Package: dpkg
Version: 1.13.25
Severity: critical
Note: reported against the current version of dpkg,
but applies equally to all versions up to the present
time.
MD5 checksums are not secure. A recently discovered
mathematical technique allows *ANY* document containing a
few attacker-chosen "random" blocks to have any chosen MD5
checksum. The paper is titled "Vulnerability of software
integrity and code signing applications to chosen-prefix
collisions for MD5" by Arjen Lenstra and Benne de Weger,
Bell Laboratories. Full text is available online.[1]
In particular, it is now computationally feasible for
a single attacker with a desktop machine to modify any
executable of his or her choosing to have any desired
MD5 checksum.
Exploitation of this flaw would allow an attacker to
substitute arbitrary code for any legitimate Debian package
using a "man in the middle" attack undetected whenever a
user is installing new software, or to put up a debian
mirror site or repository containing arbitrary code
disguised as legitimate Debian software and having the same
checksums.
Ray Dillinger
[1] http://www.win.tue.nl/hashclash/SoftIntCodeSign/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
