OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH. References: https://ssd-disclosure.com/archives/4033/ssd-advisory-openssh-pre-auth-xmss-integer-overflow https://www.openssh.com/releasenotes.html
Created openssh tracking bugs for this issue: Affects: fedora-29 [bug 1767967] Affects: fedora-30 [bug 1767968]
External References: https://www.openssh.com/txt/release-8.1 https://ssd-disclosure.com/archives/4033/ssd-advisory-openssh-pre-auth-xmss-integer-overflow
Mitigation: This flaw is triggered when parsing XMSS private keys. XMSS is a PQC (Post-quantum cryptography) algorithm and its use is currently experimental. Other key types or any other OpenSSH functionality are not affected by this flaw. A possible mitigation for this flaw is to NOT use XMSS keys for SSH.
Upstream patch: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c.diff?r1=1.5&r2=1.6
The OpenSSH in Fedora and RHEL is built without the XMSS support so I will close these as a not a bug.
Statement: The versions of OpenSSH package shipped with Red Hat products, do not enable support for XMSS and therefore are not affected by this flaw.