HomeCryptography
August 22, 2011, 9:45AM

Serious Crypto Bug Found in PHP 5.3.7

The maintainers of the PHP scripting language are warning users about a serious crypto problem in the latest release and advising them not to upgrade to PHP 5.3.7 until the bug is resolved.

PHP 5.3.7 was just released last week and that version contained fixes for a slew of security vulnerabilities. But now a serious flaw has been found in that new release that is related to the way that one of the cryptographic functions handles inputs. In some cases, when the crypt() function is called using MD5 salts, the function will return only the salt value instead of the salted hash value.

The problem does not occur when using Blowfish or DES, only with MD5. The initial bug report on the problem in the PHP system appeared Aug. 17, the day before the public stable release of PHP 5.3.7.

Editor's Pick

Threatpost Newsletter Sign-up

"If crypt() is executed with MD5 salts, the return value conists of the salt only. DES and BLOWFISH salts work as expected. I tested with php from openSUSE PHP5 repository," the report said. Several other users reproduce the problem on various other platforms.

The PHP Group, which maintains the scripting language, said in a bug report on the crypt () problem that it has fixed the issue in an intermediate build and plans to release a new stable version of PHP in the next few days.

PHP is one of the more widely used scripting languages and is also a frequent attack vector for Web-based attacks, as are other popular scripting languages. Because of its popularity, PHP vulnerabilities and attacks can be quite serious and potentially affect millions of users. However, because PHP 5.3.7 is only a few days old, it's likely that many users have not yet upgraded.

The PHP Group released PHP 5.3.7 on August 18 and the new version had fixes for quite a few bugs, including six security problems. One of the issues that 5.3.7 fixed was a problem with the crypt() function, but it was a separate bug from the current problem with salts.

Commenting on this Article is closed.

Comments

Submitted by Juan F. Campos (not verified) on Mon, 08/22/2011 - 6:59pm.

This bug has been fixed already as of (Aug 20). See https://bugs.php.net/bug.php?id=55439
Main problem was if an aplication stores its hashes in a database and use them as authentication then:
$valid = crypt($pw, $crypt);
will always be TRUE regardless of $pw
For all this, PHP Team said it is fixed in SVN and recomending to wait (upgrade) till 5.3.8 which should be ready very soon!

Submitted by Juan F. Campos (not verified) on Mon, 08/22/2011 - 7:03pm.

Also this bug is present only if you use MD5 salt (DES and BLOWFISH salts work as expected).

NOTE: md5 is the default encryption type

regards,

Juan

Submitted by Anonymous (not verified) on Mon, 08/22/2011 - 8:09pm.

Re: Juan

MD5 is not an encryption type, it is a cryptographic hash

Submitted by Anonymous (not verified) on Mon, 08/22/2011 - 11:44pm.

@anonymous: anus

Submitted by Dave (not verified) on Tue, 08/23/2011 - 2:50am.

Great, we just deployed a huge solution with this bug present. 

Fucking morons.

Submitted by Anonymous (not verified) on Tue, 08/23/2011 - 3:15am.

Dave you're a fucking moron for deploying 1 day old software.

Submitted by Anonymous (not verified) on Tue, 08/23/2011 - 3:16am.

You deployed a huge solution on a very new version of PHP? You sir, are the moron.

Submitted by Anonymous (not verified) on Tue, 08/23/2011 - 3:40am.

It's not a major release. Not even a minor release. It's a patch release, so yes, many would update as soon as possible for bugfixes and security.

Submitted by Anonymous (not verified) on Tue, 08/23/2011 - 3:49am.

No one instantly patches without deploying to a test server and making sure there are no issues, that should take a day or so to make sure. Also providing time for any show stopping bugs to be found.

Ergo, stil a moron.

Submitted by Anonymous (not verified) on Tue, 08/23/2011 - 11:12am.

Dave is just being a troll.  I bet he doesn't even work on shipping software products.

Submitted by Mikko Rantalainen (not verified) on Tue, 08/30/2011 - 5:36am.

The interesting question is not whether this is a serious problem or not (it is). The real question is HOW THE HELL DID THIS HAPPEN?

Some facts to consider:

  1. PHP developers (hopefully) do some kind of code review before accepting patches into official version. A patch that modifies crypt() should be inspected very carefully. A patch that even touches the file containing the crypt() implementation should be ignored automatically if the patch is not about fixing a specific security issue from the start.
  2. The PHP source release includes automated unit testing and if anybody had run the test suite before the release, this would have shown up as a failed test.

The root issue is more about development workflow than about code quality.

Submitted by Anonymous (not verified) on Fri, 11/18/2011 - 5:55am.

If you had unit testing deployed correctly, for a large solution, this would have been picked up

 

Copyright © 2012 threatpost.com | Terms of Service | Privacy