[oss-security] 20161219 Announce: OpenSSH 7.4 released

94975

1037490

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637

RHSA-2017:2029

https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9

[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update

https://security.netapp.com/advisory/ntap-20171130-0002/

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us

https://www.openssh.com/txt/release-7.4

An update of the openssh package has been released.

This update for openssh fixes the following issues :

Security issues fixed :

CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration (or 'oracle') as a vulnerability.
(bsc#1106163)

CVE-2017-15906: The process_open function in sftp-server.c in OpenSSH did not properly prevent write operations in readonly mode, which allowed attackers to create zero-length files. (bsc#1065000, bsc#1106726)

CVE-2016-10708: sshd allowed remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. (bsc#1076957)

CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010)

CVE-2016-10012: Removed pre-auth compression support from the server to prevent possible cryptographic attacks. (bsc#1016370)

Bugs fixed: Fixed failing 'AuthorizedKeysCommand' within a 'Match User' block in sshd_config (bsc#1105180)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for openssh provides the following fixes :

Security issues fixed :

CVE-2017-15906: Stricter checking of operations in read-only mode in sftp server (bsc#1065000).

CVE-2016-10012: Remove pre-auth compression support from the server to prevent possible cryptographic attacks (bsc#1016370).

CVE-2008-1483: Refine handling of sockets for X11 forwarding to remove reintroduced CVE-2008-1483 (bsc#1069509).

CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957).

Bug fixes: bsc#1017099: Enable case-insensitive hostname matching.

bsc#1023275: Add a new switch for printing diagnostic messages in sftp client's batch mode.

bsc#1048367: systemd integration to work around various race conditions.

bsc#1053972: Remove duplicate KEX method.

bsc#1092582: Add missing piece of systemd integration.

Remove the limit on the amount of tasks sshd can run.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of [openssh,linux,libxml2] packages for PhotonOS has been released.

This update for openssh fixes the following issues: Security issues fixed :

  - CVE-2016-10012: Fix pre-auth compression checks that     could be optimized away (bsc#1016370).

  - CVE-2016-10708: Fix remote denial of service (NULL     pointer dereference and daemon crash) via an     out-of-sequence NEWKEYSmessage (bsc#1076957).

  - CVE-2017-15906: Fix r/o sftp-server zero byte file     creation (bsc#1065000).

  - CVE-2008-1483: Fix accidental re-introduction of     CVE-2008-1483 (bsc#1069509). Bug fixes :

  - bsc#1017099: Match conditions with uppercase hostnames     fail (bsc#1017099)

  - bsc#1053972: supportedKeyExchanges     diffie-hellman-group1-sha1 is duplicated (bsc#1053972)

  - bsc#1023275: Messages suppressed after upgrade from SLES     11 SP3 to SP4 (bsc#1023275)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Jann Horn discovered that OpenSSH incorrectly loaded PKCS#11 modules from untrusted directories. A remote attacker could possibly use this issue to execute arbitrary PKCS#11 modules. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10009)

Jann Horn discovered that OpenSSH incorrectly handled permissions on Unix-domain sockets when privilege separation is disabled. A local attacker could possibly use this issue to gain privileges. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10010)

Jann Horn discovered that OpenSSH incorrectly handled certain buffer memory operations. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10011)

Guido Vranken discovered that OpenSSH incorrectly handled certain shared memory manager operations. A local attacker could possibly use issue to gain privileges. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10012)

Michal Zalewski discovered that OpenSSH incorrectly prevented write operations in readonly mode. A remote attacker could possibly use this issue to create zero-length files, leading to a denial of service.
(CVE-2017-15906).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. (CVE-2016-6210)

It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords. (CVE-2016-6515)

It was found that ssh-agent could load PKCS#11 modules from arbitrary paths. An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running ssh-agent. (CVE-2016-10009)

It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information. (CVE-2016-10011)

It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged monitor process. (CVE-2016-10012)

An update for openssh is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

The following packages have been upgraded to a later upstream version:
openssh (7.4p1). (BZ#1341754)

Security Fix(es) :

* A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. (CVE-2016-6210)

* It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords. (CVE-2016-6515)

* It was found that ssh-agent could load PKCS#11 modules from arbitrary paths. An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running ssh-agent. (CVE-2016-10009)

* It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information. (CVE-2016-10011)

* It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged monitor process. (CVE-2016-10012)

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

The following packages have been upgraded to a later upstream version:
openssh (7.4p1).

Security Fix(es) :

  - A covert timing channel flaw was found in the way     OpenSSH handled authentication of non-existent users. A     remote unauthenticated attacker could possibly use this     flaw to determine valid user names by measuring the     timing of server responses. (CVE-2016-6210)

  - It was found that OpenSSH did not limit password lengths     for password authentication. A remote unauthenticated     attacker could use this flaw to temporarily trigger high     CPU consumption in sshd by sending long passwords.
    (CVE-2016-6515)

  - It was found that ssh-agent could load PKCS#11 modules     from arbitrary paths. An attacker having control of the     forwarded agent-socket on the server, and the ability to     write to the filesystem of the client host, could use     this flaw to execute arbitrary code with the privileges     of the user running ssh-agent. (CVE-2016-10009)

  - It was found that the host private key material could     possibly leak to the privilege-separated child processes     via re-allocated memory. An attacker able to compromise     the privilege-separated process could therefore obtain     the leaked key information. (CVE-2016-10011)

  - It was found that the boundary checks in the code     implementing support for pre-authentication compression     could have been optimized out by certain compilers. An     attacker able to compromise the privilege-separated     process could possibly use this flaw for further attacks     against the privileged monitor process. (CVE-2016-10012)

From Red Hat Security Advisory 2017:2029 :

An update for openssh is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

The following packages have been upgraded to a later upstream version:
openssh (7.4p1). (BZ#1341754)

Security Fix(es) :

* A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. (CVE-2016-6210)

* It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords. (CVE-2016-6515)

* It was found that ssh-agent could load PKCS#11 modules from arbitrary paths. An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running ssh-agent. (CVE-2016-10009)

* It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information. (CVE-2016-10011)

* It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged monitor process. (CVE-2016-10012)

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - The shared memory manager (associated with     pre-authentication compression) in sshd in OpenSSH     before 7.4 does not ensure that a bounds check is     enforced by all compilers, which might allows local     users to gain privileges by leveraging access to a     sandboxed privilege-separation process, related to the     m_zback and m_zlib data structures.(CVE-2016-10012)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows :

  - apache
  - apache_mod_php
  - AppleGraphicsPowerManagement
  - AppleRAID
  - Audio
  - Bluetooth
  - Carbon
  - CoreGraphics
  - CoreMedia
  - CoreText
  - curl
  - EFI
  - FinderKit
  - FontParser
  - HTTPProtocol
  - Hypervisor
  - iBooks
  - ImageIO
  - Intel Graphics Driver
  - IOATAFamily
  - IOFireWireAVC
  - IOFireWireFamily
  - Kernel
  - Keyboards
  - libarchive
  - libc++abi
  - LibreSSL
  - MCX Client
  - Menus
  - Multi-Touch
  - OpenSSH
  - OpenSSL
  - Printing
  - python
  - QuickTime
  - Security
  - SecurityFoundation
  - sudo
  - System Integrity Protection
  - tcpdump
  - tiffutil
  - WebKit

This update for openssh fixes several issues.

These security issues were fixed :

  - CVE-2016-8858: The kex_input_kexinit function in kex.c     allowed remote attackers to cause a denial of service     (memory consumption) by sending many duplicate KEXINIT     requests (bsc#1005480).

  - CVE-2016-10012: The shared memory manager (associated     with pre-authentication compression) did not ensure that     a bounds check is enforced by all compilers, which might     allowed local users to gain privileges by leveraging     access to a sandboxed privilege-separation process,     related to the m_zback and m_zlib data structures     (bsc#1016370).

  - CVE-2016-10009: Untrusted search path vulnerability in     ssh-agent.c allowed remote attackers to execute     arbitrary local PKCS#11 modules by leveraging control     over a forwarded agent-socket (bsc#1016366).

  - CVE-2016-10010: When forwarding unix domain sockets with     privilege separation disabled, the resulting sockets     have be created as 'root' instead of the authenticated     user. Forwarding unix domain sockets without privilege     separation enabled is now rejected.

  - CVE-2016-10011: authfile.c in sshd did not properly     consider the effects of realloc on buffer contents,     which might allowed local users to obtain sensitive     private-key information by leveraging access to a     privilege-separated child process (bsc#1016369).

These non-security issues were fixed :

  - Adjusted suggested command for removing conflicting     server keys from the known_hosts file (bsc#1006221)

  - Properly verify CIDR masks in configuration (bsc#1005893     bsc#1021626)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

This update for openssh fixes several issues. These security issues were fixed :

  - CVE-2016-8858: The kex_input_kexinit function in kex.c     allowed remote attackers to cause a denial of service     (memory consumption) by sending many duplicate KEXINIT     requests (bsc#1005480).

  - CVE-2016-10012: The shared memory manager (associated     with pre-authentication compression) did not ensure that     a bounds check is enforced by all compilers, which might     allowed local users to gain privileges by leveraging     access to a sandboxed privilege-separation process,     related to the m_zback and m_zlib data structures     (bsc#1016370).

  - CVE-2016-10009: Untrusted search path vulnerability in     ssh-agent.c allowed remote attackers to execute     arbitrary local PKCS#11 modules by leveraging control     over a forwarded agent-socket (bsc#1016366).

  - CVE-2016-10010: When forwarding unix domain sockets with     privilege separation disabled, the resulting sockets     have be created as 'root' instead of the authenticated     user. Forwarding unix domain sockets without privilege     separation enabled is now rejected.

  - CVE-2016-10011: authfile.c in sshd did not properly     consider the effects of realloc on buffer contents,     which might allowed local users to obtain sensitive     private-key information by leveraging access to a     privilege-separated child process (bsc#1016369).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The installed version of OpenSSH is 7.x prior to 7.4 and is affected by the following vulnerabilities :

 - A flaw exists in 'sshd(8)' that is triggered during the creation of forwarded Unix-domain sockets. This may allow a local attacker to potentially gain elevated privileges.
 - A flaw exists in the 'realloc()' function in 'sshd(8)' that is triggered when reading keys. This may allow a local attacker to gain access to potentially sensitive key material that is leaked by the system.
 - A flaw exists in 'ssh-agent(1)' that is triggered when invoking the PKCS#11 module during agent forwarding. This may allow a local attacker to potentially execute arbitrary code with elevated privileges.
 - A flaw exists in 'sshd(8)' that is triggered as bounds are not properly checked in pre-authentication compression support, while the shared memory manager may be inappropriately accessed. This may potentially allow a local attacker to gain elevated privileges.
 - A flaw exists in 'sshd(8)' that is triggered during the handling of a saturation of 'KEXINIT' messages. This may allow a remote attacker to cause a denial of service.
 - A flaw exists in 'sshd(8)' that is triggered during as address ranges for 'AllowUser' and 'DenyUsers' directives are not properly validated at configuration load time. This may allow a local attacker to potentially gain unintended access to restricted areas.

According to its banner, the version of OpenSSH running on the remote host is prior to 7.4. It is, therefore, affected by multiple vulnerabilities :

  - A flaw exists in ssh-agent due to loading PKCS#11     modules from paths that are outside a trusted whitelist.
    A local attacker can exploit this, by using a crafted     request to load hostile modules via agent forwarding, to     execute arbitrary code. To exploit this vulnerability,     the attacker would need to control the forwarded     agent-socket (on the host running the sshd server) and     the ability to write to the file system of the host     running ssh-agent. (CVE-2016-10009)

  - A flaw exists in sshd due to creating forwarded     Unix-domain sockets with 'root' privileges whenever     privilege separation is disabled. A local attacker can     exploit this to gain elevated privileges.
    (CVE-2016-10010)

  - An information disclosure vulnerability exists in sshd     within the realloc() function due leakage of key     material to privilege-separated child processes when     reading keys. A local attacker can possibly exploit this     to disclose sensitive key material. Note that no such     leak has been observed in practice for normal-sized     keys, nor does a leak to the child processes directly     expose key material to unprivileged users.
    (CVE-2016-10011)

  - A flaw exists in sshd within the shared memory manager     used by pre-authenticating compression support due to a     bounds check being elided by some optimizing compilers     and due to the memory manager being incorrectly     accessible when pre-authenticating compression is     disabled. A local attacker can exploit this to gain     elevated privileges. (CVE-2016-10012)

  - A denial of service vulnerability exists in sshd when     handling KEXINIT messages. An unauthenticated, remote     attacker can exploit this, by sending multiple KEXINIT     messages, to consume up to 128MB per connection.

  - A flaw exists in sshd due to improper validation of     address ranges by the AllowUser and DenyUsers     directives at configuration load time. A local attacker     can exploit this, via an invalid CIDR address range, to     gain access to restricted areas.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

ID	Name	Product	Family	Severity
121665	Photon OS 1.0: Openssh PHSA-2017-0001	Nessus	PhotonOS Local Security Checks	high
118498	SUSE SLES11 Security Update : openssh (SUSE-SU-2018:3540-1)	Nessus	SuSE Local Security Checks	high
117452	SUSE SLES12 Security Update : openssh (SUSE-SU-2018:2685-1)	Nessus	SuSE Local Security Checks	high
111850	Photon OS 1.0: Libxml2 / Linux / Openssh PHSA-2017-0001 (deprecated)	Nessus	PhotonOS Local Security Checks	high
111639	SUSE SLES11 Security Update : openssh (SUSE-SU-2018:2275-1)	Nessus	SuSE Local Security Checks	high
106266	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : openssh vulnerabilities (USN-3538-1)	Nessus	Ubuntu Local Security Checks	high
103650	Amazon Linux AMI : openssh (ALAS-2017-898)	Nessus	Amazon Linux Local Security Checks	high
102751	CentOS 7 : openssh (CESA-2017:2029)	Nessus	CentOS Local Security Checks	high
102650	Scientific Linux Security Update : openssh on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
102296	Oracle Linux 7 : openssh (ELSA-2017-2029)	Nessus	Oracle Linux Local Security Checks	high
102226	EulerOS 2.0 SP2 : openssh (EulerOS-SA-2017-1139)	Nessus	Huawei Local Security Checks	high
102225	EulerOS 2.0 SP1 : openssh (EulerOS-SA-2017-1138)	Nessus	Huawei Local Security Checks	high
102112	RHEL 7 : openssh (RHSA-2017:2029)	Nessus	Red Hat Local Security Checks	high
99134	macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)	Nessus	MacOS X Local Security Checks	high
96919	openSUSE Security Update : openssh (openSUSE-2017-184)	Nessus	SuSE Local Security Checks	high
96718	SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2017:0264-1)	Nessus	SuSE Local Security Checks	high
9855	OpenSSH 7.x < 7.4 Multiple Vulnerabilities	Nessus Network Monitor	SSH	medium
96151	OpenSSH < 7.4 Multiple Vulnerabilities	Nessus	Misc.	high
96091	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : openssh (SSA:2016-358-02)	Nessus	Slackware Local Security Checks	high

CVE-2016-10012

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins