Need to send long keyids to software-center to prevent MITM attack
Bug #1052789 reported by
Michael Vogt
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Software Center Agent |
Fix Released
|
Critical
|
Anthony Lenton | ||
| aptdaemon (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
| Oneiric |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
| Precise |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
| Quantal |
Fix Released
|
Undecided
|
Unassigned | ||
| Raring |
Fix Released
|
High
|
Unassigned | ||
Bug Description
In the subscriptions_
e.g. u'signing_key_id': u'1024r/75254d99'
These are vulnerable to man-in-the-middle attacks as its relatively easy to create collisions on them and sneak
in a different key into the keyring and compromise the system. Instead we need to send the long keyid. This
*should* be transparent to the client (but obviously we need to test that). It should send the long fingerprint,
e.g. 019A25FED88F961
fingerprint
CVE References
| tags: | added: ca-escalated |
| Changed in software-center-agent: | |
| status: | New → In Progress |
| importance: | Undecided → Critical |
| importance: | Critical → High |
| assignee: | nobody → Anthony Lenton (elachuni) |
| importance: | High → Critical |
| Changed in software-center-agent: | |
| status: | In Progress → Fix Released |
| Changed in aptdaemon (Ubuntu Oneiric): | |
| assignee: | nobody → Marc Deslauriers (mdeslaur) |
| Changed in aptdaemon (Ubuntu Precise): | |
| assignee: | nobody → Marc Deslauriers (mdeslaur) |
| information type: | Private Security → Public Security |
To post a comment you must log in.
This also affects aptdaemon, it is using:
proc = subprocess. Popen([ "/usr/bin/ apt-key" , "adv",
"- -keyserver" , keyserver,
"- -recv", keyid], stderr= subprocess. STDOUT,
stdout= subprocess. PIPE, close_fds=True)