgency=medium

    * SECURITY UPDATE: certificate validation bypass
        - debian/patches/CVE-2014-0092.patch: correct return codes in
            lib/x509/verify.c.
        - CVE-2014-0092

  -- Marc Deslauriers Mon, 03 Mar 2014 14:14:00 -0500

Re:Trust No One

[mark-t]

EIght years is better than never.

This bug was fixed the same day that it became public knowledge. Unless the bug was discovered by the internal team, this will never be case with closed source.

Re:If GNUTls is unneeded, then create a NO-OP libr

[Sipper]

There are several places in which GnuTLS is used for encryption but not authentication such as MTA (email) transfers over TLS (at least most of the time).

Huh? Even for SSMTP, certificates can -- and must! -- be checked.

I think you mean ESMTPS. And no, usually TLS certificates are not checked by default (they can be, optionally); many TLS certificates used for ESMTPS are not signed by a CA, so there's nothing to check them against. There's also a new DANE protocol where domains that are using DNSSEC can specify TLS certificate details for mail in the DNS record for the domain, but this is currently not popular (supposedly only about 20 domains are using it). Other issues with this are that a number of DNS servers haven't implemented DNSSEC, and a number of MTAs haven't implemented the DANE protocol either.

And we don't want the situation where mail domains have to have thier TLS certificate signed by a CA, because that gets back into the mess of "which CAs are trustworthy" for mail purposes, paying fees for SSL certificate signatures, and so on. It's better to at least have encrypted email transfers than to only allow encrypted transfers from authenticated senders.

Re:Trust No One

Maybe it just prove that you should use the tested variant even if you don't like the license. Most people use openSSL and even gnuTLS was fixed before it hit the news (a month ago). If it proves something, it proves that some people are too ideologically entrenched. There is really good and reviewed stuff out there and then come the GPL evangelists, writing stuff again and a little bit different just to make a point and sometime a little bit too different.

Re:If GNUTls is unneeded, then create a NO-OP libr

[swillden]

It's better to at least have encrypted email transfers than to only allow encrypted transfers from authenticated senders.

Better in what sense? Without authentication MITM attacks are trivial, making the encryption irrelevant.

If what you say is true (and it probably is) then the state of e-mail security is even worse than I thought it was. Most mail providers don't support TLS anyway, but without authentication it doesn't really matter if they do.

Re:Trust No One

It's not a question of "liking" the licence, it's a question of legally being allowed to use it or not.

Open Source commercial

[peppepz]

And while Apple can readily fix a bug in its own software, at least for users who keep up on patches, "Linux" refers to a broad range of systems and vendors, rather than a single company, and the affected systems include some of the biggest names in the Linux world, like Red Hat, Debian, and Ubuntu.

And thanks to the LGPL license of GnuTLS, all the users have the possibility to upgrade their systems, independently of whether Red Hat, Debian, Ubuntu, Apple, Microsoft believe that maintaining those systems is still commercially convenient or not. GPLv3 would be better, as it would give the users the warranty of being able to actually install the updated code into their devices, which is important for non-PCs.

Re:Trust No One

I prefer Aldis Lamps. They're quite versatile - we just did a performance of Julius Caesar with them.

WoW Just in time for April 8th

I'd hate to think some people are being bankrolled to vilify Linux just as Windows XP is dumped and new operating systems are under consideration.

What a coincidence given this is old news, patchable and SSL'able. How cynical of me.

Trolling timothy

And while Apple can readily fix a bug in its own software, at least for users who keep up on patches, "Linux" refers to a broad range of systems and vendors, rather than a single company, and the affected systems include some of the biggest names in the Linux world, like Red Hat, Debian, and Ubuntu.

What a trolling comment. Each Linux distro is an OS in its own right. Red Hat, Debian and Canonical can also readily fix a bug in their distros and have a good record of releasing fixes fast when it comes to security issues.

March != April

[Just+Brew+It!]

Looks like someone can't tell the difference between "March" and "April". Hint: "April" is the one that starts with an "A".

The major distros posted patches for this flaw to their repositories within a day or two of it being made public. (Not to say that it isn't embarrassing for stuff like this to make it into the codebase; but at least it was fixed quickly once it was discovered.)

I researched into this and OpenSSL' bugs, and..

The GnuTLS bug is freakishly easy to exploit. The OpenSSL bug at least requires you to modify your code to exploit the bug. This one is almost work-free.

If the same bug appears on OpenSSL, I would immediately disable all SSL related applications.

Thank god nothing uses GnuTLS...except aptitude.

(I am a security researcher who spent a day or 2 researching these 2 bugs)

Microsoft PR Fail

[darkonc]

I don't mind the heads-up about a little-used piece of Gnu software (as pointed out, most distros push OpenSSL), but I do mind astro-turfing the Microsoft PR line of "Nobody's responsible if Linux fails!"

The irony, of course, is that most people haven't read Microsoft's EULA which effectively says 'Not only are we not responsible if Windows fails, but we'll sue you if you try to fix it yourself.'

This is really gonna bite the hundreds of millions running XP who will be orphaned this year when Microsoft stops supporting it. Not only do they face the prospect, in a matter of weeks, of never again seeing security updates from Microsoft, but it will be illegal to even try to fix future bugs themselves (or hire a third party to do it).

This last bit is something that Linux users have as a right

Re:If GNUTls is unneeded, then create a NO-OP libr

[Xylantiel]

MITM requires active interception to eavsdrop, wheras an unencrypted connection is vulnerable to passive eavesdropping. That is the sense in which an encrypted but not properly authenticated connection is "better". Also if the ID of the offered certificate is logged it is possible to audit for a MITM attack after the fact. According to Snowden, the NSA can crack 1024 bit certs' private keys. So really even properly verifying the cert is not secure depending on who your adversary is.

Linux is not an Operating System

[therealprologic]

Can we please stop refereing to Linux as if it's an Operating System!? We properly call Apple's Operating System OS X and their mobile variant iOS. We don't call it Darwin now do we? Come on guys! Get it right. This affects RHEL, CentOS, Debian, Ubuntu, Arch, CRUX, etc, etc and anyone else that happens to use the GNU TLS Software in question. Which brings me to another point... What is the software here that's actually affected? gnupgp?

Re:Linux is not an Operating System

[philip.paradis]

GnuPG implements RFC4880. See also the OpenPGP alliance. GnuTLS implements SSL, TLS and DTLS. See also OpenSSL and PolarSSL.

Your userland software may or may not link against GnuTLS. It's probably more likely to link against OpenSSL.

It's important to understand the mechanisms involved with software that provides facilities for securing information both locally and in transit to others. It's nearly as important to do a bit of research on said mechanisms before engaging in discussions on them.

goto

Just try to write an assembler program without using a goto: B R12

Re:goto

1) No-one on this thread has criticised the use of goto in the first place, so you don't need to jump in and defend it.
2) Neither this nor the Apple bug have anything to do with the use of goto - in both cases the code happens to use goto, but both the errors could still have occurred without it.
3) The arguments against using goto are to do with code maintainability, which by some strange coincidence is also why very few people write programs in assembly language these days, so using assembly to defend goto isn't a very effective argument.

Re:If GNUTls is unneeded, then create a NO-OP libr

[Sipper]

If what you say is true (and it probably is) then the state of e-mail security is even worse than I thought it was. Most mail providers don't support TLS anyway, but without authentication it doesn't really matter if they do.

Actually it's quite common for email providers to support TLS transfers today. And the reason I think that's true is that one isn't required to purchase a CA-signed certificate to get that working. If we all had to purchase a CA-signed certificate, I think it would become more rare to see TLS transfers to/from privately-held servers.

If you look at the mail headers for email you receive, you're likely to find "smtps" or "esmtps" in the Received: lines which indicates that it was sent via a TLS transfer. Most mailing list traffic is often done without TLS, though there are exceptions -- Debian's mailing lists still use TLS transfers, which is good.

routers, package management, vpn

[merriam]

Generally you're right to point to router security, but I don't think it's relevant here. Router software package installation -- where you might think you want tls to fetch the package safely -- should be using package signatures rather than relying on tls.

Article writer Dan Goodin missed this point in his first draft. He thought he had a story, and failed at the fact-checking stage.

Would you rely on X.509 for a vpn? The implementation is irrelevant.

ATMs, no. Web banking really does have a problem, and it's much bigger than bugs in tls.

I think David Jao and others are right, and this is not news.

Re:Trust No One

[exomondo]

This bug was fixed the same day that it became public knowledge.

What do you mean "public knowledge"? The code was always there, the bug was always "public knowledge". I think what you really mean is "responsibly disclosed" which also happens regularly in closed-source software.

Re:Trust No One

[mark-t]

The code was always public knowledge.. the bug itself was still unknown until its discovery last month. With closed source, the only way to find a bug is by seeing it happen in a live running instance, while with open source bugs can also be discovered by individuals through inspection of the code itself.

Also, with open source, a programmer or programming team can effect the necessary fixes themselves if they are unsatisfied with the speed of the software development team, while with closed source, absolutely everyone must wait for the software's dev team to address the issue.

Re:Trust No One

[exomondo]

The code was always public knowledge.. the bug itself was still unknown until its discovery last month.

Unknown to who? Everybody? You really think responsible disclosure is unique to closed source software? It isn't.

Also, with open source, a programmer or programming team can effect the necessary fixes themselves if they are unsatisfied with the speed of the software development team, while with closed source, absolutely everyone must wait for the software's dev team to address the issue.

Yeah nobody disputed that, you're getting confused.

Re:If GNUTls is unneeded, then create a NO-OP libr

[dkf]

MITM requires active interception to eavsdrop

It's not like it's impossible to have toolkits for making active interception nearly trivial to do (provided you've got the hardware to run it on) and if you're thinking about ISPs or governments as the attackers, they've got access to the sorts of hardware which can run active interception on a massive scale.

Your main defence against them is that your life is very boring and ordinary and they don't give a shit about you. It's the other major group of attackers — plain old criminals who want to steal your money or your identity — who you're really protecting against.

lots of code...

...lots of bugs.

The X509 directory for openssl contains 25k lines of C code.
GnuTLS has 35k lines of C.

parsing X509 is a mess, so I expect a lot more bugs... it's not paranoia, just that lots of code mean lots of bugs... and bugs are easy when coding in C....

But but

[sproketboy]

Oracle installs the Ask toolbar!!!!!!!!!!!!!!

Oh, *those* bugs

[whitroth]

The ones that were fixed by the updates for all RHEL-derived distros, like CentOS, a month ago?

                  mark

Old news

[rafjaimes]

Wow who submitted this? This is over a month old and was already on slashdot when it was breaking. Everyone should be patched by now.

Re:If GNUTls is unneeded, then create a NO-OP libr

[swillden]

And the reason I think that's true is that one isn't required to purchase a CA-signed certificate to get that working. If we all had to purchase a CA-signed certificate, I think it would become more rare to see TLS transfers to/from privately-held servers.

I think you're arguing that would be a bad thing, but in reality it'd be a nearly-irrelevant thing. Without authentication, encryption protects only against the most casual of snoopers, most of whom wouldn't be able to sniff the packets anyway.

Re:If GNUTls is unneeded, then create a NO-OP libr

[swillden]

MITM requires active interception to eavsdrop, wheras an unencrypted connection is vulnerable to passive eavesdropping.

Yes, of course. However, in practice the set of real-world circumstances in which an attacker manages to get sufficient physical access to eavesdrop without also getting sufficient physical access to perform active attacks are vanishingly small, at least in the wired networking space. For wireless it's different, of course (assuming there's no link-layer encryption applied), but inter-MTA transfers are almost never wireless.

Re:If GNUTls is unneeded, then create a NO-OP libr

[Sipper]

And the reason I think that's true is that one isn't required to purchase a CA-signed certificate to get that working. If we all had to purchase a CA-signed certificate, I think it would become more rare to see TLS transfers to/from privately-held servers.

I think you're arguing that would be a bad thing, but in reality it'd be a nearly-irrelevant thing.

No. The word "reality" doesn't apply here, because what you're describing isn't what's being actually done for SMTP.

Without authentication, encryption protects only against the most casual of snoopers, most of whom wouldn't be able to sniff the packets anyway.

No, but I understand why you'd think this, as it seems to be a common misconception. If you have a specific example to illustrate this case, that would help.

Re:If GNUTls is unneeded, then create a NO-OP libr

[swillden]

No, but I understand why you'd think this, as it seems to be a common misconception. If you have a specific example to illustrate this case, that would help.

MITM attack.

Re:If GNUTls is unneeded, then create a NO-OP libr

[Sipper]

No, but I understand why you'd think this, as it seems to be a common misconception. If you have a specific example to illustrate this case, that would help.

MITM attack.

That's not a specific example related to TLS or encryption, it's a vague attack classification. The reason I'm asking the question is to find out if there is an actual issue, and so a vague answer like this cannot help our understanding any.

Oh well. OpenSSL apparently has a vulnerability too. sigh :-/

Re:If GNUTls is unneeded, then create a NO-OP libr

[swillden]

I feel like I'm spelling out the obvious, but: mail server A opens a TLS connection to mail server B to transfer mail, which starts with a TLS handshake, requiring B to send its public key A. The attacker intercepts the message and sends his public key to A, and completes the handshake with both sides, then proceeds to happily pass the data through reading all of it, since he has the session keys on both sides.

Zontar the mentalboy

Zontar's "touched in the head" by schizophrenic multiple personality disorder http://slashdot.org/comments.p... and manic depression http://slashdot.org/comments.p... now go take those meds, you whacko!

Zontar, don't pray (take your meds)

Zontar's posts ac evidencing schizophrenic multiple personality disorder http://slashdot.org/comments.p... and manic depression http://slashdot.org/comments.p... now go take those meds you need whacko since when you startup ac posts we know that your mpd is kicking in again and you need a dose!

Zontar, did you read your prescription?

For your schizophrenic multiple personality disorder http://slashdot.org/comments.p... + manic depression http://slashdot.org/comments.p... now go take those meds, you whacko!

Re:If GNUTls is unneeded, then create a NO-OP libr

[Sipper]

I feel like I'm spelling out the obvious, but: mail server A opens a TLS connection to mail server B to transfer mail, which starts with a TLS handshake, requiring B to send its public key A. The attacker intercepts the message and sends his public key to A, and completes the handshake with both sides, then proceeds to happily pass the data through reading all of it, since he has the session keys on both sides.

You've skipped over the PFS key exchange portion used in TLS.

https://en.wikipedia.org/wiki/...
https://en.wikipedia.org/wiki/...
https://en.wikipedia.org/wiki/...

Maybe the MITM exploit you're talking about is possible, I don't know.

Re:If GNUTls is unneeded, then create a NO-OP libr

[swillden]

It is. There are many tools out there that implement it. It's the whole reason that we use CAs -- not that they're an ideal solution to the problem, but without some way to verify the authenticity of the public key you're using to bootstrap the key exchange, any PK-based key agreement protocol is subject to MITM attacks.

Re:If GNUTls is unneeded, then create a NO-OP libr

[Sipper]

It is. There are many tools out there that implement it. It's the whole reason that we use CAs -- not that they're an ideal solution to the problem, but without some way to verify the authenticity of the public key you're using to bootstrap the key exchange, any PK-based key agreement protocol is subject to MITM attacks.

MITM can be an issue. More detailed information about the state of things at the link below.

https://wiki.exim.org/lurker/m...

Hey bigmouth bullshitter... apk

See you here http://tech.slashdot.org/comme... you bigmouthed little nobody...

APK

P.S.=> Have the balls to show up there in the link above to reply to it (& NOT days later like you did, LONG after I left that thread!)

NOW, in the link above, I simply tore you apart in it vs. your "so-called 'points'" that you "amended" bogusly, changing your parameters/constraints there!

(& I am going to rip you a new asshole there YET AGAIN, publicly, for your BIG mouth you little shit - prepare to be utterly humiliated, publicly...)

... apk

Zontar = sockpuppeteer & lying libeling troll

"You barge into discussions with your off-topic hosts file nonsense" - by Zontar The Mindless (9002) on Friday April 11, 2014 @09:51PM (#46731153) FROM -> http://slashdot.org/comments.p...

You said my "APK Hosts File Engine" is a virus/malware http://slashdot.org/comments.p... but it's EASILY PROVABLE it's not, right there in that link too.

Now PROVE YOUR FALSE ACCUSATION above: Show me a quote OR POST of me posting off topic on hosts where they did NOT apply... go for it!

---

You avoided backing up your accusation where YOU said I say you are Barbara, not Barbie = TomHudson (same person http://tech.slashdot.org/comme... , & sockpuppeteer like you) -> http://slashdot.org/comments.p...

Funny you can't back up your "bluster" there either, lol...

---

Why, Lastly?

You're crackers! See here multiple personality disorder http://slashdot.org/comments.p... + manic depression http://slashdot.org/comments.p...

APK

P.S.=> So, THIS quote below is my policy on sockpuppeteers like you Zontar = TrollingForHostsFiles (your sockpuppetry):

"The only way to a achieve peace, is thru the ELIMINATION of those who would perpetuate war (sockpuppet masters like YOU, troll -> http://slashdot.org/comments.p... ). THIS IS MY PROGRAMMING -> http://start64.com/index.php?o... & soon, I will be UNSTOPPABLE..." - Ultron 6 FROM -> http://www.youtube.com/watch?v...

Which quite obviously, I am, since none of you DOLTISH TROLLS are able to validly technically disprove my points on hosts enumerated in the link to my program above of how hosts give users of them more speed, security, reliability, & anonymity... period!

(Trolls like YOU that use sockpuppets http://slashdot.org/comments.p... (your sockpuppet "alterego" TrollingForHostsFiles) & TomHudson - Barbara, not Barbie too http://tech.slashdot.org/comme... before you)

... apk

Zontar = sockpuppeteer & lying libeling troll

"You barge into discussions with your off-topic hosts file nonsense" - by Zontar The Mindless (9002) on Friday April 11, 2014 @09:51PM (#46731153) FROM -> http://slashdot.org/comments.p...

You said my "APK Hosts File Engine" is a virus/malware http://slashdot.org/comments.p... but it's EASILY PROVABLE it's not, right there in that link too.

Now PROVE YOUR FALSE ACCUSATION above: Show me a quote OR POST of me posting off topic on hosts where they did NOT apply... go for it!

---

You avoided backing up your accusation where YOU said I say you are Barbara, not Barbie = TomHudson (same person http://tech.slashdot.org/comme... , & sockpuppeteer like you) -> http://slashdot.org/comments.p...

Funny you can't back up your "bluster" there either, lol...

---

Why, Lastly?

You're crackers! See here multiple personality disorder http://slashdot.org/comments.p... + manic depression http://slashdot.org/comments.p...

APK

P.S.=> So, THIS quote below is my policy on sockpuppeteers like you Zontar = TrollingForHostsFiles (your sockpuppetry):

"The only way to a achieve peace, is thru the ELIMINATION of those who would perpetuate war (sockpuppet masters like YOU, troll -> http://slashdot.org/comments.p... ). THIS IS MY PROGRAMMING -> http://start64.com/index.php?o... & soon, I will be UNSTOPPABLE..." - Ultron 6 FROM -> http://www.youtube.com/watch?v...

Which quite obviously, I am, since none of you DOLTISH TROLLS are able to validly technically disprove my points on hosts enumerated in the link to my program above of how hosts give users of them more speed, security, reliability, & anonymity... period!

(Trolls like YOU that use sockpuppets http://slashdot.org/comments.p... (your sockpuppet "alterego" TrollingForHostsFiles) & TomHudson - Barbara, not Barbie too http://tech.slashdot.org/comme... before you)

... apk

Zontar = sockpuppeteer & lying libeling troll

"You barge into discussions with your off-topic hosts file nonsense" - by Zontar The Mindless (9002) on Friday April 11, 2014 @09:51PM (#46731153) FROM -> http://slashdot.org/comments.p...

You said my "APK Hosts File Engine" is a virus/malware http://slashdot.org/comments.p... but it's EASILY PROVABLE it's not, right there in that link too.

Now PROVE YOUR FALSE ACCUSATION above: Show me a quote OR POST of me posting off topic on hosts where they did NOT apply... go for it!

---

You avoided backing up your accusation where YOU said I say you are Barbara, not Barbie = TomHudson (same person http://tech.slashdot.org/comme... , & sockpuppeteer like you) -> http://slashdot.org/comments.p...

Funny you can't back up your "bluster" there either, lol...

---

Why, Lastly?

You're crackers! See here multiple personality disorder http://slashdot.org/comments.p... + manic depression http://slashdot.org/comments.p...

APK

P.S.=> So, THIS quote below is my policy on sockpuppeteers like you Zontar = TrollingForHostsFiles (your sockpuppetry):

"The only way to a achieve peace, is thru the ELIMINATION of those who would perpetuate war (sockpuppet masters like YOU, troll -> http://slashdot.org/comments.p... ). THIS IS MY PROGRAMMING -> http://start64.com/index.php?o... & soon, I will be UNSTOPPABLE..." - Ultron 6 FROM -> http://www.youtube.com/watch?v...

Which quite obviously, I am, since none of you DOLTISH TROLLS are able to validly technically disprove my points on hosts enumerated in the link to my program above of how hosts give users of them more speed, security, reliability, & anonymity... period!

(Trolls like YOU that use sockpuppets http://slashdot.org/comments.p... (your sockpuppet "alterego" TrollingForHostsFiles) & TomHudson - Barbara, not Barbie too http://tech.slashdot.org/comme... before you)

... apk

Cat got your tongue? (something important seems t

That shit is 1-2 months old and it was fixed imidietly