SSL keys for iTalc in Edubuntu only gets generated at build time

Bug #714864 reported by Jonathan Carter
262
This bug affects 1 person
Affects Status Importance Assigned to Milestone
italc (Ubuntu)
Fix Released
High
Stéphane Graber
Karmic
Fix Released
High
Kees Cook
Lucid
Fix Released
High
Kees Cook
Maverick
Fix Released
High
Stéphane Graber
Natty
Fix Released
High
Stéphane Graber

Bug Description

The private keys for iTalc on Edubuntu gets generated when the live image is build from iTalc's postinst.

The problem is that keys aren't generated again after that in ubiquity's target-config or anywhere else, which results in every single Edubuntu machine of the same release having the same keys, which results in every Edubuntu machine being remotely controllable by anyone with iTalc or a VNC client installed.

This affects all Edubuntu live DVD's that ship with iTalc.

Stéphane is busy working on SRU's, and debdiffs will be available shortly.

Revision history for this message
Stéphane Graber (stgraber) wrote :

root@orilla:/data/iso# for squash in *.squashfs
> do
> mount -o loop $squash tmp/
> md5sum tmp/etc/italc/keys/*/*/key
> umount tmp
> done
38437fd93f2728ed752b55604abe3f26 tmp/etc/italc/keys/private/admin/key
701806e8744e15540b2391d66ab560e6 tmp/etc/italc/keys/private/supporter/key
ce39df1800470195c0d35a13acc7f2f4 tmp/etc/italc/keys/private/teacher/key
122c1a9f324c997db4c69bb5a0b2eac1 tmp/etc/italc/keys/public/admin/key
783d858340ed89c132db8c2973b4b9fb tmp/etc/italc/keys/public/supporter/key
2a6cdd46ec7d52eb2df334da08122797 tmp/etc/italc/keys/public/teacher/key
cab58fba8b1e002f894317b5ec53052d tmp/etc/italc/keys/private/admin/key
f04bc4de36ca6c3aeaa50f2e7a8c3e72 tmp/etc/italc/keys/private/supporter/key
ae3a07a17da0dbd795c24898483da12a tmp/etc/italc/keys/private/teacher/key
b11f5dbbbc6392ce96eb970e6ab173c9 tmp/etc/italc/keys/public/admin/key
ed6f414a92f558a5a5f475fcf04b6543 tmp/etc/italc/keys/public/supporter/key
4415ebbe044d9004f5e4edb36ab0e8bf tmp/etc/italc/keys/public/teacher/key
9746f2ac0e55c761912bd24a2c0df077 tmp/etc/italc/keys/private/admin/key
9224a0b6a09cd29545a91798b3e402a4 tmp/etc/italc/keys/private/supporter/key
5adfa4044d68a8fa1591887c11f8788c tmp/etc/italc/keys/private/teacher/key
43c88a01ea36f056be69c750097fb82a tmp/etc/italc/keys/public/admin/key
544d88f8ce8c8de3c28d411a5ee45091 tmp/etc/italc/keys/public/supporter/key
adbf57dd4419f3a28de52572099e2c0b tmp/etc/italc/keys/public/teacher/key
c0244cda824f75b2b186cf8830c44c2b tmp/etc/italc/keys/private/admin/key
bd1576d3824dc330c0e60b6369fdb173 tmp/etc/italc/keys/private/supporter/key
1953dffb20ef8f0b258e32a7c957e8fe tmp/etc/italc/keys/private/teacher/key
5021b1e3c8ce147a2d962ec368b681f6 tmp/etc/italc/keys/public/admin/key
8f372d3a35763db6e017bcfc86b28b9f tmp/etc/italc/keys/public/supporter/key
bdd706777034072db71329f47f041c94 tmp/etc/italc/keys/public/teacher/key
909b6771f03df333a26c70fe48814702 tmp/etc/italc/keys/private/admin/key
1fa2f1f8709dff5e681bbba693a184be tmp/etc/italc/keys/private/supporter/key
12cb0152c344df5592eced24a5175b90 tmp/etc/italc/keys/private/teacher/key
554991d4382fa98d6da6d2bb125e8f68 tmp/etc/italc/keys/public/admin/key
933c823eeaeba399211207784e410ae1 tmp/etc/italc/keys/public/supporter/key
d81ee1636da323c652e67fc9f5d17dea tmp/etc/italc/keys/public/teacher/key
443e7a853ac6e963c94e7b7ed36092cb tmp/etc/italc/keys/private/admin/key
0a0745860a4d055e8b4524ff6c3b7356 tmp/etc/italc/keys/private/supporter/key
143a0371bd3ea11d71c50b0cbe219dce tmp/etc/italc/keys/private/teacher/key
d53811801490e7dd515ae427e9d244c5 tmp/etc/italc/keys/public/admin/key
29d2e819b9fbcbe493a7276b12e08ee0 tmp/etc/italc/keys/public/supporter/key
89e52ef5a04595261fea94b8f57abcc4 tmp/etc/italc/keys/public/teacher/key

That's for all the known values of the keys we want to remove

Revision history for this message
Stéphane Graber (stgraber) wrote :

Test run of the fix (FS is read only):

root@orilla:/data/iso# cp test.sh /tmp/ && for squash in *.squashfs; do mount -o loop $squash tmp/; mount -o bind /tmp tmp/tmp && chroot tmp sh /tmp/test.sh; umount tmp/tmp; umount tmp; done
rm: cannot remove `/etc/italc/keys/private/admin/key': Read-only file system
rm: cannot remove `/etc/italc/keys/private/supporter/key': Read-only file system
rm: cannot remove `/etc/italc/keys/private/teacher/key': Read-only file system
rm: cannot remove `/etc/italc/keys/public/admin/key': Read-only file system
rm: cannot remove `/etc/italc/keys/public/supporter/key': Read-only file system
rm: cannot remove `/etc/italc/keys/public/teacher/key': Read-only file system
rm: cannot remove `/etc/italc/keys/private/admin/key': Read-only file system
rm: cannot remove `/etc/italc/keys/private/supporter/key': Read-only file system
rm: cannot remove `/etc/italc/keys/private/teacher/key': Read-only file system
rm: cannot remove `/etc/italc/keys/public/admin/key': Read-only file system
rm: cannot remove `/etc/italc/keys/public/supporter/key': Read-only file system
rm: cannot remove `/etc/italc/keys/public/teacher/key': Read-only file system
rm: cannot remove `/etc/italc/keys/private/admin/key': Read-only file system
rm: cannot remove `/etc/italc/keys/private/supporter/key': Read-only file system
rm: cannot remove `/etc/italc/keys/private/teacher/key': Read-only file system
rm: cannot remove `/etc/italc/keys/public/admin/key': Read-only file system
rm: cannot remove `/etc/italc/keys/public/supporter/key': Read-only file system
rm: cannot remove `/etc/italc/keys/public/teacher/key': Read-only file system
rm: cannot remove `/etc/italc/keys/private/admin/key': Read-only file system
rm: cannot remove `/etc/italc/keys/private/supporter/key': Read-only file system
rm: cannot remove `/etc/italc/keys/private/teacher/key': Read-only file system
rm: cannot remove `/etc/italc/keys/public/admin/key': Read-only file system
rm: cannot remove `/etc/italc/keys/public/supporter/key': Read-only file system
rm: cannot remove `/etc/italc/keys/public/teacher/key': Read-only file system
rm: cannot remove `/etc/italc/keys/private/admin/key': Read-only file system
rm: cannot remove `/etc/italc/keys/private/supporter/key': Read-only file system
rm: cannot remove `/etc/italc/keys/private/teacher/key': Read-only file system
rm: cannot remove `/etc/italc/keys/public/admin/key': Read-only file system
rm: cannot remove `/etc/italc/keys/public/supporter/key': Read-only file system
rm: cannot remove `/etc/italc/keys/public/teacher/key': Read-only file system
rm: cannot remove `/etc/italc/keys/private/admin/key': Read-only file system
rm: cannot remove `/etc/italc/keys/private/supporter/key': Read-only file system
rm: cannot remove `/etc/italc/keys/private/teacher/key': Read-only file system
rm: cannot remove `/etc/italc/keys/public/admin/key': Read-only file system
rm: cannot remove `/etc/italc/keys/public/supporter/key': Read-only file system
rm: cannot remove `/etc/italc/keys/public/teacher/key': Read-only file system

Revision history for this message
Stéphane Graber (stgraber) wrote :

Here are the debdiffs. I only tried building lucid.

Revision history for this message
Stéphane Graber (stgraber) wrote :
Revision history for this message
Stéphane Graber (stgraber) wrote :
Revision history for this message
Stéphane Graber (stgraber) wrote :
Revision history for this message
Kees Cook (kees) wrote :

Thanks! I've assigned CVE-2011-0724 for this issue.

Revision history for this message
Kees Cook (kees) wrote :

I've updated the changelog formatting and updated the versions (lucid and maverick were the same).

 * SECURITY UPDATE: private keys potentially reused from liveCD.
    - debian/italc-client.postinst: re-generate the private and public
      keys when they match one of the Edubuntu Live DVD ones (LP: #714864)
    - CVE-2011-0724

Unfortunately, maverick does not build.

Kees Cook (kees)
Changed in italc (Ubuntu Maverick):
status: New → Incomplete
Changed in italc (Ubuntu Lucid):
status: New → Fix Committed
Changed in italc (Ubuntu Karmic):
status: New → Fix Committed
assignee: nobody → Kees Cook (kees)
Changed in italc (Ubuntu Lucid):
assignee: nobody → Kees Cook (kees)
Changed in italc (Ubuntu Maverick):
assignee: nobody → Stéphane Graber (stgraber)
importance: Undecided → High
Changed in italc (Ubuntu Lucid):
importance: Undecided → High
Changed in italc (Ubuntu Karmic):
importance: Undecided → High
Changed in italc (Ubuntu Natty):
milestone: none → natty-alpha-3
Revision history for this message
Stéphane Graber (stgraber) wrote :

Here's an updated debdiff for maverick with in-line configure.in change to disable the "feature" causing the build failure.
As far as I know that feature isn't actually used by iTalc itself.

I'm pretty sure the type issue can be fixed, but none of the tricks I found on the internet fixed it, so after an hour of poking at it, I just looked at what could be changed to have it build.
Newer version of iTalc ship with a new version of the x11vnc lib which doesn't have the issue.

Kees Cook (kees)
Changed in italc (Ubuntu Maverick):
status: Incomplete → Fix Committed
Revision history for this message
Kees Cook (kees) wrote :

Details about dealing with the upgrade are available here: https://wiki.ubuntu.com/iTalc/Keys

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package italc - 1:1.0.9.1-0ubuntu18.10.10.1

---------------
italc (1:1.0.9.1-0ubuntu18.10.10.1) maverick-security; urgency=low

  * SECURITY UPDATE: private keys potentially reused from liveCD.
    - debian/italc-client.postinst: re-generate the private and public
      keys when they match one of the Edubuntu Live DVD ones (LP: #714864)
    - configure.in: disable unused features causing FTBFS.
    - CVE-2011-0724
 -- Stephane Graber <email address hidden> Mon, 07 Feb 2011 22:21:23 -0500

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package italc - 1:1.0.9.1-0ubuntu18.10.04.1

---------------
italc (1:1.0.9.1-0ubuntu18.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: private keys potentially reused from liveCD.
    - debian/italc-client.postinst: re-generate the private and public
      keys when they match one of the Edubuntu Live DVD ones (LP: #714864)
    - CVE-2011-0724
 -- Stephane Graber <email address hidden> Mon, 07 Feb 2011 22:21:23 -0500

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package italc - 1:1.0.9.1-0ubuntu16.1

---------------
italc (1:1.0.9.1-0ubuntu16.1) karmic-security; urgency=low

  * SECURITY UPDATE: private keys potentially reused from liveCD.
    - debian/italc-client.postinst: re-generate the private and public
      keys when they match one of the Edubuntu Live DVD ones (LP: #714864)
    - CVE-2011-0724
 -- Stephane Graber <email address hidden> Mon, 07 Feb 2011 22:21:23 -0500

Changed in italc (Ubuntu Karmic):
status: Fix Committed → Fix Released
Changed in italc (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in italc (Ubuntu Maverick):
status: Fix Committed → Fix Released
Kees Cook (kees)
visibility: private → public
Changed in italc (Ubuntu Natty):
importance: Critical → High
tags: added: patch
Kees Cook (kees)
Changed in italc (Ubuntu Natty):
status: Confirmed → Triaged
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package italc - 1:1.0.13-0ubuntu1

---------------
italc (1:1.0.13-0ubuntu1) natty; urgency=low

  * New upstream bugfix release (1.0.13)

  * Ubuntu patches
   * Remove fix chinese patch (fixed upstream)
   * Update maximize default patch

  * Add iTalc keys blacklist (LP: #714864)
    CVE-2011-0724
 -- Stephane Graber <email address hidden> Wed, 23 Feb 2011 16:19:50 -0500

Changed in italc (Ubuntu Natty):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.