Bug 1305971 (CVE-2016-0739)
| Summary: | CVE-2016-0739 libssh: bits/bytes confusion resulting in truncated Difffie-Hellman secret length | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> | ||||||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||
| Status: | CLOSED ERRATA | QA Contact: | |||||||||
| Severity: | medium | Docs Contact: | |||||||||
| Priority: | medium | ||||||||||
| Version: | unspecified | CC: | asn, kseifried, meissner, security-response-team, slawomir, stefw | ||||||||
| Target Milestone: | --- | Keywords: | Security | ||||||||
| Target Release: | --- | ||||||||||
| Hardware: | All | ||||||||||
| OS: | Linux | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | libssh 0.7.3 | Doc Type: | Bug Fix | ||||||||
| Doc Text: |
A type confusion issue was found in the way libssh generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters.
|
Story Points: | --- | ||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2016-04-01 04:05:07 UTC | Type: | --- | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Embargoed: | |||||||||||
| Bug Depends On: | 1310046, 1310047, 1311259, 1311260, 1311276, 1311277 | ||||||||||
| Bug Blocks: | 1305973 | ||||||||||
| Attachments: |
|
||||||||||
|
Description
Kurt Seifried
2016-02-09 17:23:43 UTC
Created attachment 1122470 [details]
libssh-CVE-2016-0739.patch
The embargo is currently set for Feb 23rd, 2016 14:00 CET. Created attachment 1128493 [details] CVE-2016-0739 advisory text Created attachment 1129246 [details] Patch The same patch as attached in comment 1, but with correct white spaces / indent. Tomas, thanks. That patch applies well. I'm unsure how one would verify that the patch applied, but I see this in the build log: + echo 'Patch #1 (libssh-CVE-2016-0739.patch):' Patch #1 (libssh-CVE-2016-0739.patch): + /usr/bin/cat /builddir/build/SOURCES/libssh-CVE-2016-0739.patch + /usr/bin/patch -p1 --fuzz=0 patching file src/dh.c And I have checked that the patch file starts with: From dc2eaa017fe77e53bd9f1d4327a480d9bfe6cc6a Mon Sep 17 00:00:00 2001 From: Aris Adamantiadis <aris> Date: Tue, 9 Feb 2016 15:09:27 +0100 Subject: [PATCH] dh: fix CVE-2016-0739 Due to a byte/bit confusion, the DH secret was too short. This file was completely reworked and will be commited in a future version. --- The only way to verify this, is to build libssh with: cmake -DWITH_DEBUG_CRYPTO=ON Then do a rsa connection using the libssh example client ./examples/samplessh. It will print x (the random secret bignum) on the command line. Fixed upstream in version 0.7.3: https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/ Created libssh tracking bugs for this issue: Affects: fedora-all [bug 1311259] Affects: epel-all [bug 1311260] External Reference: https://www.libssh.org/security/advisories/CVE-2016-0739.txt Upstream commit: https://git.libssh.org/projects/libssh.git/commit/?id=4e6ff36a9a3aef72aa214f6fb267c28953b80060 Created libssh tracking bugs for this issue: Affects: fedora-all [bug 1311276] Affects: epel-all [bug 1311277] Acknowledgments: Name: Aris Adamantiadis This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extras Via RHSA-2016:0566 https://rhn.redhat.com/errata/RHSA-2016-0566.html |