CryptWare CryptoPro Secure Disk For Bitlocker 5.1.0.6474 Manipulation

Full title CryptWare CryptoPro Secure Disk For Bitlocker 5.1.0.6474 Manipulation
Date add 01-09-2016
Category local exploits
Platform windows
Risk
Security Risk High

Description:
CryptWare CryptoPro Secure Disk for Bitlocker version 5.1.0.6474 suffers from flaws that allows a malicious party to attack the boot process and backdoor the system to steal login credentials, the private 802.1x certificate, and the associated password.

=======================================================================
              title: Manipulation of pre-boot authentication
            product: CryptWare CryptoPro Secure Disk for Bitlocker
 vulnerable version: 5.1.0.6474
      fixed version: 5.2.1
         CVE number: -
             impact: critical
           homepage: http://www.cryptware.eu
              found: 2016-06-30
                 by: R. Freingruber (Office Vienna)
                     M. von Dach (Office Zurich)
                     SEC Consult Vulnerability Lab
                     An integrated part of SEC Consult
                     Bangkok - Berlin - Linz - Montreal - Moscow
                     Singapore - Vienna (HQ) - Vilnius - Zurich
                     https://www.sec-consult.com
=======================================================================
Vendor description:
-------------------
"CryptoPro Secure Disk for BitLocker enhances the functionality of
Microsoft BitLocker to have an own PreBoot Authentification (PBA)
and enables BitLocker to use established and existing authentication
methods like UID/Password and Smartcard/PIN. The encryption
of the hard disk, as well as the recovery mechanism are realized with
Microsoft BitLocker while the user Authentication and Help-Desk
mechanism are handled by CryptoPro Secure Disk for Bitlocker.
This ideal combination of both technologies allows customers to
establish an ease of use and cost effective solution, even without
have to use TPM authentication and administration. Our centralized
encryption management with different roles of administration and
multi-client-capability delivers new opportunities for customers and
third party service providers."
Source:
Business recommendation:
------------------------
By using the vulnerabilities documented in this advisory an attacker
can attack the boot process and backdoor the system to steal
login credentials, the private 802.1x certificate and the associated
password.
SEC Consult recommends not to use this software until a thorough security
review has been performed by security professionals and all identified
issues have been resolved.
Vulnerability overview/description:
-----------------------------------
1) Terminal access not blocked at login mask
After installing CryptoPro Secure Disk an additional partition (ext3) is
added to the system. This partition contains a small linux operating system
and gets directly started after booting the system (before bitlocker code
gets executed). Via an init script the login application is started.
An attacker can use a keyboard shortcut to open the first terminal.
This spawns an invisible root shell for the attacker (commands can be
executed, however, the output is not directly visible).
The other terminals (terminal two to six) are blocked via commands
inside the /etc/inittab file. The associated line for terminal one is
uncommented and therefore not active.
2) Inadequate software manipulation verification
After starting the system the following application gets started:
/usr/SUPERSHEEP/bin/app_launcher -a ./ss_gui
The app_launcher application carries out checks and finally
starts the graphical user interface with the login mask (ss_gui).
These checks first verify the hashsum of the file
/usr/SUPERSHEEP/bin/verify_checksums.sh
and afterwards execute the script. The script calculates the hashsum
of nearly all files on the system and compares them with a preconfigured
list (which is stored inside an encrypted block special file).
If the hash of the script is wrong or the script reports invalid hashes,
the boot process is stopped and an error is displayed to the user.
The script contains a design / logical error which allows an attacker
to bypass the hash verification. By exploiting this flaw an attacker
can modify all files on the system (e.g. add a backdoor).
Proof of concept:
-----------------
1) Terminal access not blocked at login mask
An attacker can use the keyboard shortcut ctrl+alt+f1 to open an
invisible root shell. A simple proof-of-concept is to type the
command "reboot". This results in a beep-sound and a reboot of the
system.
Another proof-of-concept is that an attacker connects the victim
system with a DHCP server to assign an IP address and then start the
following command:
/usr/bin/netcat -lvvp 8197 -e /bin/sh
This command must be typed with a german keyboard layout. It
binds a root shell to the port 8197. Afterwards the attacker can
connect to port 8197 to issue commands and receive the output of it.
2) Inadequate software manipulation verification
The script /usr/SUPERSHEEP/bin/verify_checksums.sh
executes the following command to calculate the number of files with
invalid hashes:
/tmp/sha256sum -c $CS_FILE > $CS_FILE.out
Later the wc (word count) utility is used to count the number of
errors. This is done by the following code:
NUM_FAILED=`wc -l $CS_FILE.error | cut -d " " -f 1`
The script uses the wc program and expects that wc was not
modified and the output of it is correct. However, an attacker
can modify it to always return zero which means that zero errors
where found.
The problem is that the script verify_checksums.sh verifies the
hashsum of the wc utility but during verification it already uses
this utilitiy for this verification check.
For a proof-of-concept the wc file was replaced with the following content:
#!/bin/sh
echo a0 xa
exit 0
After that all scripts and binaries can be modified.
For example, the following script from CryptoPro Secure Disk can be used to
backdoor the system to save private keys (802.1x) together with the
associated password:
/usr/SUPERSHEEP/extract_certificates.sh
Vulnerable / tested versions:
-----------------------------
The version 5.1.0.6474 was found to be vulnerable which was the latest version
at the time of discovery.
Vendor contact timeline:
------------------------
2016-08-01: Contacting vendor through support@cryptware.eu
2016-08-02: CryptWare was able to reproduce the vulnerabilities
2016-08-10: Release of CryptoPro Secure Disk 5.2.1 which
            according to the vendor fixes the vulnerabilities.
2016-08-31: Coordinated release of security advisory
Solution:
---------
Upgrade to CryptoPro Secure Disk 5.2.1. The patch is provided
by the vendor directly.
#  0day.today [2016-09-01]  #
Publicités

Auteur : titux

Mais encore

Laisser un commentaire

Entrez vos coordonnées ci-dessous ou cliquez sur une icône pour vous connecter:

Logo WordPress.com

Vous commentez à l'aide de votre compte WordPress.com. Déconnexion / Changer )

Image Twitter

Vous commentez à l'aide de votre compte Twitter. Déconnexion / Changer )

Photo Facebook

Vous commentez à l'aide de votre compte Facebook. Déconnexion / Changer )

Photo Google+

Vous commentez à l'aide de votre compte Google+. Déconnexion / Changer )

Connexion à %s