X-Git-Url: https://www.tinc-vpn.org/git/browse?p=wiki;a=blobdiff_plain;f=security.mdwn;h=f08ba83e4e0774fe8a75e8a96cb1d0c53f2ed71b;hp=53c001c375d5e61ebdb08b8b77de1c733101e712;hb=HEAD;hpb=b982f5b352d91fe8e2c57a3ea0903a42f06df392 diff --git a/security.mdwn b/security.mdwn index 53c001c..f08ba83 100644 --- a/security.mdwn +++ b/security.mdwn @@ -1,24 +1,54 @@ +## Reporting security issues + +In case you have found a security issue in tinc, please report it via email +to Guus Sliepen , preferrably PGP encrypted. +We will then try to get a CVE number assigned, and coordinate a bugfix release with major Linux distributions. + ## Security advisories The following list contains advisories for security issues in tinc in old versions: +- [CVE-2018-16758](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16758): + Michael Yonli discovered that tinc 1.0.34 and earlier allow a [man-in-the-middle attack](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) + that, even if the MITM cannot decrypt the traffic sent between the two + endpoints, when the MITM can correctly predict when an ephemeral key exchange + message is sent in a TCP connection between two nodes, allows the MITM to + force one node to send UDP packets in plaintext. + The tinc 1.1pre versions are not affected by this. + +- [CVE-2018-16738](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16738): + Michael Yonli discoverd that tinc versions 1.0.30 to 1.0.34 allow an [oracle attack](https://en.wikipedia.org/wiki/Oracle_attack), + similar to CVE-2018-16737, but due to the mitigations put in place for the Sweet32 + attack in tinc 1.0.30, it now requires a [timing attack](https://en.wikipedia.org/wiki/Timing_attack) + that has only a limited time to complete. + Tinc 1.1pre16 and earlier are also affected if there are nodes on the same + VPN that still use the legacy protocol from tinc version 1.0.x. + +- [CVE-2018-16737](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16737): + Michael Yonly discovered that tinc 1.0.29 and earlier allow an [oracle attack](https://en.wikipedia.org/wiki/Oracle_attack) + that could allow a remote attacker to establish one-way communication with a + tinc node, allowing it to send fake control messages and inject packets into + the VPN. The attack takes only a few seconds to complete. + Tinc 1.1pre14 and earlier allow the same attack if they are configured to allow connections + from nodes using the legacy 1.0.x protocol. + - [CVE-2013-1428](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1428), - [DSA-2663](http://www.debian.org/security/2013/dsa-2663), + [DSA-2663](https://www.debian.org/security/2013/dsa-2663), [Sitsec advisory](http://sitsec.net/blog/2013/04/22/stack-based-buffer-overflow-in-the-vpn-software-tinc-for-authenticated-peers): stack based buffer overflow - [CVE-2002-1755](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1755): - tinc 1.0pre3 and 1.0pre4 VPN do not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC. + Tinc 1.0pre3 and 1.0pre4 VPN do not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC. - [CVE-2001-1505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1505): - tinc 1.0pre3 and 1.0pre4 allow remote attackers to inject data into user sessions by sniffing and replaying packets. + Tinc 1.0pre3 and 1.0pre4 allow remote attackers to inject data into user sessions by sniffing and replaying packets. ## Possible weak keys generated by tinc on Debian (and derivates) due to a security bug in Debian's OpenSSL packages For those who run tinc on Debian or Debian-based distributions like Ubuntu and Knoppix, be advised that the following security issue affects tinc as well: -[http://www.debian.org/security/2008/dsa-1571](http://www.debian.org/security/2008/dsa-1571) +[https://www.debian.org/security/2008/dsa-1571](https://www.debian.org/security/2008/dsa-1571) In short, if you generated public/private keypairs for tinc between 2006 and May 7th, 2008 on a machine running Debian or a derivative, they may have been generated without a properly seeded random