opiepasswd does not always generate valid seeds

Bug #569292 reported by Chris Cowan on 2010-04-24
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
opie (Ubuntu)
Medium
Marc Deslauriers
Jaunty
Undecided
Unassigned
Karmic
Undecided
Unassigned
Lucid
Undecided
Unassigned
Maverick
Medium
Marc Deslauriers

Bug Description

After installing the opie-client, opie-server, and libopie-pam packages, and making the apparently needed edits to /etc/ssh/sshd_config and /etc/pam.d/ssh, I go on to set it up for my user.

chris@cowan-laptop:~$ opiepasswd
Adding chris:
You need the response from an OTP generator.
New secret pass phrase:
 otp-md5 499 co5482
 Response: YEA ORE GIRL GLIB MOS BOIL

ID chris OTP key is 499 co5482
YEA ORE GIRL GLIB MOS BOIL

I test it, and it works fine for ssh. Great! But I used a lame passphrase, and figure I want to change to a stronger one.

chris@cowan-laptop:~$ opiepasswd
Updating chris:
You need the response from an OTP generator.
Old secret pass phrase:
 otp-md5 497 co5482 ext
 Response: CRUD TEAM COL WENT WAKE LEA
New secret pass phrase:
 otp-md5 499 co54
 Response:

Er, that seed doesn't look very good or original. And it doesn't work for opiekey/otp-md5:

chris@cowan-laptop:~$ otp-md5 499 co54
Using the MD5 algorithm to compute response.
Seeds must be greater than 5 characters long.

Trying to change my opie password again has the same thing happen. I have to use the -s option to set a longer seed manually to fix this.

I've repeated this process several times (running "opiepasswd" after setting a new one), and the new seed is always the old one truncated (co, co1, co14, etc), or sometimes it even seems to fail at truncating the old seed, and tries to reuse the old seed, causing it to give an error:

chris@cowan-laptop:~$ opiepasswd
Updating chris:
You must use a different seed for the new OTP sequence.

Marc Deslauriers (mdeslaur) wrote :

Thanks for reporting this issue.

What version of Ubuntu are you running? What version of the opie-server package are you using?

Changed in opie (Ubuntu):
assignee: nobody → Marc Deslauriers (mdeslaur)
Chuck Short (zulcss) on 2010-04-26
Changed in opie (Ubuntu):
status: New → Incomplete
Chris Cowan (agentme49) wrote :

I'm on Ubuntu 9.10 64-bit, and I had the 2.40~dfsg-0ubuntu1 version of opie-server.

Marc Deslauriers (mdeslaur) wrote :

I can confirm this issue on both karmic and lucid:

Updating mdeslaur:
You need the response from an OTP generator.
Old secret pass phrase:
 otp-md5 498 md5592 ext
 Response: DOLL SING OWE RISK HATH LADY
New secret pass phrase:
 otp-md5 499 md55
 Response:
Error reading response.

Changed in opie (Ubuntu):
status: Incomplete → Confirmed
importance: Undecided → Medium
Marc Deslauriers (mdeslaur) wrote :
Changed in opie (Ubuntu Karmic):
status: New → Confirmed
Changed in opie (Ubuntu Lucid):
status: New → Confirmed
Changed in opie (Ubuntu Jaunty):
status: New → Confirmed
Marc Deslauriers (mdeslaur) wrote :

I have uploaded fixed packages for karmic to my PPA here:

https://launchpad.net/~mdeslaur/+archive/testing

Could you please test these packages and report here if they worked for you. If they work, I'll arrange for an SRU update to fix this issue.

Thanks.

Changed in opie (Ubuntu Karmic):
status: Confirmed → Incomplete
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package opie - 2.40~dfsg-0ubuntu2

---------------
opie (2.40~dfsg-0ubuntu2) maverick; urgency=low

  * SECURITY UPDATE: denial of service via off-by-one
    - libopie/readrec.c: use strncpy so we don't overflow principal.
    - http://security.freebsd.org/patches/SA-10:05/opie.patch
    - CVE-2010-1938
  * libopie/newseed.c: fix snprintf's length argument so opiepasswd will
    generate valid seeds. (LP: #569292)
 -- Marc Deslauriers <email address hidden> Thu, 17 Jun 2010 10:30:54 -0400

Changed in opie (Ubuntu Maverick):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package opie - 2.40~dfsg-0ubuntu1.10.04.1

---------------
opie (2.40~dfsg-0ubuntu1.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    off-by-one
    - libopie/readrec.c: use strncpy so we don't overflow principal.
    - http://security.freebsd.org/patches/SA-10:05/opie.patch
    - CVE-2010-1938
  * libopie/newseed.c: fix snprintf's length argument so opiepasswd will
    generate valid seeds. (LP: #569292)
 -- Marc Deslauriers <email address hidden> Tue, 08 Jun 2010 11:19:07 -0400

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package opie - 2.40~dfsg-0ubuntu1.9.10.1

---------------
opie (2.40~dfsg-0ubuntu1.9.10.1) karmic-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    off-by-one
    - libopie/readrec.c: use strncpy so we don't overflow principal.
    - http://security.freebsd.org/patches/SA-10:05/opie.patch
    - CVE-2010-1938
  * libopie/newseed.c: fix snprintf's length argument so opiepasswd will
    generate valid seeds. (LP: #569292)
 -- Marc Deslauriers <email address hidden> Tue, 08 Jun 2010 11:19:07 -0400

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package opie - 2.40~dfsg-0ubuntu1.9.04.1

---------------
opie (2.40~dfsg-0ubuntu1.9.04.1) jaunty-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    off-by-one
    - libopie/readrec.c: use strncpy so we don't overflow principal.
    - http://security.freebsd.org/patches/SA-10:05/opie.patch
    - CVE-2010-1938
  * libopie/newseed.c: fix snprintf's length argument so opiepasswd will
    generate valid seeds. (LP: #569292)
 -- Marc Deslauriers <email address hidden> Tue, 08 Jun 2010 11:19:07 -0400

Changed in opie (Ubuntu Jaunty):
status: Confirmed → Fix Released
Changed in opie (Ubuntu Karmic):
status: Incomplete → Fix Released
Changed in opie (Ubuntu Lucid):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers