RE: [ebxml-msg] Conformance profiles for ebMS V3: need an update?

Regardless of which MEP is used, the sending of an eb:Receipt message must be supported:

For the One-way / Push, both “response” and “callback” reply patterns must be supported.
For the One-way / Pull, the “callback” pattern is the only viable option, and the User message sender MUST be ready to accept an eb:Receipt either piggybacked on a PullRequest, or sent separately. The User message receiver MUST be able to send an eb:Receipt separately from the PullRequest.
For the Two-way / Sync, both “response” and “callback” reply patterns must be supported for the first leg. The “callback” pattern is the only viable option for the second leg. The reply sender MUST be ready to accept an eb:Receipt either piggybacked on another User message, or sent separately. The reply receiver MUST be able to send an eb:Receipt separately.

Use of the ebbpsig:NonRepudiationInformation element (as defined in [ebBP-SIG] MUST be supported as content for the eb:Receipt message.

FYI

> -----Ursprüngliche Nachricht-----

> Von: brad@isecpartners.com [mailto:brad@isecpartners.com]

> Gesendet: Donnerstag, 12. Juli 2007 22:35

> An: bugtraq@securityfocus.com

> Betreff: Whitepaper: Command Injection in XML Digital

> Signatures and Encryption

> iSEC Partners and Brad Hill are pleased to announce the

> availability of a new whitepaper describing design flaws and

> new attacks against the XML Digital Signature and XML

> Encryption standards. It accompanies recent advisories and

> provides detailed guidance for auditors and implementers of

> these products.

> Full Paper Available at:

> ------------------------

http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf

Abstract:

---------

The XML Digital Signature (XMLDSIG) and XML Encryption (XMLENC) standards are complex protocols for securing XML and other content. Among its complexities, the XMLDSIG standard specifies various “Transform” algorithms to identify, manipulate and canonicalize signed content and key material. Unfortunately, the defined transforms have not been rigorously constrained to prevent their use as attack vectors, and denial of service or even arbitrary code execution are probable in implementations that have not specifically guarded against such risks.

Attacks against the processing application can be embedded in the KeyInfo portion of a signature, making them inherently unauthenticated, or in the SignedInfo block. Although tampering with the SignedInfo should be detectable, a defective implied order of operations in the specification may still allow unauthenticated attacks here.

The ability to execute arbitrary code and perform file system operations with a malicious, invalid signature has been confirmed by the researcher in at least two independent XMLDSIG implementations, and other implementations may be similarly vulnerable. This paper describes the vulnerabilities in detail and offers advice for remediation. The most damaging attack is also likely to apply in other contexts where XSLT is accepted as input, and should be considered by all implementers of complex XML processing systems.

About iSEC Partners:

--------------------

iSEC Partners is a full-service security consulting firm that provides

penetration testing, secure systems development, security education

and software design verification.

115 Sansome Street, Suite 1005

San Francisco, CA 94104

Phone: (415) 217-0052

--
Mit freundlichen Grüßen / Best Regards,
Michael Häusler
__________________________________________________________________
Ponton Consulting GmbH voice: + 49.40.69213-340
http://www.ponton-consulting.de/ fax: + 49.40.69213-355
Dorotheenstraße 60
D-22301 Hamburg
__________________________________________________________________

HRB 81480, AG Hamburg, Managing Director: Dr. Michael Merz
Ponton Consulting is a Member of C1 Group (www.c1-group.com)
__________________________________________________________________

ebxml-msg message