Bug 1238238

Summary: openssh: weakness of agent locking (ssh-add -x) to password guessing
Product: [Other] Security Response Reporter: Vasyl Kaigorodov <vkaigoro>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: carnil, huzaifas, jjelen, mattias.ellert, mgrepl, plautrba, security-response-team, szidek, tmraz
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: OpenSSH 6.9 Doc Type: Bug Fix
Doc Text:
It was found that the OpenSSH ssh-agent, a program to hold private keys used for public key authentication, was vulnerable to password guessing attacks. An attacker able to connect to the agent could use this flaw to conduct a brute-force attack to unlock keys in the ssh-agent.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-11 08:09:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1238241, 1247864, 1281468    
Bug Blocks: 1252864    

Description Vasyl Kaigorodov 2015-07-01 12:55:56 UTC 
OpenSSH version 6.9 fix weakness of agent locking (ssh-add -x) to password guessing by implementing an increasing failure delay, storing a salted hash of the password rather than the password itself and using a timing-safe comparison function for verifying unlock attempts. This problem was reported by Ryan Castellucci.
Upstream patch: https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=9173d0fbe44de7ebcad8a15618e13a8b8d78902e

External References:

http://www.openssh.com/txt/release-6.9
Comment 1 Vasyl Kaigorodov 2015-07-01 12:59:26 UTC 
Created openssh tracking bugs for this issue:

Affects: fedora-all [bug 1238241]
Comment 2 Martin Prpič 2015-07-02 12:20:57 UTC 
Per http://openwall.com/lists/oss-security/2015/07/01/10 , MITRE did not assign a CVE to this issue:

"Our current thought is that a CVE ID may not be needed because attacks against ssh-agent locking don't cross a privilege boundary. In other words, the changelog entry could be interpreted to mean addition of a new security feature related to a threat model that wasn't in the previous design goals (e.g., password guessing by malware running under the same account)."
Comment 3 Fedora Update System 2015-07-10 19:09:15 UTC 
openssh-6.6.1p1-13.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 4 Fedora Update System 2015-07-10 19:18:17 UTC 
openssh-6.9p1-1.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 errata-xmlrpc 2015-11-19 08:03:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2088 https://rhn.redhat.com/errata/RHSA-2015-2088.html