Bug 168935
| Summary: | CAN-2005-2798, CAN-2004-2069, CVE-2006-0225 OpenSSH vulnerabilities | ||
|---|---|---|---|
| Product: | [Retired] Fedora Legacy | Reporter: | John Dalbec <jpdalbec> |
| Component: | openssh | Assignee: | Fedora Legacy Bugs <bugs> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | deisenst, pekkas, sheltren, tmraz, tseaver |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| URL: | http://www.securityfocus.com/bid/14729 | ||
| Whiteboard: | LEGACY, rh73, rh90, 1, 2, 3 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2006-02-18 19:14:38 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 178704 | ||
|
Description
John Dalbec
2005-09-21 14:16:45 UTC
05.40.19 CVE: CAN-2004-2069 Platform: Cross Platform Title: OpenSSH LoginGraceTime Remote Denial of Service Description: OpenSSH is susceptible to a remote denial of service vulnerability. This issue is due to a design flaw when servicing timeouts related to the "LoginGraceTime" server configuration directive. Specifically, when "LoginGraceTime" in conjunction with "MaxStartups" and "UsePrivilegeSeparation" are configured and enabled in the server, a condition may arise where the server refuses further remote connection attempts. For a list of vulnerable versions, please visit the reference provided. Ref: http://www.securityfocus.com/bid/14963 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated packages to QA that fix these issues and the issue from bug #178704: 86357ea99e0837b4d1034538fdbb98a1a27d3fc5 7.3/openssh-3.1p1-14.3.legacy.i386.rpm 69fa35dd258d0527c385f45fa13dbd960ff1063e 7.3/openssh-3.1p1-14.3.legacy.src.rpm 4931165763d6a71e663666dda2a9bfea3f25bc36 7.3/openssh-askpass-3.1p1-14.3.legacy.i386.rpm 85b03e049b9dec2d64840acca863a6893b3db446 7.3/openssh-askpass-gnome-3.1p1-14.3.legacy.i386.rpm 9f08ab7ed516da25dc191d0b58e9f8c0dfc61324 7.3/openssh-clients-3.1p1-14.3.legacy.i386.rpm bdad5f4c1b958803b2540bd5483e6377b77436f9 7.3/openssh-server-3.1p1-14.3.legacy.i386.rpm 4051b188164dc52c26d95bb59a9fd4de01675468 9/openssh-3.5p1-11.4.legacy.i386.rpm fb54f9535ae8a45a0b713c087a79238e99f9011d 9/openssh-3.5p1-11.4.legacy.src.rpm 220fa914d8190feedd329d026baed633bb8f49cd 9/openssh-askpass-3.5p1-11.4.legacy.i386.rpm 87e4de20eea8e7ab465fb804620ae802d5f1dd8a 9/openssh-askpass-gnome-3.5p1-11.4.legacy.i386.rpm a9b55c2acd16683ec074d0c2ee597d880cc67fc0 9/openssh-clients-3.5p1-11.4.legacy.i386.rpm 68eb044d9ebc8cb3a476afb970d84833288a3a5a 9/openssh-server-3.5p1-11.4.legacy.i386.rpm 71e9861115fc6044b9b58b1d130a48481b2f7518 1/openssh-3.6.1p2-19.4.legacy.i386.rpm f1be5c37e6b3e135f790e6b8f31531e88a5f3d5d 1/openssh-3.6.1p2-19.4.legacy.src.rpm 880d4616dba0d81a8c9f4abb6d214208f4cc332b 1/openssh-askpass-3.6.1p2-19.4.legacy.i386.rpm f6d261d7b77b6f9615a7b213e2b4a61b6cb72a27 1/openssh-askpass-gnome-3.6.1p2-19.4.legacy.i386.rpm 899fce3ff00fe87cce20974c9be059af6354effa 1/openssh-clients-3.6.1p2-19.4.legacy.i386.rpm a647ccced966a440c56621bd49cfa9c04651f0d3 1/openssh-server-3.6.1p2-19.4.legacy.i386.rpm c0008f00752796b6cb8d5fe819c54febfc86aafc 2/openssh-3.6.1p2-34.4.legacy.i386.rpm 18e1d28a75342115cf5af6ddea7927b54655c23d 2/openssh-3.6.1p2-34.4.legacy.src.rpm 4d1c59cbbf8953d91b930573eaa3283bf799c3f3 2/openssh-askpass-3.6.1p2-34.4.legacy.i386.rpm 738d68b10dda96c37a7f08ba06c92c9e3fd674f4 2/openssh-askpass-gnome-3.6.1p2-34.4.legacy.i386.rpm ab6c1b398fd72fc5f236f46d9a692df9c0d1fda6 2/openssh-clients-3.6.1p2-34.4.legacy.i386.rpm 5d317acb7a8586d4388218b9bb1195a3990f5079 2/openssh-server-3.6.1p2-34.4.legacy.i386.rpm 994a6012fd99a1be0ec49a47bef29211a0fb48b8 3/openssh-3.9p1-8.0.4.legacy.i386.rpm a16e114f7d5fac3a62e9de8a7685d4060eef9801 3/openssh-3.9p1-8.0.4.legacy.src.rpm 69d1e85d328639a870a3b88fe50e5c3b7e01c771 3/openssh-askpass-3.9p1-8.0.4.legacy.i386.rpm 4b1376b90fe867325eaaf4ce3d15fce48c945fde 3/openssh-askpass-gnome-3.9p1-8.0.4.legacy.i386.rpm a6a992d8f8a9a43c8489a5e13dae0aad9b704dac 3/openssh-clients-3.9p1-8.0.4.legacy.i386.rpm bf20500c05e59d075db4cdba274258e7209b51fb 3/openssh-server-3.9p1-8.0.4.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/openssh-3.1p1-14.3.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/openssh-3.5p1-11.4.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/1/openssh-3.6.1p2-19.4.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/2/openssh-3.6.1p2-34.4.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/3/openssh-3.9p1-8.0.4.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFD1a/oLMAs/0C4zNoRAnsnAKCjGqJuZWSBOJuQmQycuwazrEga9wCgiOJ7 tpb9dmDf4kEHbdkqhg8DFAE= =AJYf -----END PGP SIGNATURE----- The issue from Bug #178704 is CVE-2006-0225. It appears that the GSS issue has already been fixed in previous updates in all the distros where GSSAPI has been enabled.. I did QA and the packages are roughly OK -- checking the patches was a bit of work though. The check raised two questions below. As the issues are not critical, it might not hurt to wait for a week or so to see if Red Hat releases an update for CVE-2006-0225, to leverage their backport work. But I guess we could also go forward as is. In 3.6.2p1 and 3.9 (this doesn't apply to 3.5 or 3.1 as they don't have this code), it appears as if the following fragment: > + if (tuser && !okname(tuser)) { > + xfree(arg); > + return; > + } .. is missing 'xfree(arg);' at least compared to 4.2p1 -- is this intentional? I also noted that before 3.9p1, do_spawnwait return value is not checked -- is this intentional? Thos two changes are intentional. In the older versions, the arg variable doesn't exist, so it doesn't need to be freed. Before 3.9p1, openssh doesn't check the return code of the function. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - source integrity good - spec file changes minimal - patches verified to come from RHEL, with the notes above +PUBLISH RHL73, RHL9, FC1, FC2, FC3 69fa35dd258d0527c385f45fa13dbd960ff1063e openssh-3.1p1-14.3.legacy.src.rpm fb54f9535ae8a45a0b713c087a79238e99f9011d openssh-3.5p1-11.4.legacy.src.rpm f1be5c37e6b3e135f790e6b8f31531e88a5f3d5d openssh-3.6.1p2-19.4.legacy.src.rpm 18e1d28a75342115cf5af6ddea7927b54655c23d openssh-3.6.1p2-34.4.legacy.src.rpm a16e114f7d5fac3a62e9de8a7685d4060eef9801 openssh-3.9p1-8.0.4.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFD16Y/GHbTkzxSL7QRApBLAJ9d/WLHeHeEpm6veDXgvgCzr0og4QCfRGuj +B4WK4wLI9RXFxrva3nB9Is= =irnV -----END PGP SIGNATURE----- Packages were released to updates-testing. *** Bug 178704 has been marked as a duplicate of this bug. *** -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 2e4da4da715512dccb420fc67f3bb24dae2d9a40 openssh-3.5p1-11.4.legacy.i386.rpm f0e967606a821ec50f6d0af708935a9f04b52d11 openssh-clients-3.5p1-11.4.legacy.i386.rpm d49d40f814c95319dff11a49f8bb66dcdd3f808c openssh-server-3.5p1-11.4.legacy.i386.rpm installs OK. can ssh and scp in and out of the upgraded system fine. +VERIFY RH9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFD7zRfePtvKV31zw4RAutDAJ9NK4iAkiCoKNR9J9Jl9pXFBGiYEgCfemZp /wcDldSDsM1vtodRPZhaEsA= =CC6X -----END PGP SIGNATURE----- Thanks, timeout in 4 weeks! New policy: automatic accept after two weeks if no negative feedback. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Re: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168935 System: Fedora Core 1 Packages tested: - openssh - openssh-clients - openssh-server 1. Verify the GPG signature and the SHA1 checksum of the package. $ cd ~/tmp $ sha1sum *.rpm c962909e215becff41ab14353a0b1ef3f5a499fd \ openssh-3.6.1p2-19.4.legacy.i386.rpm 3818241e59db35fe61773f7e59d9d83fafd4b16a \ openssh-clients-3.6.1p2-19.4.legacy.i386.rpm 202bec4605eaf6054433a170a6432a3d449862cb \ openssh-server-3.6.1p2-19.4.legacy.i386.rpm These checksums match those published in the notification sent to the legacy list. $ rpm --checksig postgresql-*.rpm openssh-3.6.1p2-19.4.legacy.i386.rpm: \ (sha1) dsa sha1 md5 gpg OK openssh-clients-3.6.1p2-19.4.legacy.i386.rpm: \ (sha1) dsa sha1 md5 gpg OK openssh-server-3.6.1p2-19.4.legacy.i386.rpm: \ (sha1) dsa sha1 md5 gpg OK 2. Could you install or update the package without problems? The packages listed installed cleanly from the temp dir. 3. Could you use the package, as appropriate for the package, without problems? Yes. I could ssh into the box and scp and rsync-over-ssh files to and from the box after the update. +VERIFY FC1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFD8rDd+gerLs4ltQ4RAsJBAKDCX5MGLcIFBlL4aY/lmtSqrcydBwCg3OBu ZQCLVPTxcQ2qVVGXX1eGA60= =E2/z -----END PGP SIGNATURE----- Great, thanks for the testing! -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I performed QA on the following packages: rh73: 49a20580e062c535c72c1e2bcd19ff27 openssh-3.1p1-14.3.legacy.i386.rpm 407ff594c62908db943729270a11d987 openssh-askpass-3.1p1-14.3.legacy.i386.rpm 36000b3494febba8a2ad2432ae88218d openssh-askpass-gnome-3.1p1-14.3.legacy.i386.rpm bcdd1830b26bab3e5407559415941324 openssh-clients-3.1p1-14.3.legacy.i386.rpm 591c501d9c1d4665ecdd990b59ef4b6b openssh-server-3.1p1-14.3.legacy.i386.rpm fc2: 14e634319b71ae3b7b4c1cbaefe83484 openssh-3.6.1p2-34.4.legacy.i386.rpm 905401e32afff7727eaaab03256373fe openssh-askpass-3.6.1p2-34.4.legacy.i386.rpm 5e071671a5ea97fd63c1f90bbd9b323c openssh-askpass-gnome-3.6.1p2-34.4.legacy.i386.rpm 50beb66a5cc47ab69c89039a70ba38d8 openssh-clients-3.6.1p2-34.4.legacy.i386.rpm 28fc00cd7c757fd7ebd6de659645e324 openssh-server-3.6.1p2-34.4.legacy.i386.rpm fc3: 642a2761c4c1bb258bdcc52df2ad68ce openssh-3.9p1-8.0.4.legacy.i386.rpm 80d762f09e015fdafb9b139b1746d724 openssh-askpass-3.9p1-8.0.4.legacy.i386.rpm 80cacfe9b132a0af9eea00f0e6b59487 openssh-askpass-gnome-3.9p1-8.0.4.legacy.i386.rpm 18eeebc9f20fcf3f4d46e829fca2eb58 openssh-clients-3.9p1-8.0.4.legacy.i386.rpm 9929fc739ddcae6ecfcdfec26bf53400 openssh-server-3.9p1-8.0.4.legacy.i386.rpm Packages installed cleanly. I tested logging in over ssh, scp, and X forwarding. All were successful. No issues. +VERIFY rh73,fc2,fc3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.7 (GNU/Linux) iD8DBQFD9geUpxMPKJzn2lIRApT9AJ405ZZOGyYP02SXPt9N9tA5DS2ZDgCcCVDT A7UsMfTkzuxjNbhUg5NP1dM= =V0X+ -----END PGP SIGNATURE----- ARGH, wrong bug, I'll post it on the right one. This bugid is killing me. Ugh, nevermind, this is the right one, I thought I had posted that on the apache one. I gotta get more sleep. Packages were released. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ++VERIFY for FC 3 x86_64 Downloaded packages: 61a70c9f0cf6c152fb7f48c5857b5e002dc0527a openssh-3.9p1-8.0.4.legacy.x86_64.rpm b8e38615db4f431c1e87204a0ecaefbabde2479b openssh-askpass-3.9p1-8.0.4.legacy.x86_64.rpm 5cd606345fb8b3ba1f7c1d6f005d18c50d0886bd openssh-askpass-gnome-3.9p1-8.0.4.legacy.x86_64.rpm db5f2a76871dc0e6987702a492ad84252a5211c4 openssh-clients-3.9p1-8.0.4.legacy.x86_64.rpm 18f578efebdc634ee6ab363064f9ac8d81fa5cf0 openssh-server-3.9p1-8.0.4.legacy.x86_64.rpm Package installed fine. Used by two users over several days. No problems noticed. Used with scp and ssh, X11 forwarding, etc. Even though the package was released, I'm still posting this verify... Vote for release for FC3 x86_64. ++VERIFY -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFD/gdI4jZRbknHoPIRArUJAJ9zsjJAiP9CiV+Lrh6bhHw9TC7b7QCfX7PX 4t6FojwSj+ew5MVKNiq7FEo= =qMOe -----END PGP SIGNATURE----- |