[Secure-testing-team] Bug#709552: libsasl2-2: Insecure mechanisms are prefered while more secure mechanisms are available

Thijs Alkemade me at thijsalkema.de
Thu May 23 23:54:09 UTC 2013 

Package: libsasl2-2
Version: 2.1.25.dfsg1-6
Severity: important
Tags: security upstream

Some SASL implementations allow the server to specify a list of mechanisms
it supports. The client should then pick the strongest mechanism it supports
to authenticate. For example, when PLAIN and SCRAM-SHA-1 are available, it
should use SCRAM-SHA-1, as it is in many ways more secure than PLAIN.

A bug in Cyrus-SASL 2.1.24 and up causes PLAIN to be chosen over SCRAM-SHA-1
when the server ordered PLAIN before SCRAM-SHA-1 (the order in which the
server specifies the mechanisms should be ignored by the client).

This can cause a client using Cyrus-SASL to disclose its password in plain,
while it doesn't need to. Here is an example of it happening in Pidgin,
compiled with Cyrus-support:

(01:39:37) jabber: Recv (ssl)(497): <?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' version='1.0' from='xnyhps.nl' id='9531b529-e769-4c00-a17f-fae4221436da' xml:lang='en' xmlns='jabber:client'><stream:features><register xmlns='http://jabber.org/features/iq-register'/><auth xmlns='http://jabber.org/features/iq-auth'/><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism><mechanism>SCRAM-SHA-1</mechanism><mechanism>DIGEST-MD5</mechanism></mechanisms></stream:features>
(01:39:37) sasl: Mechs found: PLAIN SCRAM-SHA-1 DIGEST-MD5
(01:39:37) sasl: No worthy mechs found
(01:39:41) sasl: Mechs found: PLAIN SCRAM-SHA-1 DIGEST-MD5
(01:39:41) jabber: Sending (ssl) (test at xnyhps.nl): <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN' xmlns:ga='http://www.google.com/talk/protocol/auth' ga:client-uses-full-bind-result='true'>password removed</auth>
(01:39:41) jabber: Recv (ssl)(60): <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'></success>

This issue was reported upstream at https://bugzilla.cyrusimap.org/show_bug.cgi?id=3793.
However, it has received no response. I'm also reporting it here because
I think it's a security issue that puts Debian users at risk.


-- System Information:
Debian Release: 7.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libsasl2-2 depends on:
ii  libc6              2.13-38
ii  libdb5.1           5.1.29-5
ii  multiarch-support  2.13-38

Versions of packages libsasl2-2 recommends:
ii  libsasl2-modules  2.1.25.dfsg1-6

libsasl2-2 suggests no packages.

-- no debconf information

More information about the Secure-testing-team mailing list