In English: turn off ssh1 Re: [olug] [security-advisories at freebsd.org:FreeBSD-SA-03:15.openssh]

Vincent.Raffensberger at dtn.com Vincent.Raffensberger at dtn.com
Wed Oct 8 15:49:55 UTC 2003


They probably leave it enabled by default because they always have. 
Another reason is because there are a lot of ssh clients out there which 
only support ssh1.
Anyone using TeraTerm or the free commercial SSH distribution (or anything 
built from it) will still need it.
If it were disabled, they would probably hear a lot of things like "The 
latest openssh is crap and doesn't work." from the ignorant masses.

On the other hand, I'm surprised Tso hasn't tried to shove it down 
everyone's throat, like he has done with other features.  I'm referring to 
the fiasco last year when there was a root exploit and he initially 
refused to provide a patch for popular openssh versions.  He wanted 
everyone to upgrade and use privilege separation.  That was a poor and 
time consuming solution for people managing large server farms which were 
essentially open for "public use".




neal rauhauser <neal at lists.rauhauser.net> 
Sent by: olug-bounces at olug.org
10/07/2003 03:55 PM
Please respond to
Omaha Linux User Group <olug at olug.org>


To
Omaha Linux User Group <olug at olug.org>
cc

Subject
In English: turn off ssh1 Re: [olug] 
[security-advisories at freebsd.org:FreeBSD-SA-03:15.openssh]









   I don't understand why they even ship the default config file to 
enable protocol version 1 ... lots of troubles, updates go in and 'fix' 
/etc/ssh/sshd_config even if you make it right by hand, etc.

   I suppose there is some arcane explanation for this ... I'm waiting 
to hear what it might be ...


Brian Roberson wrote:
> ----- Forwarded message from FreeBSD Security Advisories 
<security-advisories at freebsd.org> -----
> 
> Delivered-To: roberson at olug.org
> Delivered-To: bstc.net-roberson at bstc.net
> Delivered-To: bstc.net-brian at bstc.net
> X-Spam-Status: No, hits=-5.9 required=5.0
> Delivered-To: freebsd-announce at freebsd.org
> Date: Sun, 5 Oct 2003 10:15:42 -0700 (PDT)
> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to
>                security-advisories at freebsd.org using -f
> From: FreeBSD Security Advisories <security-advisories at freebsd.org>
> To: FreeBSD Security Advisories <security-advisories at freebsd.org>
> Precedence: bulk
> Subject: [FreeBSD-Announce] 
>                FreeBSD Security Advisory FreeBSD-SA-03:15.openssh
> X-BeenThere: freebsd-announce at freebsd.org
> X-Mailman-Version: 2.1.1
> Reply-To: security-advisories at freebsd.org
> List-Id: Project Announcements [moderated] 
<freebsd-announce.freebsd.org>
> List-Unsubscribe: <
http://lists.freebsd.org/mailman/listinfo/freebsd-announce>,
>                <
mailto:freebsd-announce-request at freebsd.org?subject=unsubscribe>
> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-announce>
> List-Post: <mailto:freebsd-announce at freebsd.org>
> List-Help: <mailto:freebsd-announce-request at freebsd.org?subject=help>
> List-Subscribe: <
http://lists.freebsd.org/mailman/listinfo/freebsd-announce>,
>                <
mailto:freebsd-announce-request at freebsd.org?subject=subscribe>
> Errors-To: owner-freebsd-announce at freebsd.org
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
=============================================================================
> FreeBSD-SA-03:15.openssh                                    Security 
Advisory
>                                                           The FreeBSD 
Project
> 
> Topic:          OpenSSH PAM challenge/authentication error
> 
> Category:       core
> Module:         openssh
> Announced:      2003-10-05
> Credits:        The OpenSSH Project <openssh at openssh.org>
> Affects:        FreeBSD releases 4.6.2-RELEASE and later
>                 FreeBSD 4-STABLE prior to the correction date
>                 openssh port prior to openssh-3.6.1_4
>                 openssh-portable port prior to 
openssh-portable-3.6.1p2_5
> Corrected:      2003-09-24 21:06:28 UTC (RELENG_5_1, 5.1-RELEASE-p7)
>                 2003-09-24 18:25:31 UTC (RELENG_4, 4.9-PRERELEASE)
>                 2003-09-24 21:06:22 UTC (RELENG_4_8, 4.8-RELEASE-p9)
>                 2003-09-24 21:06:15 UTC (RELENG_4_7, 4.7-RELEASE-p19)
>                 2003-09-24 21:05:59 UTC (RELENG_4_6, 4.6.2-RELEASE-p22)
>                 2003-10-03 20:55:14 UTC (openssh-3.6.1_5)
>                 2003-09-26 02:42:39 UTC (openssh-portable-3.6.1p2_5)
> FreeBSD only:   NO
> 
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit
> <URL:http://www.freebsd.org/security/>.
> 
> I.   Background
> 
> OpenSSH is a free version of the SSH protocol suite of network
> connectivity tools.  OpenSSH encrypts all traffic (including
> passwords) to effectively eliminate eavesdropping, connection
> hijacking, and other network-level attacks.  Additionally, OpenSSH
> provides a myriad of secure tunneling capabilities, as well as a
> variety of authentication methods.
> 
> The SSH protocol exists in two versions, hereafter named simply `ssh1'
> and `ssh2'.  The ssh1 protocol is a legacy protocol for which there
> exists no formal specification, while the ssh2 protocol is the product
> of the IETF SECSH working group and is defined by a series of IETF
> draft standards.
> 
> The ssh2 protocol supports a wide range of authentication
> mechanisms, including a generic challenge / response mechanism, called
> `keyboard-interactive' or `kbdint', which can be adapted to serve any
> authentication scheme in which the server and client exchange a
> arbitrarily long series of challenges and responses.  In particular,
> this mechanism is used in OpenSSH to support PAM authentication.
> 
> The ssh1 protocol, on the other hand, supports a much narrower range
> of authentication mechanisms.  Its challenge / response mechanisms,
> called `TIS', allows for only one challenge from the server and one
> response from the client.  OpenSSH contains interface code which
> allows kbdint authentication back-ends to be used for ssh1 TIS
> authentication, provided they only emit one challenge and expect only
> one response.
> 
> Finally, recent versions of OpenSSH implement a mechanism called
> `privilege separation' in which the task of communicating with the
> client is delegated to an unprivileged child process, while the
> privileged parent process performs the actual authentication and
> double-checks every important decision taken by its unprivileged
> child.
> 
> II.  Problem Description
> 
> 1) Insufficient checking in the ssh1 challenge / response interface
>    code, combined with a peculiarity of the PAM kbdint back-end,
>    causes OpenSSH to ignore a negative result from PAM (but not from
>    any other kbdint back-end).
> 
> 2) A variable used by the PAM conversation function to store
>    challenges and the associated client responses is incorrectly
>    interpreted as an array of pointers to structures instead of a
>    pointer to an array of structures.
> 
> 3) When challenge / response authentication is used with protocol
>    version 1, and a legitimate user interrupts challenge / response
>    authentication but successfully authenticates through some other
>    mechanism (such as password authentication), the server fails to
>    reclaim resources allocated by the challenge / response mechanism,
>    including the child process used for PAM authentication.  When a
>    certain number of leaked processes is reached, the master server
>    process will refuse subsequent client connections.
> 
> III. Impact
> 
> 1) If privilege separation is disabled, no additional checks are
>    performed and an ssh1 client will be successfully authenticated
>    even if its response to PAM's challenge is patently wrong.  On the
>    other hand, if privilege separation is enabled (which it is by
>    default), the monitor process will notice the discrepancy, refuse
>    to proceed, and kill the faulty child process.
> 
> 2) If more than one challenge is issued in a single call to the PAM
>    conversation function, stack corruption will result.  The most
>    likely outcome will be a segmentation fault leading to termination
>    of the process, but there is a possibility that an attacker may
>    succeed in executing arbitrary code in a privileged process.
> 
>    Note that none of the PAM modules provided in the FreeBSD base
>    system ever issue more than one challenge in a single call to the
>    conversation function; nor, to our knowledge, do any third-party
>    modules provided in the FreeBSD ports collection.
> 
> 3) Legitimate users may cause a denial-of-service condition in which
>    the SSH server refuses client connections until it is restarted.
>    Note that this vulnerability is not exploitable by attackers who do
>    not have a valid account on the target system.
> 
> IV.  Workaround
> 
> Do both of the following:
> 
> 1) Make sure that privilege separation is enabled.  This is the
>    default; look for `UsePrivilegeSeparation' in /etc/ssh/sshd_config
>    or /usr/local/etc/ssh/sshd_config as appropriate and make sure that
>    any occurrence of that keyword is commented out and/or followed by
>    the keyword `yes'.  The stock version of this file is safe to use.
> 
> 2) Make sure that the PAM configuration for OpenSSH does not reference
>    any modules which pass more than one challenge in a single call to
>    the conversation function.  In FreeBSD 4.x, the PAM configuration
>    for OpenSSH consists of the lines in /etc/pam.conf which begin with
>    `sshd'; in FreeBSD 5.x, it is located in /etc/pam.d/sshd.  The
>    stock versions of these files are safe to use.
> 
>    The following PAM modules from the FreeBSD ports collection are
>    known to be safe with regard to problem 2) above:
> 
>     - pam_mysql.so (security/pam-mysql)
>     - pam_pgsql.so (security/pam-pgsql)
>     - pam_alreadyloggedin.so (security/pam_alreadyloggedin)
>     - pam_ldap.so (security/pam_ldap)
>     - pam_pop3.so (security/pam_pop3)
>     - pam_pwdfile.so (security/pam_pwdfile)
>     - pam_smb.so (security/pam_smb)
> 
>    pam_krb5.so from ports (security/pam_krb5) is known to use multiple
>    prompts with the conversation function if the user's password is
>    expired in order to change the user password.
> 
> 3) Disable challenge / response authentication, or disable protocol
>    version 1.
> 
>    To disable challenge / response authentication, add the line:
>      ChallengeResponseAuthentication no
>    to sshd_config(5) and restart sshd.
> 
>    To disable protocol version 1, add the line
>      Protocol 2
>    to sshd_config(5) and restart sshd.
> 
> V.   Solution
> 
> Do one of the following:
> 
> [For OpenSSH included in the base system]
> 
> The following patches have been verified to apply to FreeBSD 4.6, 4.7,
> 4.8, and 5.1 systems prior to the correction date.
> 
> Download the appropriate patch and detached PGP signature from the 
following
> locations, and verify the signature using your PGP utility.
> 
> [FreeBSD 4.6]
> # fetch 
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh46.patch
> # fetch 
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh46.patch.asc

> 
> [FreeBSD 4.7]
> # fetch 
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh47.patch
> # fetch 
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh47.patch.asc

> 
> [FreeBSD 4.8]
> # fetch 
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh48.patch
> # fetch 
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh48.patch.asc

> 
> [FreeBSD 5.1]
> # fetch 
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh48.patch
> # fetch 
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh48.patch.asc

> 
> [FreeBSD 4.8-STABLE / 4.9-PRERELEASE / 4.9-RC]
> # fetch 
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh4s.patch
> # fetch 
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh4s.patch.asc

> 
> Execute the following commands as root:
> 
> # cd /usr/src
> # patch < /path/to/sshd.patch
> # cd /usr/src/secure/usr.sbin/sshd
> # make obj && make depend && make all install
> 
> Be sure to restart `sshd' after updating.
> 
> # kill `cat /var/run/sshd.pid`
> # /usr/sbin/sshd
> 
> or, in FreeBSD 5.x:
> 
> # /etc/rc.d/sshd restart
> 
> [For the OpenSSH ports]
> 
> Do one of the following:
> 
> 1) Upgrade your entire ports collection and rebuild the OpenSSH port.
> 
> 2) Deinstall the old package and install a new package obtained from
> the following directory:
> 
> [i386]
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/
> 
> [other platforms]
> Packages are not automatically generated for other platforms at this
> time due to lack of build resources.
> 
> 3) Download a new port skeleton for the openssh or openssh-portable
> port from:
> 
> http://www.freebsd.org/ports/
> 
> and use it to rebuild the port.
> 
> 4) Use the portcheckout utility to automate option (3) above. The
> portcheckout port is available in /usr/ports/devel/portcheckout or the
> package can be obtained from:
> 
> 
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz

> 
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz

> 
> Be sure to restart `sshd' after updating.
> 
> # kill `cat /var/run/sshd.pid`
> # test -x /usr/local/etc/rc.d/sshd.sh && sh /usr/local/etc/rc.d/sshd.sh 
start
> 
> VI.  Correction details
> 
> The following list contains the revision numbers of each file that was
> corrected in FreeBSD.
> 
> Path Revision
>   Branch
> - 
-------------------------------------------------------------------------
> RELENG_4
>   src/crypto/openssh/auth-chall.c 1.2.2.6
>   src/crypto/openssh/auth.h 1.1.1.1.2.7
>   src/crypto/openssh/auth1.c 1.3.2.10
>   src/crypto/openssh/auth2-pam-freebsd.c 1.1.2.8
>   src/crypto/openssh/ssh_config 1.2.2.9
>   src/crypto/openssh/ssh_config.5 1.4.2.5
>   src/crypto/openssh/sshd_config 1.4.2.13
>   src/crypto/openssh/sshd_config.5 1.5.2.6
>   src/crypto/openssh/version.h 1.1.1.1.2.13
> RELENG_5_1
>   src/crypto/openssh/auth-chall.c 1.6.2.1
>   src/crypto/openssh/auth2-pam-freebsd.c 1.11.2.1
>   src/crypto/openssh/ssh_config 1.21.2.1
>   src/crypto/openssh/ssh_config.5 1.9.2.1
>   src/crypto/openssh/sshd_config 1.32.2.1
>   src/crypto/openssh/sshd_config.5 1.11.2.1
>   src/crypto/openssh/version.h 1.20.2.3
> RELENG_4_8
>   src/crypto/openssh/auth-chall.c 1.2.2.4.2.2
>   src/crypto/openssh/auth.h 1.1.1.1.2.6.2.1
>   src/crypto/openssh/auth1.c 1.3.2.9.2.1
>   src/crypto/openssh/auth2-pam-freebsd.c 1.1.2.5.2.2
>   src/crypto/openssh/ssh_config 1.2.2.8.2.1
>   src/crypto/openssh/ssh_config.5 1.4.2.4.2.1
>   src/crypto/openssh/sshd_config 1.4.2.12.2.1
>   src/crypto/openssh/version.h 1.1.1.1.2.10.2.3
> RELENG_4_7
>   src/crypto/openssh/auth-chall.c 1.2.2.3.2.1
>   src/crypto/openssh/auth.h 1.1.1.1.2.5.2.1
>   src/crypto/openssh/auth1.c 1.3.2.8.2.1
>   src/crypto/openssh/auth2-pam-freebsd.c 1.1.2.2.2.2
>   src/crypto/openssh/ssh_config 1.2.2.6.2.1
>   src/crypto/openssh/sshd_config 1.4.2.10.2.1
>   src/crypto/openssh/version.h 1.1.1.1.2.9.2.3
> RELENG_4_6
>   src/crypto/openssh/auth-chall.c 1.2.2.2.2.2
>   src/crypto/openssh/auth.h 1.1.1.1.2.4.4.2
>   src/crypto/openssh/auth1.c 1.3.2.7.4.2
>   src/crypto/openssh/auth2-pam-freebsd.c 1.2.2.4
>   src/crypto/openssh/ssh_config 1.2.2.4.4.2
>   src/crypto/openssh/sshd_config 1.4.2.8.2.2
>   src/crypto/openssh/version.h 1.1.1.1.2.8.2.4
> [Ports]
>   ports/security/openssh/Makefile 1.125
>   ports/security/openssh/auth-pam.c 1.2
>   ports/security/openssh/auth-pam.h 1.2
>   ports/security/openssh/auth2-pam.c 1.2
>   ports/security/openssh/patch-auth-chall.c 1.1
>   ports/security/openssh-portable/Makefile 1.78
>   ports/security/openssh-portable/auth2-pam-freebsd.c 1.5
>   ports/security/openssh-portable/patch-auth-chall.c 1.1
>   ports/security/openssh-portable/patch-auth-pam.c 1.1
>   ports/security/openssh-portable/patch-auth-pam.h 1.1
> - 
-------------------------------------------------------------------------
> 
> Branch                       Version string
> - 
-------------------------------------------------------------------------
> RELENG_4                     OpenSSH_3.5p1 FreeBSD-20030924
> RELENG_5_1                   OpenSSH_3.6.1p1 FreeBSD-20030924
> RELENG_4_8                   OpenSSH_3.5p1 FreeBSD-20030924
> RELENG_4_7                   OpenSSH_3.4p1 FreeBSD-20030924
> RELENG_4_6                   OpenSSH_3.4p1 FreeBSD-20030924
> - 
-------------------------------------------------------------------------
> 
> To view the version string of the OpenSSH server, execute the
> following command:
> 
>   % /usr/sbin/sshd -\?
> 
> or for OpenSSH from the ports collection:
> 
>   % /usr/local/sbin/sshd -\?
> 
> The version string is also displayed when a client connects to the
> server.
> 
> VII. References
> 
> <URL:http://www.openssh.com/txt/sshpam.adv>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (FreeBSD)
> 
> iD8DBQE/gFCoFdaIBMps37IRApUWAJ9BZoW/uBY1Q0Phr3iQGBq8/I14dgCaAzvc
> 7gHHrB5lxeBXWIB37CXpM5s=
> =DC+H
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-announce at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-announce
> To unsubscribe, send any mail to 
"freebsd-announce-unsubscribe at freebsd.org"
> 
> ----- End forwarded message -----
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
> 
> 


-- 
mailto:neal at lists.rauhauser.net
phone:402-301-9555
IM:Neal R Rauhauser
"After all that I've been through, you're the only one who matters,
you never left me in the dark here on my own" - Widespread Panic

_______________________________________________
OLUG mailing list
OLUG at olug.org
http://lists.olug.org/mailman/listinfo/olug




More information about the OLUG mailing list