Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 17 Aug 2018 23:02:08 +0200
From: Dariusz Tytko <dariusz.tytko@...uritum.pl>
To: oss-security@...ts.openwall.com
Subject: Re: OpenSSH Username Enumeration

Hi,

We have reported this bug on 16th July 2018. Publication of the write-up
is waiting for the official patch.

W dniu 17.08.2018 o 20:31, Salvatore Bonaccorso pisze:
> Hi,
>
> On Wed, Aug 15, 2018 at 09:05:58AM -0700, Qualys Security Advisory wrote:
>> Hi all,
>>
>> We sent the following email to openssh@...nssh.com and
>> distros@...openwall.org about an hour ago, and it was decided that we
>> should send it to oss-security@...ts.openwall.com right away (as far as
>> we know, no CVE has been assigned to this issue yet):
>>
>> ========================================================================
>>
>> While reviewing the latest OpenSSH commits, we stumbled across:
>>
>> https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
>>
>> Date:   Tue Jul 31 03:10:27 2018 +0000
>>     delay bailout for invalid authenticating user until after the packet
>>     containing the request has been fully parsed. Reported by Dariusz Tytko
>>     and Michal Sajdak; ok deraadt
>>
>> We realized that without this patch, a remote attacker can easily test
>> whether a certain user exists or not (username enumeration) on a target
>> OpenSSH server:
>>
>>   87 static int
>>   88 userauth_pubkey(struct ssh *ssh)
>>   89 {
>>  ...
>>  101         if (!authctxt->valid) {
>>  102                 debug2("%s: disabled because of invalid user", __func__);
>>  103                 return 0;
>>  104         }
>>  105         if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 ||
>>  106             (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
>>  107             (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
>>  108                 fatal("%s: parse request failed: %s", __func__, ssh_err(r));
>>
>> The attacker can try to authenticate a user with a malformed packet (for
>> example, a truncated packet), and:
>>
>> - if the user is invalid (it does not exist), then userauth_pubkey()
>>   returns immediately, and the server sends an SSH2_MSG_USERAUTH_FAILURE
>>   to the attacker;
>>
>> - if the user is valid (it exists), then sshpkt_get_u8() fails, and the
>>   server calls fatal() and closes its connection to the attacker.
>>
>> We believe that this issue warrants a CVE; it affects all operating
>> systems, all OpenSSH versions (we went back as far as OpenSSH 2.3.0,
>> released in November 2000), and is easier to exploit than previous
>> OpenSSH username enumerations (which were all timing attacks):
>>
>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0190
>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5229
>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6210
> This new issue got assigned CVE-2018-15473 by MITRE.
>
> Regards,
> Salvatore

-- 
Dariusz Tytko

securitum.pl - bezpieczeństwo systemów IT.
sekurak.pl   - piszemy o bezpieczeństwie.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.