Thread-topic: [NEWS] Jetty Session ID Prediction Vulnerability
NGS помимо описания уязвимости конкретного Jetty написала общую статью про
небезопасность стандартных PRNG
-
> -----Original Message-----
> From: SecuriTeam [mailto:support@xxxxxxxxxxxxxx]
> Sent: Wednesday, February 07, 2007 11:57 AM
> To: html-list@xxxxxxxxxxxxxx
> Subject: [NEWS] Jetty Session ID Prediction Vulnerability
>
> - - - - - - - - -
>
>
>
> Jetty Session ID Prediction Vulnerability
>
>
>
> Different versions of Jetty, the popular java web server, are
> vulnerable to a session id prediction attack.
>
>
> Vulnerable Systems:
> * Jetty versions prior to 4.2.27, 5.1.12, 6.0.2 and 6.1.0pre3
>
> Immune Systems:
> * Jetty versions 4.2.27, 5.1.12, 6.0.2 and 6.1.0pre3.
>
> Jetty uses java.util.Random to generate session ids. The
> internal state of this generator can be easily discovered,
> leading to an attacker being able to hijack existing and
> future sessions.
>
> java.util.random implements a linear congruential generator,
> of the following form:
> synchronized protected int next(int bits) {
> seed = (seed * 0x5DEECE66DL + 0xBL) & ((1L << 48) - 1);
> return (int)(seed >>> (48 - bits));
> }
>
> Jetty generates a 64-bit session id by generating two 32-bit
> numbers in this way, so we end up with an encoded 64-bit
> integer. By decoding the integer and splitting it into its
> two component 32-bit integers, we can easily brute-force the
> generator's internal state. Once the state is discovered, the
> generator can be run both forwards and backwards, so an
> attacker can determine previously generated session ids, as
> well as session ids that have not yet been generated. This
> allows the attacker to hijack any existing session, and
> perform any actions that the original user of the session
> could perform. Obviously the severity of this issue varies
> from application to application but we believe it warrants at
> least a "high" risk rating.
>
> NGS have developed proof of concept code for this issue that
> implements a session predictor for this bug. It takes a
> session id as input and outputs candidates for the next 5 and
> previous 5 session ids. It is necessary to output 7 candidate
> session ids for each iteration because Jetty encodes the
> session id in a number base from 30 to 36 depending on the
> millisecond in which the session id was generated. The
> underlying 64-bit integer is the same, just represented in
> bases 30-36.
>
> Here is some example output:
> H:\jetty_rand\Debug>jetty_rand.exe g4sse9e7fs5ee
> Radix: 30
> Found seed: 5346772124980067
>
> Session -5:
> 27s4jsk03074k
> 1gbb661e0l6mp
> 11ctqbu24shqo
> nqqa46cv6ovh
> h4xlr7d8n98c
> cg9x29g6vfna
> 9568uhp0c7yw
>
> Session -4:
> 586o97hbtkkis
> 3h9o0c9eglm5q
> 2dpgen12bekgo
> 1mf3ar81r4e7d
> 15vq2mdv83nmo
> t13aedmjm4ts
> lamwq2jurlzs
>
> Session -3:
> c2kqln033ior
> 8d98tft18mgj
> 5u715san1m0b
> 47rifnwhompl
> 31pb1t2496ef
> 27mbqm91n0gc
> 1mksf8xjn6kr
>
> Session -2:
> h5n7ft13ak1nr
> biif83e4tlq37
> 7tj3f6tclak5h
> 5fpk27ulvu2nu
> 3s5vpubx7ekc9
> 2om684eem9iy2
> 1xf0lar1nqpwx
>
> Session -1:
> 66isdajhm658g
> 463l7trqe65oo
> 2rodl8h2bjkb4
> 1wdl0j3wqr6tj
> 1d3hc9k0gm9ja
> y8hj85q65rxq
> p49erbpgioo4
>
> Session 0:
> g4sse9e7fs5ee
> as3iaiqcjo82g
> 7eeb56egthkrm
> 54w87w5wtpwfk
> 3kdimj6vemoce
> 2iybbcyacjqk9
> 1t9qijf82uk52
>
> The issue affects a great many products that are based on
> Jetty, such as
> Apache Geronimo:
>
>
> The latest version (2.0) of Geronimo is not vulnerable to this issue.
> Version 1.1 and prior are vulnerable however, and this issue
> can be used to hijack a session to the administrative console.
>
> A further 98 projects based on Jetty are listed on the Jetty
> website at:
>
>
> Fix:
> This issue was fixed in the source code on the 22nd of
> November 2006, less than 6 hours after it was reported. The
> issue is fixed in released versions 4.2.27, 5.1.12, 6.0.2 and
> 6.1.0pre3.
>
> The changes can be viewed here:
>
>
>
> Additional Information:
> The information has been provided by NGSSoftware Insight
> Security Research <mailto:nisr@xxxxxxxxxxxxxxx> .
>
>
> ==============================================================
И еще
> -----Original Message-----
> From: Michal Zalewski [mailto:lcamtuf@xxxxxxxxxxxx]
> Sent: Tuesday, February 06, 2007 11:21 AM
> To: Amit Klein
> Cc: NGSSoftware Insight Security Research; bugtraq@xxxxxxxxxxxxxxxxx
> Subject: Re: Jetty Session ID Prediction
>
> On Tue, 6 Feb 2007, Amit Klein wrote:
>
> > I don't think that the method described in the paper you referenced
> > above is applicable as-is [...] (only 32 bits out of the 48
> are known).
>
> There are attacks published for just about any variant of LCG
> imaginable,
> including ones with missing MSB/LSB output bits, etc. But I
> had a chance
> to talk to David Litchfield and Chris Anley off the list, and
> they do use
> an algorithmic approach, not brute force - that was simply a
> poor choice
> of words.
>
> /mz
>
