In English: turn off ssh1 Re: [olug] [security-advisories at freebsd.org:FreeBSD-SA-03:15.openssh]
neal rauhauser
neal at lists.rauhauser.net
Tue Oct 7 20:55:51 UTC 2003
I don't understand why they even ship the default config file to
enable protocol version 1 ... lots of troubles, updates go in and 'fix'
/etc/ssh/sshd_config even if you make it right by hand, etc.
I suppose there is some arcane explanation for this ... I'm waiting
to hear what it might be ...
Brian Roberson wrote:
> ----- Forwarded message from FreeBSD Security Advisories <security-advisories at freebsd.org> -----
>
> Delivered-To: roberson at olug.org
> Delivered-To: bstc.net-roberson at bstc.net
> Delivered-To: bstc.net-brian at bstc.net
> X-Spam-Status: No, hits=-5.9 required=5.0
> Delivered-To: freebsd-announce at freebsd.org
> Date: Sun, 5 Oct 2003 10:15:42 -0700 (PDT)
> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to
> security-advisories at freebsd.org using -f
> From: FreeBSD Security Advisories <security-advisories at freebsd.org>
> To: FreeBSD Security Advisories <security-advisories at freebsd.org>
> Precedence: bulk
> Subject: [FreeBSD-Announce]
> FreeBSD Security Advisory FreeBSD-SA-03:15.openssh
> X-BeenThere: freebsd-announce at freebsd.org
> X-Mailman-Version: 2.1.1
> Reply-To: security-advisories at freebsd.org
> List-Id: Project Announcements [moderated] <freebsd-announce.freebsd.org>
> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-announce>,
> <mailto:freebsd-announce-request at freebsd.org?subject=unsubscribe>
> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-announce>
> List-Post: <mailto:freebsd-announce at freebsd.org>
> List-Help: <mailto:freebsd-announce-request at freebsd.org?subject=help>
> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-announce>,
> <mailto:freebsd-announce-request at freebsd.org?subject=subscribe>
> Errors-To: owner-freebsd-announce at freebsd.org
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> =============================================================================
> FreeBSD-SA-03:15.openssh Security Advisory
> The FreeBSD Project
>
> Topic: OpenSSH PAM challenge/authentication error
>
> Category: core
> Module: openssh
> Announced: 2003-10-05
> Credits: The OpenSSH Project <openssh at openssh.org>
> Affects: FreeBSD releases 4.6.2-RELEASE and later
> FreeBSD 4-STABLE prior to the correction date
> openssh port prior to openssh-3.6.1_4
> openssh-portable port prior to openssh-portable-3.6.1p2_5
> Corrected: 2003-09-24 21:06:28 UTC (RELENG_5_1, 5.1-RELEASE-p7)
> 2003-09-24 18:25:31 UTC (RELENG_4, 4.9-PRERELEASE)
> 2003-09-24 21:06:22 UTC (RELENG_4_8, 4.8-RELEASE-p9)
> 2003-09-24 21:06:15 UTC (RELENG_4_7, 4.7-RELEASE-p19)
> 2003-09-24 21:05:59 UTC (RELENG_4_6, 4.6.2-RELEASE-p22)
> 2003-10-03 20:55:14 UTC (openssh-3.6.1_5)
> 2003-09-26 02:42:39 UTC (openssh-portable-3.6.1p2_5)
> FreeBSD only: NO
>
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit
> <URL:http://www.freebsd.org/security/>.
>
> I. Background
>
> OpenSSH is a free version of the SSH protocol suite of network
> connectivity tools. OpenSSH encrypts all traffic (including
> passwords) to effectively eliminate eavesdropping, connection
> hijacking, and other network-level attacks. Additionally, OpenSSH
> provides a myriad of secure tunneling capabilities, as well as a
> variety of authentication methods.
>
> The SSH protocol exists in two versions, hereafter named simply `ssh1'
> and `ssh2'. The ssh1 protocol is a legacy protocol for which there
> exists no formal specification, while the ssh2 protocol is the product
> of the IETF SECSH working group and is defined by a series of IETF
> draft standards.
>
> The ssh2 protocol supports a wide range of authentication
> mechanisms, including a generic challenge / response mechanism, called
> `keyboard-interactive' or `kbdint', which can be adapted to serve any
> authentication scheme in which the server and client exchange a
> arbitrarily long series of challenges and responses. In particular,
> this mechanism is used in OpenSSH to support PAM authentication.
>
> The ssh1 protocol, on the other hand, supports a much narrower range
> of authentication mechanisms. Its challenge / response mechanisms,
> called `TIS', allows for only one challenge from the server and one
> response from the client. OpenSSH contains interface code which
> allows kbdint authentication back-ends to be used for ssh1 TIS
> authentication, provided they only emit one challenge and expect only
> one response.
>
> Finally, recent versions of OpenSSH implement a mechanism called
> `privilege separation' in which the task of communicating with the
> client is delegated to an unprivileged child process, while the
> privileged parent process performs the actual authentication and
> double-checks every important decision taken by its unprivileged
> child.
>
> II. Problem Description
>
> 1) Insufficient checking in the ssh1 challenge / response interface
> code, combined with a peculiarity of the PAM kbdint back-end,
> causes OpenSSH to ignore a negative result from PAM (but not from
> any other kbdint back-end).
>
> 2) A variable used by the PAM conversation function to store
> challenges and the associated client responses is incorrectly
> interpreted as an array of pointers to structures instead of a
> pointer to an array of structures.
>
> 3) When challenge / response authentication is used with protocol
> version 1, and a legitimate user interrupts challenge / response
> authentication but successfully authenticates through some other
> mechanism (such as password authentication), the server fails to
> reclaim resources allocated by the challenge / response mechanism,
> including the child process used for PAM authentication. When a
> certain number of leaked processes is reached, the master server
> process will refuse subsequent client connections.
>
> III. Impact
>
> 1) If privilege separation is disabled, no additional checks are
> performed and an ssh1 client will be successfully authenticated
> even if its response to PAM's challenge is patently wrong. On the
> other hand, if privilege separation is enabled (which it is by
> default), the monitor process will notice the discrepancy, refuse
> to proceed, and kill the faulty child process.
>
> 2) If more than one challenge is issued in a single call to the PAM
> conversation function, stack corruption will result. The most
> likely outcome will be a segmentation fault leading to termination
> of the process, but there is a possibility that an attacker may
> succeed in executing arbitrary code in a privileged process.
>
> Note that none of the PAM modules provided in the FreeBSD base
> system ever issue more than one challenge in a single call to the
> conversation function; nor, to our knowledge, do any third-party
> modules provided in the FreeBSD ports collection.
>
> 3) Legitimate users may cause a denial-of-service condition in which
> the SSH server refuses client connections until it is restarted.
> Note that this vulnerability is not exploitable by attackers who do
> not have a valid account on the target system.
>
> IV. Workaround
>
> Do both of the following:
>
> 1) Make sure that privilege separation is enabled. This is the
> default; look for `UsePrivilegeSeparation' in /etc/ssh/sshd_config
> or /usr/local/etc/ssh/sshd_config as appropriate and make sure that
> any occurrence of that keyword is commented out and/or followed by
> the keyword `yes'. The stock version of this file is safe to use.
>
> 2) Make sure that the PAM configuration for OpenSSH does not reference
> any modules which pass more than one challenge in a single call to
> the conversation function. In FreeBSD 4.x, the PAM configuration
> for OpenSSH consists of the lines in /etc/pam.conf which begin with
> `sshd'; in FreeBSD 5.x, it is located in /etc/pam.d/sshd. The
> stock versions of these files are safe to use.
>
> The following PAM modules from the FreeBSD ports collection are
> known to be safe with regard to problem 2) above:
>
> - pam_mysql.so (security/pam-mysql)
> - pam_pgsql.so (security/pam-pgsql)
> - pam_alreadyloggedin.so (security/pam_alreadyloggedin)
> - pam_ldap.so (security/pam_ldap)
> - pam_pop3.so (security/pam_pop3)
> - pam_pwdfile.so (security/pam_pwdfile)
> - pam_smb.so (security/pam_smb)
>
> pam_krb5.so from ports (security/pam_krb5) is known to use multiple
> prompts with the conversation function if the user's password is
> expired in order to change the user password.
>
> 3) Disable challenge / response authentication, or disable protocol
> version 1.
>
> To disable challenge / response authentication, add the line:
> ChallengeResponseAuthentication no
> to sshd_config(5) and restart sshd.
>
> To disable protocol version 1, add the line
> Protocol 2
> to sshd_config(5) and restart sshd.
>
> V. Solution
>
> Do one of the following:
>
> [For OpenSSH included in the base system]
>
> The following patches have been verified to apply to FreeBSD 4.6, 4.7,
> 4.8, and 5.1 systems prior to the correction date.
>
> Download the appropriate patch and detached PGP signature from the following
> locations, and verify the signature using your PGP utility.
>
> [FreeBSD 4.6]
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh46.patch
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh46.patch.asc
>
> [FreeBSD 4.7]
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh47.patch
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh47.patch.asc
>
> [FreeBSD 4.8]
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh48.patch
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh48.patch.asc
>
> [FreeBSD 5.1]
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh48.patch
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh48.patch.asc
>
> [FreeBSD 4.8-STABLE / 4.9-PRERELEASE / 4.9-RC]
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh4s.patch
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh4s.patch.asc
>
> Execute the following commands as root:
>
> # cd /usr/src
> # patch < /path/to/sshd.patch
> # cd /usr/src/secure/usr.sbin/sshd
> # make obj && make depend && make all install
>
> Be sure to restart `sshd' after updating.
>
> # kill `cat /var/run/sshd.pid`
> # /usr/sbin/sshd
>
> or, in FreeBSD 5.x:
>
> # /etc/rc.d/sshd restart
>
> [For the OpenSSH ports]
>
> Do one of the following:
>
> 1) Upgrade your entire ports collection and rebuild the OpenSSH port.
>
> 2) Deinstall the old package and install a new package obtained from
> the following directory:
>
> [i386]
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/
>
> [other platforms]
> Packages are not automatically generated for other platforms at this
> time due to lack of build resources.
>
> 3) Download a new port skeleton for the openssh or openssh-portable
> port from:
>
> http://www.freebsd.org/ports/
>
> and use it to rebuild the port.
>
> 4) Use the portcheckout utility to automate option (3) above. The
> portcheckout port is available in /usr/ports/devel/portcheckout or the
> package can be obtained from:
>
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz
>
> Be sure to restart `sshd' after updating.
>
> # kill `cat /var/run/sshd.pid`
> # test -x /usr/local/etc/rc.d/sshd.sh && sh /usr/local/etc/rc.d/sshd.sh start
>
> VI. Correction details
>
> The following list contains the revision numbers of each file that was
> corrected in FreeBSD.
>
> Path Revision
> Branch
> - -------------------------------------------------------------------------
> RELENG_4
> src/crypto/openssh/auth-chall.c 1.2.2.6
> src/crypto/openssh/auth.h 1.1.1.1.2.7
> src/crypto/openssh/auth1.c 1.3.2.10
> src/crypto/openssh/auth2-pam-freebsd.c 1.1.2.8
> src/crypto/openssh/ssh_config 1.2.2.9
> src/crypto/openssh/ssh_config.5 1.4.2.5
> src/crypto/openssh/sshd_config 1.4.2.13
> src/crypto/openssh/sshd_config.5 1.5.2.6
> src/crypto/openssh/version.h 1.1.1.1.2.13
> RELENG_5_1
> src/crypto/openssh/auth-chall.c 1.6.2.1
> src/crypto/openssh/auth2-pam-freebsd.c 1.11.2.1
> src/crypto/openssh/ssh_config 1.21.2.1
> src/crypto/openssh/ssh_config.5 1.9.2.1
> src/crypto/openssh/sshd_config 1.32.2.1
> src/crypto/openssh/sshd_config.5 1.11.2.1
> src/crypto/openssh/version.h 1.20.2.3
> RELENG_4_8
> src/crypto/openssh/auth-chall.c 1.2.2.4.2.2
> src/crypto/openssh/auth.h 1.1.1.1.2.6.2.1
> src/crypto/openssh/auth1.c 1.3.2.9.2.1
> src/crypto/openssh/auth2-pam-freebsd.c 1.1.2.5.2.2
> src/crypto/openssh/ssh_config 1.2.2.8.2.1
> src/crypto/openssh/ssh_config.5 1.4.2.4.2.1
> src/crypto/openssh/sshd_config 1.4.2.12.2.1
> src/crypto/openssh/version.h 1.1.1.1.2.10.2.3
> RELENG_4_7
> src/crypto/openssh/auth-chall.c 1.2.2.3.2.1
> src/crypto/openssh/auth.h 1.1.1.1.2.5.2.1
> src/crypto/openssh/auth1.c 1.3.2.8.2.1
> src/crypto/openssh/auth2-pam-freebsd.c 1.1.2.2.2.2
> src/crypto/openssh/ssh_config 1.2.2.6.2.1
> src/crypto/openssh/sshd_config 1.4.2.10.2.1
> src/crypto/openssh/version.h 1.1.1.1.2.9.2.3
> RELENG_4_6
> src/crypto/openssh/auth-chall.c 1.2.2.2.2.2
> src/crypto/openssh/auth.h 1.1.1.1.2.4.4.2
> src/crypto/openssh/auth1.c 1.3.2.7.4.2
> src/crypto/openssh/auth2-pam-freebsd.c 1.2.2.4
> src/crypto/openssh/ssh_config 1.2.2.4.4.2
> src/crypto/openssh/sshd_config 1.4.2.8.2.2
> src/crypto/openssh/version.h 1.1.1.1.2.8.2.4
> [Ports]
> ports/security/openssh/Makefile 1.125
> ports/security/openssh/auth-pam.c 1.2
> ports/security/openssh/auth-pam.h 1.2
> ports/security/openssh/auth2-pam.c 1.2
> ports/security/openssh/patch-auth-chall.c 1.1
> ports/security/openssh-portable/Makefile 1.78
> ports/security/openssh-portable/auth2-pam-freebsd.c 1.5
> ports/security/openssh-portable/patch-auth-chall.c 1.1
> ports/security/openssh-portable/patch-auth-pam.c 1.1
> ports/security/openssh-portable/patch-auth-pam.h 1.1
> - -------------------------------------------------------------------------
>
> Branch Version string
> - -------------------------------------------------------------------------
> RELENG_4 OpenSSH_3.5p1 FreeBSD-20030924
> RELENG_5_1 OpenSSH_3.6.1p1 FreeBSD-20030924
> RELENG_4_8 OpenSSH_3.5p1 FreeBSD-20030924
> RELENG_4_7 OpenSSH_3.4p1 FreeBSD-20030924
> RELENG_4_6 OpenSSH_3.4p1 FreeBSD-20030924
> - -------------------------------------------------------------------------
>
> To view the version string of the OpenSSH server, execute the
> following command:
>
> % /usr/sbin/sshd -\?
>
> or for OpenSSH from the ports collection:
>
> % /usr/local/sbin/sshd -\?
>
> The version string is also displayed when a client connects to the
> server.
>
> VII. References
>
> <URL:http://www.openssh.com/txt/sshpam.adv>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (FreeBSD)
>
> iD8DBQE/gFCoFdaIBMps37IRApUWAJ9BZoW/uBY1Q0Phr3iQGBq8/I14dgCaAzvc
> 7gHHrB5lxeBXWIB37CXpM5s=
> =DC+H
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-announce at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-announce
> To unsubscribe, send any mail to "freebsd-announce-unsubscribe at freebsd.org"
>
> ----- End forwarded message -----
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>
>
--
mailto:neal at lists.rauhauser.net
phone:402-301-9555
IM:Neal R Rauhauser
"After all that I've been through, you're the only one who matters,
you never left me in the dark here on my own" - Widespread Panic
More information about the OLUG
mailing list