Bug 1298032 (CVE-2016-0777) - CVE-2016-0777 OpenSSH: Client Information leak due to use of roaming connection feature
Summary: CVE-2016-0777 OpenSSH: Client Information leak due to use of roaming connecti...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-0777
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1298217 1298218 1298626 1298817 1298818
Blocks: 1298034
TreeView+ depends on / blocked
 
Reported: 2016-01-13 03:41 UTC by Huzaifa S. Sidhpurwala
Modified: 2019-09-29 13:42 UTC (History)
16 users (show)

Fixed In Version: openssh 7.1p2
Doc Type: Bug Fix
Doc Text:
An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client.
Clone Of:
Environment:
Last Closed: 2016-01-14 20:54:54 UTC


Attachments (Terms of Use)
Upstream patch (1.41 KB, patch)
2016-01-14 07:14 UTC, Tomas Hoger
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:0043 normal SHIPPED_LIVE Moderate: openssh security update 2016-01-15 01:20:12 UTC
Red Hat Knowledge Base (Article) 2123781 None None None 2016-01-15 06:40:25 UTC
Red Hat Knowledge Base (Solution) 2126451 None None None 2016-01-15 06:40:50 UTC

Description Huzaifa S. Sidhpurwala 2016-01-13 03:41:49 UTC
The OpenSSH client supports an undocumented feature called roaming: if the connection to an SSH server breaks unexpectedly, and if the server supports roaming as well, the client is able to reconnect to the server and resume the suspended SSH session.

This roaming feature on OpenSSH clients contain a security flaw which allows a malicious SSH server to steal the client's private keys.

Comment 1 Huzaifa S. Sidhpurwala 2016-01-13 03:45:28 UTC
Mitigation:

1. The vulnerable roaming code can be permanently disabled by adding the
undocumented option "UseRoaming no" to the system-wide configuration
file (usually /etc/ssh/ssh_config), or per-user configuration file
(~/.ssh/config), or command-line (-o "UseRoaming no").

2. If an OpenSSH client is disconnected from an SSH server that offers
roaming, it prints "[connection suspended, press return to resume]" on
stderr, and waits for '\n' or '\r' on stdin (and not on the controlling
terminal) before it reconnects to the server; advanced users may become
suspicious and press Control-C or Control-Z instead, thus avoiding the
information leak.

However, SSH commands that use the local stdin to transfer data to the
remote server are bound to trigger this reconnection automatically (upon
reading a '\n' or '\r' from stdin). Moreover, these non-interactive SSH
commands (for example, backup scripts and cron jobs) commonly employ
public-key authentication and are therefore perfect targets for this
information leak.

Comment 4 Huzaifa S. Sidhpurwala 2016-01-13 10:33:12 UTC
The "roaming" feature of OpenSSH clients was introduced in OpenSSH-5.4. Therefore Red Hat Enterprise Linux 4, 5, and 6 are not affected by this flaw.

OpenSSH-6.6 is vulnerable to this issue but only when used with "ProxyCommands" not in a default configuration, therefore the version of OpenSSH shipped with Red Hat Enterprise Linux 7 is affected by this flaw.

Also Red Hat Enterprise Linux 4, 5, 6 and 7 does not enable this "roaming" feature on the server side.


Statement:

This issue does not affect the version OpenSSH as shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue affects the version of OpenSSH as shipped with Red Hat Enterprise Linux 7 in a non-default configuration. For more information please refer to https://access.redhat.com/articles/2123781

Comment 7 Tomas Hoger 2016-01-14 07:14:16 UTC
Created attachment 1114690 [details]
Upstream patch

This is the fix that is expected to be published by upstream later today.  It disabled the roaming feature.

Comment 9 Martin Prpič 2016-01-14 12:05:01 UTC
Acknowledgements:

Red Hat would like to thank Qualys for reporting this issue.

Comment 11 Martin Prpič 2016-01-14 15:19:35 UTC
Created openssh tracking bugs for this issue:

Affects: fedora-all [bug 1298626]

Comment 12 Tomas Hoger 2016-01-14 15:53:47 UTC
Fixed upstream in 7.1p2:

http://www.openssh.com/txt/release-7.1p2

Comment 14 Martin Prpič 2016-01-14 17:33:19 UTC
A detailed analysis of this issue was published by Qualys at:

https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt

Comment 15 Tomas Hoger 2016-01-14 19:56:20 UTC
After disabling roaming for the 7.1p2 security release, upstream already proceeded to removing roaming support completely in the CVS:

http://marc.info/?l=openbsd-cvs&m=145278862023945

Comment 16 Trevor Hemsley 2016-01-14 19:59:25 UTC
Why does the openssh-clients-5.3p1-112.el6_7.x86_64 copy of ssh contain the string "useroaming" if it's not affected by this bug? Could Redhat have helpfully backported this functionality from 5.4p1 to 5.3p1?

Comment 17 errata-xmlrpc 2016-01-14 20:21:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:0043 https://rhn.redhat.com/errata/RHSA-2016-0043.html

Comment 18 Tomas Hoger 2016-01-14 20:54:29 UTC
(In reply to Trevor Hemsley from comment #16)
> Why does the openssh-clients-5.3p1-112.el6_7.x86_64 copy of ssh contain the
> string "useroaming" if it's not affected by this bug? Could Redhat have
> helpfully backported this functionality from 5.4p1 to 5.3p1?

There's no Red Hat specific backport.  Upstream 5.3 already added some roaming related code, apparently in preparation for addition of the client side implementation in 5.4.  5.3 recognizes UseRoaming option, but does not use it in any way.

Comment 19 Tomas Hoger 2016-01-15 07:43:21 UTC
Created gsi-openssh tracking bugs for this issue:

Affects: fedora-all [bug 1298817]
Affects: epel-7 [bug 1298818]

Comment 20 Frank Hirtz 2016-01-15 20:40:49 UTC
(In reply to Tomas Hoger from comment #18)
> (In reply to Trevor Hemsley from comment #16)
> > Why does the openssh-clients-5.3p1-112.el6_7.x86_64 copy of ssh contain the
> > string "useroaming" if it's not affected by this bug? Could Redhat have
> > helpfully backported this functionality from 5.4p1 to 5.3p1?
> 
> There's no Red Hat specific backport.  Upstream 5.3 already added some
> roaming related code, apparently in preparation for addition of the client
> side implementation in 5.4.  5.3 recognizes UseRoaming option, but does not
> use it in any way.

I had a client who noticed similar and had a look prior to seeing this. To confirm, the option parser in the RHEL6 version recognizes UseRoaming, but the option isn't used anywhere.

Comment 21 Fedora Update System 2016-01-16 13:20:42 UTC
openssh-7.1p2-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 22 Fedora Update System 2016-01-17 18:50:01 UTC
openssh-6.9p1-10.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 23 Fedora Update System 2016-01-29 00:21:57 UTC
gsi-openssh-7.1p2-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 24 Fedora Update System 2016-02-01 06:32:41 UTC
gsi-openssh-6.9p1-7.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 25 Fedora Update System 2016-02-04 21:56:18 UTC
gsi-openssh-6.6.1p1-3.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.