Twenty Year Anniversary

OpenSSH Security Advisory - Unauthorized Access

OpenSSH Security Advisory - Unauthorized Access
Posted May 4, 2011
Authored by Damien Miller | Site openssh.com

OpenSSH Security Advisory - Portable OpenSSH prior to version 5.8p2 only on platforms that are configured to use ssh-rand-helper for entropy collection. ssh-rand-helper is enabled at configure time when it is detected that OpenSSL does not have a built-in source of randomness, and only used at runtime if this condition remains. Platforms that support /dev/random or otherwise configure OpenSSL with a random number provider are not vulnerable. Version 5.8p2 fixes this issue.

tags | advisory
MD5 | f15b5dfa05ec80fa52fc6f597f73448b

OpenSSH Security Advisory - Unauthorized Access

Change Mirror Download
OpenSSH Security Advisory: portable-keysign-rand-helper.adv

This document may be found at:
http://www.openssh.com/txt/portable-keysign-rand-helper.adv

1. Vulnerability

Portable OpenSSH's ssh-keysign utility may allow unauthorised
local access to host keys on platforms if ssh-rand-helper is
used.

2. Affected configurations

Portable OpenSSH prior to version 5.8p2 only on platforms
that are configured to use ssh-rand-helper for entropy
collection.

ssh-rand-helper is enabled at configure time when it is
detected that OpenSSL does not have a built-in source of
randomness, and only used at runtime if this condition
remains. Platforms that support /dev/random or otherwise
configure OpenSSL with a random number provider are not
vulnerable.

In particular, *BSD, OS X, Cygwin and Linux are not
affected.

3. Mitigation

If host-based authentication is not in use (enabled using
HostBasedAuthentication or RhostsRSAAuthentication in
sshd_config), then remove the setuid bit from ssh-keysign.

4. Details

ssh-keysign is a setuid helper program that is used to mediate
access to the host's private host keys during host-based
authentication. It would use its elevated privilege to open
the keys and then immediately drop privileges to complete its
cryptographic signing operations.

After privilege was dropped, ssh-keysign would ensure that
the OpenSSL random number generator that it depends upon was
adequately prepared. On configurations that lacked a built-in
source of entropy in OpenSSL, ssh-keysign would execute the
ssh-rand-helper program to attempt to retrieve some from the
system environment.

However, the file descriptors to the host private key files
were not closed prior to executing ssh-rand-helper. Since this
process was "born unprivileged" and inherited the sensitive
file descriptors, there was no protection against an attacker
using ptrace(2) to attach to it and instructing it to read out
the private keys.

5. Credit

This issue was privately reported by Tomas Mraz on April 26,
2011.

6. Fix

OpenSSH 5.8p2 contains a fix for this vulnerability.

Future releases of portable OpenSSH will remove support for
ssh-rand-helper - in 2011, there is no excuse for not
providing a /dev/random-like interface as part of the OS.
Users stuck on one of these platforms may use PRNGd
(http://prngd.sf.net) to provide a host-wide random pool.

Users of older versions that do not wish to upgrade
immediately may apply this patch:

Index: ssh-keysign.c
===================================================================
RCS file: /var/cvs/openssh/ssh-keysign.c,v
retrieving revision 1.43
diff -u -p -r1.43 ssh-keysign.c
--- ssh-keysign.c 10 Sep 2010 01:12:09 -0000 1.43
+++ ssh-keysign.c 29 Apr 2011 01:25:55 -0000
@@ -167,6 +167,9 @@ main(int argc, char **argv)

key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
+ if (fcntl(key_fd[0], F_SETFD, FD_CLOEXEC) != 0 ||
+ fcntl(key_fd[1], F_SETFD, FD_CLOEXEC) != 0)
+ fatal("fcntl failed");

original_real_uid = getuid(); /* XXX readconf.c needs this */
if ((pw = getpwuid(original_real_uid)) == NULL)

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    3 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close