Audit-Report RNP & Thunderbird Integration 08.2020 (tracking)
Categories
(MailNews Core :: Security: OpenPGP, defect)
Tracking
(thunderbird_esr78 unaffected)
| Tracking | Status | |
|---|---|---|
| thunderbird_esr78 | --- | unaffected |
People
(Reporter: wsmwk, Unassigned)
References
Details
(Keywords: meta, sec-other)
Attachments
(1 file)
|
377.66 KB,
application/pdf
|
Details |
Identified Vulnerabilities:
- RNP-01-001 WP1 RNP: Integer overflow due to expiration time of PGP v3 keys (Low) - bug 1671737
- RNP-01-004 WP1 RNP: Potential Integer underflow in partial_dst_write() (Low) - bug 1671738
- RNP-01-005 WP1 RNP: Literal packet parsing allows for Integer underflow (Low) - bug 1671758
- RNP-01-006 WP2 Thunderbird: Evaluation of password strength insufficient (Low) - bug 1671759
- RNP-01-007 WP1 RNP: encrypt_secret_key() does not wipe keybuf from memory (Low) - bug 1673236
- RNP-01-012 WP1 Thunderbird: Logic issue potentially leaves key material unlocked (Medium) - bug 1673239
- RNP-01-014 WP1 Thunderbird: Key manipulation via uncertified Auto-Import (Medium) - bug 1673240
Miscellaneous Issues:
- RNP-01-002 WP3 Thunderbird: Automatic handling of autocrypt-gossip header (Info)
- RNP-01-003 WP3 Thunderbird: Possible race condition when reading from disk (Info)
- RNP-01-008 WP3 Thunderbird: Partially unencrypted email insufficiently detected (Low) - bug 1673241
- RNP-01-009 WP1 RNP: mem_dest_own_memory() callers do not check for NULL (Info)
- RNP-01-010 WP1 Thunderbird: Outdated and vulnerable Botan library version (Info)
- RNP-01-011 WP1 RNP: Potential overflow in librepgp due to invalid size check (Low) - bug 1673242
- RNP-01-013 WP2 Thunderbird: Forbidden cipher-suites/algorithms recommendations (Info)
|
Reporter | |
Updated•4 years ago
|
|
|
Reporter | |
Updated•4 years ago
|
|
|
Reporter | |
Updated•4 years ago
|
|
|
Reporter | |
Comment 1•4 years ago
|
||
I believe all non-Info findings in Attachment 9182160 [details] now have bug reports, can be prioritized, and given sec-xxxx ratings. "Thunderbird:" and "RNP:" in bug summary indicates responsibility of the respective organizations.
Bugs will also be created for Info findings unless someone decides otherwise.
All items are considered confidential until the report is publicly released, or as individual items are made public.
|
||
Comment 2•4 years ago
|
||
AFAIK, assigning security ratings for Thunderbird is Kaie's decision. But feel free to ping if you want help/input!
|
|
Reporter | |
Updated•4 years ago
|
|
|
Reporter | |
Comment 3•4 years ago
|
||
Kaie, these cover your comments from August 24, 2020 email ...
(In reply to Wayne Mery (:wsmwk) from comment #0)
Created attachment 9182160 [details]
cure53 RNP-01-report.pdfIdentified Vulnerabilities:
- RNP-01-001 WP1 RNP: Integer overflow due to expiration time of PGP v3 keys (Low) - bug 1671737
- RNP-01-004 WP1 RNP: Potential Integer underflow in partial_dst_write() (Low) - bug 1671738
- RNP-01-005 WP1 RNP: Literal packet parsing allows for Integer underflow (Low) - bug 1671758
- RNP-01-006 WP2 Thunderbird: Evaluation of password strength insufficient (Low) - bug 1671759
- RNP-01-007 WP1 RNP: encrypt_secret_key() does not wipe keybuf from memory (Low) - bug 1673236
- RNP-01-012 WP1 Thunderbird: Logic issue potentially leaves key material unlocked (Medium) - bug 1673239
- RNP-01-014 WP1 Thunderbird: Key manipulation via uncertified Auto-Import (Medium) - bug 1673240
Miscellaneous Issues:
- RNP-01-002 WP3 Thunderbird: Automatic handling of autocrypt-gossip header (Info)
Kaie's comment "immediate response already done by disabling by bug 1659504 TODO: code reminder/comment for future work on this feature"
- RNP-01-003 WP3 Thunderbird: Possible race condition when reading from disk (Info)
Kaie, you'll need a bug for "should change code to use in memory buffer, not temporary file"
- RNP-01-008 WP3 Thunderbird: Partially unencrypted email insufficiently detected (Low) - bug 1673241
- RNP-01-009 WP1 RNP: mem_dest_own_memory() callers do not check for NULL (Info)
"not used by TB"
- RNP-01-010 WP1 Thunderbird: Outdated and vulnerable Botan library version (Info)
"update underlying Botan library. need plan/procedure to ensure we update Botan when appropriate"
- RNP-01-011 WP1 RNP: Potential overflow in librepgp due to invalid size check (Low) - bug 1673242
- RNP-01-013 WP2 Thunderbird: Forbidden cipher-suites/algorithms recommendations (Info)
Your email indicates this is fixed by fixed by Bug 1641720 - Need an OpenPGP crypto policy, only show security indicators for mechanisms that are on the allowlist
I believe this update covers all the "info" findings. If correct, then just one new bug needs to be created.
|
||
Updated•4 years ago
|
|
|
||
Comment 4•4 years ago
|
||
(In reply to Wayne Mery (:wsmwk) from comment #3)
- RNP-01-003 WP3 Thunderbird: Possible race condition when reading from disk (Info)
Kaie, you'll need a bug for "should change code to use in memory buffer, not temporary file"
yes, filed as bug 1692899
- RNP-01-013 WP2 Thunderbird: Forbidden cipher-suites/algorithms recommendations (Info)
Your email indicates this is fixed by fixed by Bug 1641720 - Need an OpenPGP crypto policy, only show security indicators for mechanisms that are on the allowlist
No. That bug was used to only apply a bandaid for the most problematic detail, and the one that was easiest to fix.
The underlying issue is much more complex, and is now tracked in bug 1662581
and https://github.com/rnpgp/rnp/issues/1281
However, I wouldn't track that bug as a dependency of the audit. The audit didn't uncover it as an issue. It was already known as a TODO.
|
|
||
Updated•4 years ago
|
|
|
||
Comment 5•3 years ago
|
||
Are we ready to publish the cure53 audit and open up all the bugs?
|
|
||
Comment 6•3 years ago
|
||
We have addressed all the reported issues, and have uplifted all of them to the stable 78.x release branch.
Marking fixed.
|
|
Reporter | |
Updated•3 years ago
|
|
||
Updated•3 years ago
|
|
|
Reporter | |
Updated•7 months ago
|
Description
•