North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

CERT Advisory - CA-95:03a REVISED Telnet Encryption Vulnerability

  • From: CERT Advisory
  • Date: Fri Mar 03 17:37:01 1995

=============================================================================
CA-95:03a                         CERT Advisory
                                  March 3, 1995
                   REVISED  Telnet Encryption Vulnerability
-----------------------------------------------------------------------------

                   *** THIS IS A REVISED CERT ADVISORY ***
    *** A portion of the patch was accidentally omitted from Appendix B 
    in the original release of CA-95:03. This revision contains a new,
    complete Appendix B.***

The CERT Coordination Center has received reports of a serious security
problem in the Berkeley Telnet clients that provide support for the
experimental Telnet encryption option using the Kerberos V4 authentication.
All known released versions of the BSD Telnet that support Kerberos V4
authentication and encryption are affected.

We recommend that all sites that use encrypted telnet in conjunction with
Kerberos V4 obtain a patch or upgraded version of Telnet according to the
instructions in Section III below.

As we receive additional information relating to this advisory, we will
place it, along with any clarifications, in a CA-95:03a.README file. CERT
advisories and their associated README files are available by anonymous 
FTP from info.cert.org. We encourage you to check the README files 
regularly for updates on advisories that relate to your site.

---------------------------------------------------------------------------

I.   Description

     There is a vulnerability in Berkeley Telnet clients that support
     encryption and Kerberos V4 authentications. This vulnerability
     substantially reduces the effectiveness of the encryption.

II.  Impact

     Anyone who can access and read packets that make up the encrypted
     Telnet session can easily decrypt the session. This is possible, for
     example, when an intruder uses a packet sniffer on the network to
     intercept the Telnet sessions.

III. Solution

     Obtain and install the appropriate patch according to the instructions
     included with the patch.

     In Appendix A is a summary of the vendors who have reported to us and 
     the status they provided, including how to obtain patches.  This 
     information is reproduced in the README file associated with this 
     advisory.  We will update the README file as we receive more information 
     from vendors.
     
---------------------------------------------------------------------------
The CERT Coordination Center wishes to thank Theodore Ts'o of the
Massachusetts Institute of Technology for identifying and developing a
solution to this problem. We also thank Douglas Engert of Argonne National
Laboratory for pointing out the omission in our original Appendix B.
---------------------------------------------------------------------------

If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in Forum of Incident Response
and Security Teams (FIRST).

If you wish to send sensitive incident or vulnerability information to CERT
staff by electronic mail, we strongly advise that the e-mail be encrypted.
The CERT Coordination Center can support a shared DES key, PGP (public key
available via anonymous FTP on info.cert.org), or PEM (contact CERT staff
for details).

Internet E-mail: [email protected]
Telephone: +1 412-268-7090 (24-hour hotline)
           CERT personnel answer 8:30 a.m.-5:00 p.m. EST(GMT-5)/EDT(GMT-4),
           and are on call for emergencies during other hours.
Fax: +1 412-268-6989

CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
USA

Past advisories, CERT bulletins, information about FIRST representatives,
and other information related to computer security are available for
anonymous FTP from info.cert.org.

CERT is a service mark of Carnegie Mellon University.
.............................................................................

Appendix A: Vendor Information

CA-95:03a.README
Issue date: March 3, 1995

This file is a supplement to CERT advisory CA-95:03a, "Telnet Encryption
Vulnerability" and will be updated as additional information becomes
available.  

This README supersedes CA-95:03.README.

As of March 3, 1995, information from Digital Equipment Corporation and
Sequent Computer Systems has been added to the original text.

Below is information we have received from vendors who have patches available
or upcoming, along with names of vendors who have reported that their
products do not have the problem.

If you have an encrypting Telnet from a vendor who is not listed, please
contact that vendor for information regarding how to get a fixed version.

     Vendor or Source                     Status
     ----------------                     ------------
     Berkeley SW Distribution (BSD)       source-code patch available from
                                          Berkeley; also in Appendix B of 
                                          this advisory
     Data General Corporation             not affected by the vulnerability
     Digital Equipment Corporation	  not affected by the vulnerability
     FTP Software, Inc.                   patch available
     Harris NightHawk System              not affected by the vulnerability
     Hewlett-Packard Company              not affected by the vulnerability
     Nat'l. Center for Supercomputer
       Applications (NCSA)                upgrade available
     Open Software Foundation             not affected by the vulnerability
     The Santa Cruz Operation, Inc.(SCO)  not affected by the vulnerability
     Sequent Computer Systems		  not affected by the vulnerability
     Sun Microsystems, Inc.               not affected by the vulnerability

   
PATCH INFORMATION
-------------
Berkeley Software Distribution (BSD)

     A source-code patch, along with the domestic version of the most
     recently released Telnet sources from Berkeley, are available by
     anonymous FTP from
     
         net-dist.mit.edu:/pub/telnet/telnet.patch
         MD5 65d56befe3d0f1699d38de5509552578

     There is also a PGP ASCII signature file for the patch in
         
          net-dist.mit.edu:/pub/telnet/telnet.patch.sig
          
     This patch can also be found in CERT Advisory CA-95:03a, Appendix B.
     (Note: Do not calculate a checksum for Appendix B alone. It will not
     match the checksum of the FTP version of the patch because the tabs in
     the FTP copy have been replaced with blank spaces in the CA-95:03a
     Appendix B copy.)

-------------
FTP Software, Inc.

     Customers of FTP Software with an encrypting telnet (provided in the
     PC/TCP or OnNet packages) should call the FTP technical support line
     at 1-800-282-4387 and ask for the "tn encrypt patch".

-------------
National Center for Supercomputer Applications (NCSA)

     Users of NCSA Telnet should upgrade to the NCSA Telnet 2.6.1d7, AND
     install the appropriate Kerberos plug-in which are available by
     anonymous FTP from ftp.ncsa.uiuc.edu

     Upgrade

        /Mac/Telnet/Telnet2.6/prerelease/d7/Telnet2.6.1d7(68K).sit.hqx
        MD5  b34b9fda59421b3b83f8df08a83f83b5

        /Mac/Telnet/Telnet2.6/prerelease/d7/Telnet2.6.1d7(fat).sit.hqx
        MD5  877add7c3d298111889fc3f2f272ce6f

     Kerberos plug-ins

	/Mac/Telnet/Telnet2.6/prerelease/AuthMan.plugin.1.0b1.hqx
	MD5  df727eae184b22125f90ef1a31513fd4
        
        /Mac/Telnet/Telnet2.6/prerelease/Kerberos_Telnet_plugin.sit.hqx
        MD5  dbda691efe9038648f234397895c734d

     Questions regarding NCSA Telnet should be directed to
     [email protected]



.............................................................................

Appendix B: Patch for Vulnerability in Telnet Encryption Option
Omission error corrected March 3, 1995
See CA-95:03a.README for updated information.  

Index: auth.c
===================================================================
RCS file: /mit/krb5/.cvsroot/src/appl/telnet/libtelnet/auth.c,v
retrieving revision 5.5
retrieving revision 5.7
diff -u -r5.5 -r5.7
--- auth.c      1994/08/18 21:06:45     5.5
+++ auth.c      1994/11/08 04:39:02     5.7
@@ -244,7 +244,7 @@
 {
        register int x;
 
-       if (strcasecmp(type, AUTHTYPE_NAME(0))) {
+       if (!strcasecmp(type, AUTHTYPE_NAME(0))) {
                *maskp = -1;
                return(1);
        }
@@ -260,14 +260,14 @@
 
        int
 auth_enable(type)
-       int type;
+       char * type;
 {
        return(auth_onoff(type, 1));
 }
 
        int
 auth_disable(type)
-       int type;
+       char * type;
 {
        return(auth_onoff(type, 0));
 }
@@ -277,15 +277,20 @@
        char *type;
        int on;
 {
-       int mask = -1;
+       int i, mask = -1;
        Authenticator *ap;
 
        if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) {
                 printf("auth %s 'type'\n", on ? "enable" : "disable");
                printf("Where 'type' is one of:\n");
                printf("\t%s\n", AUTHTYPE_NAME(0));
-               for (ap = authenticators; ap->type; ap++)
+               mask = 0;
+               for (ap = authenticators; ap->type; ap++) {
+                       if ((mask & (i = typemask(ap->type))) != 0)
+                               continue;
+                       mask |= i;
                        printf("\t%s\n", AUTHTYPE_NAME(ap->type));
+               }
                return(0);
        }
 
@@ -293,7 +298,6 @@
                printf("%s: invalid authentication type\n", type);
                return(0);
        }
-       mask = getauthmask(type, &mask);
        if (on)
                i_wont_support &= ~mask;
        else
@@ -317,16 +321,22 @@
 auth_status()
 {
        Authenticator *ap;
+       int i, mask;
 
        if (i_wont_support == -1)
                printf("Authentication disabled\n");
        else
                printf("Authentication enabled\n");
 
-       for (ap = authenticators; ap->type; ap++)
+       mask = 0;
+       for (ap = authenticators; ap->type; ap++) {
+               if ((mask & (i = typemask(ap->type))) != 0)
+                       continue;
+               mask |= i;
                printf("%s: %s\n", AUTHTYPE_NAME(ap->type),
                        (i_wont_support & typemask(ap->type)) ?
                                        "disabled" : "enabled");
+       }
        return(1);
 }
 
Index: kerberos.c
===================================================================
RCS file: /mit/krb5/.cvsroot/src/appl/telnet/libtelnet/kerberos.c,v
retrieving revision 5.5
retrieving revision 5.8
diff -u -r5.5 -r5.8
--- kerberos.c  1994/08/18 21:07:02     5.5
+++ kerberos.c  1994/11/14 21:33:58     5.8
@@ -225,9 +225,10 @@
                register int i;
 
                des_key_sched(cred.session, sched);
-               des_set_random_generator_seed(cred.session);
-               des_new_random_key(challenge);
-               des_ecb_encrypt(challenge, session_key, sched, 1);
+               des_init_random_number_generator(cred.session);
+               des_new_random_key(session_key);
+               des_ecb_encrypt(session_key, session_key, sched, 0);
+               des_ecb_encrypt(session_key, challenge, sched, 0);
                /*
                 * Increment the challenge by 1, and encrypt it for
                 * later comparison.
@@ -320,6 +321,11 @@
                        break;
                }
 
+               /*
+                * Initialize the random number generator since it's
+                * used later on by the encryption routine.
+                */
+               des_init_random_number_generator(session_key);
                des_key_sched(session_key, sched);
                memcpy((void *)datablock, (void *)data, sizeof(Block));
                /*
@@ -337,7 +343,7 @@
                 * increment by one, re-encrypt it and send it back.
                 */
                des_ecb_encrypt(datablock, challenge, sched, 0);
-               for (r = 7; r >= 0; r++) {
+               for (r = 7; r >= 0; r--) {
                        register int t;
                        t = (unsigned int)challenge[r] + 1;
                        challenge[r] = t;       /* ignore overflow */

Index: commands.c
===================================================================
RCS file: /mit/krb5/.cvsroot/src/appl/telnet/telnet/commands.c,v
retrieving revision 5.14
retrieving revision 5.16
diff -u -r5.14 -r5.16
--- commands.c  1994/08/18 21:07:37     5.14
+++ commands.c  1994/11/08 06:42:49     5.16
@@ -1919,8 +1919,8 @@
 };
 
 extern int
-       auth_enable P((int)),
-       auth_disable P((int)),
+       auth_enable P((char *)),
+       auth_disable P((char *)),
        auth_status P((void));
 static int
        auth_help P((void));
@@ -1959,6 +1959,12 @@
 {
     struct authlist *c;
 
+    if (argc < 2) {
+      fprintf(stderr,
+          "Need an argument to 'auth' command.  'auth ?' for help.\n");
+      return 0;
+    }
+
     c = (struct authlist *)
                genget(argv[1], (char **) AuthList, sizeof(struct authlist));
     if (c == 0) {
@@ -2015,7 +2021,7 @@
                                                EncryptEnable, 1, 1, 2 },
     { "disable", "Disable encryption. ('encrypt enable ?' for more)",
                                                EncryptDisable, 0, 1, 2 },
-    { "type", "Set encryptiong type. ('encrypt type ?' for more)",
+    { "type", "Set encryption type. ('encrypt type ?' for more)",
                                                EncryptType, 0, 1, 1 },
     { "start", "Start encryption. ('encrypt start ?' for more)",
                                                EncryptStart, 1, 0, 1 },
@@ -2058,6 +2064,12 @@
     char *argv[];
 {
     struct encryptlist *c;
+
+    if (argc < 2) {
+       fprintf(stderr,
+           "Need an argument to 'encrypt' command.  'encrypt ?' for help.\n");
+       return 0;
+    }
 
     c = (struct encryptlist *)
                genget(argv[1], (char **) EncryptList, sizeof(struct encryptlist));