Bugzilla – Bug 857200
VUL-0: CVE-2013-7252: kdeutils3: kwallet: crypto misuse
Last modified: 2020-05-12 17:40:20 UTC
OSS:11784 CVE-2013-7252 Short summary: kwallet uses Blowfish to encrypt its password store, and despite an attempt at implementing CBC mode (in a file called cbc.cc no less), it's actually ECB mode. UTF-16 encoding combined with Blowfish's 64 bit block size means there are just four password characters per block. Encryption is convergent as well. This may enable recovery of passwords through codebook attacks. References: http://comments.gmane.org/gmane.comp.security.oss.general/11784 http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/
bugbot adjusting priority
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2014-07-21. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/58192
Affected packages: SLE-11-SP3: kdeutils3
ping
release is 3 weeks overtime already but well , lets reassign to an actual kde maintainer, antonio...
another month later ... still planned or can we drop this patchinfo ?
Oops, I'm sorry, I didn't noticed I was assigned this one. It seems kwallet has now moved to use GPG based encryption by default (in addition to the blowfish file format for backward compatibility and as an option for new wallets). In my opinion, the way to proceed would be porting this GPG based encryption backend from the latest kwallet (4.12 or 4.13 if I remember correctly) to the version used in SLE11 SP3 . This would mean some small UI changes (when creating a new wallet, the user is asked which encryption method should be used) which means a few new sentences would need to be translated too. Is everyone ok with that approach?
(In reply to Antonio Larrosa from comment #8) Do you see a way of moving existing wallets away from the insecure variant to the new GPG based encryption? Besides that I'm fine with this approach as long as we can make the safe variant the default and warn of the use of the other option.
I'm looking into implementing the gpg based file format for new wallets but I think moving existing wallets from the insecure format to the gpg based format is out of the scope of this bug. Mainly when not even upstream has this feature. As a workaround for this, the user can create a new wallet, move the passwords from the old wallet to the new one and make the new one the default. That's what's recommended in the kwalletmanager manual ( Look for "To use your sensitive data from your classic wallet with the new backend follow these steps:" at https://docs.kde.org/stable/en/kdeutils/kwalletmanager/introduction.html ).
Hmm, there was this which I think is the issue: from oss-sec The following KDE Project Security Advisory was issued at https://www.kde.org/info/security/advisory-20150109-1.txt . > Title: Fix kwalletd CBC encryption handling > Risk Rating: Low > Platforms: All > Versions: kwalletd < Applications 14.12.1, KF5::KWallet < 5.6.0 > Author: Valentin Rusu <kde@rusu.info> > Date: 9 January 2015 > > Overview > ======== > > Until KDE Applications 14.12.0, kwalletd incorrectly handled CBC encryption blocks when > encrypting secrets in kwl files. The secrets were still encrypted, but the > result binary data corresponded to an ECB encrypted block instead of CBC. > > Impact > ====== > > The ECB encryption algorithm, even if it'll scramble user data, it'll produce > same encrypted byte sequence for the same input text. As a result, attackers > may eventually find-out the encrypted text. > > Solution > ======== > > For kde-runtime KWallet upgrade to KDE Applications 14.12.1 or apply the following patch: > http://quickgit.kde.org/?p=kde-runtime.git&a=commit&h=14a8232d0b5b1bc5e0ad922292c6b5a1c501165c > > For KDE Frameworks 5 KWallet upgrade to 5.6.0 or apply the following patch: > http://quickgit.kde.org/?p=kwallet.git&a=commit&h=6e588d795e6631c3c9d84d85fd3884a159b45849 > > Credits > ======= > > Thanks to Itay Duvdevani for finding the issue and for letting us know. > Thanks to Valentin Rusu for implementing the fix.
I submitted a patch that fixes this (as well as compilation of the package, that was failing because of broken patches) in https://build.suse.de/request/show/49638 . The fix includes the whole gpg encryption support from upstream as well as the patch mentioned by Marcus in #c11 . This means there are new dialogs and new strings to be translated. I'll try to backport the translations in the following days too.
Thanks, Antonio. As this is a security update, I'll hand this over.
(In reply to Antonio Larrosa from comment #13) Thank you for the submit. Can you please notify us once you have the translations for the dialogs?
any update on 10-sp3 ?
(In reply to Ruediger Oertel from comment #16) > any update on 10-sp3 ? 10-sp3 uses kde3. kwallet is very similar but even older. Since the new dialogs are using designer ui files, and also the rest of the patch is quite big, I think I would probably need to redo all the dialogs as well as change the use of some classes that might be too new for the Qt/kdelibs version included. Also, for example, this patch requires libgcrypt 1.5.0 and 10-sp3 only includes 1.2.2, so that package would need to be upgraded too. Is it worth the effort to fix this for 10-sp3 ? As of the translations, I forgot about them, but I'll try to get them done asap.
I just created the submit request for the translations: https://build.suse.de/request/show/52498 I had it done last friday, but the compilation of the package failed due to a dereferenced entity being defined in ark manpages in several languages . That was unrelated to my new translations, but I've fixed that too and included it in the submit request so now the package compiles correctly. Is there anything else that I need to do for this bug?
(In reply to Antonio Larrosa from comment #20) Since ppc/ppc64 builds were failing due to not having enough disk space, I superseeded the previous request with https://build.suse.de/request/show/52506 Now a constraint in obs makes sure it has enough disk space and compiles successfully in every architecture.
(In reply to Antonio Larrosa from comment #21) > (In reply to Antonio Larrosa from comment #20) > > Since ppc/ppc64 builds were failing due to not having enough disk space, I > superseeded the previous request with > https://build.suse.de/request/show/52506 This submission has been accepted so handing the bug to the security team to finish processing...
released
SUSE-SU-2015:0512-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 857200 CVE References: CVE-2013-7252 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): kde4-l10n-4.3.5-0.3.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): kde4-l10n-4.3.5-0.3.1, kdebase4-runtime-4.3.5-0.3.1 SUSE Linux Enterprise Server 11 SP3 (src): kde4-l10n-4.3.5-0.3.1, kdebase4-runtime-4.3.5-0.3.1 SUSE Linux Enterprise Desktop 11 SP3 (src): kde4-l10n-4.3.5-0.3.1, kdebase4-runtime-4.3.5-0.3.1