Date: Fri, 27 Feb 2015 10:11:36 -0500 From: Daniel Kahn Gillmor <dkg@...thhorseman.net> To: Florent Daigniere <florent.daigniere@...stmatta.com>, oss-security@...ts.openwall.com Subject: dropbear and PuTTY missing DHE sanity checks [was: Re: CVE request: RFC 4253 section 8 wooes] On Fri 2015-02-27 06:59:57 -0500, Florent Daigniere wrote: > RFC 4253 section 8 describes how the DiffieHellman exchange is done in > SSH... It mandates a few sanity bound-checks (for both the values of > exponents and exponentials) that some implementations are not doing... > > Can you please assign three CVEs for the following bugs? > > MATTA-2015-002 PuTTY > will be fixed in the upcoming release (0.64 I think) > - The exponential is not checked for trivial values > > MATTA-2015-001 Dropbox ^^^^^^^ I'm pretty sure you mean dropbear here, based on the links below. > fixed in: https://secure.ucc.asn.au/hg/dropbear/rev/a1e79ffa5862 > - The exponential is not checked for all trivial values (it just does > what the RFC mandates, which is clearly not enough!) > - The exponent picked might be a trivial value (this is theoretical more > than anything else assuming the CSPRNG is working). It's a regression > from 0.49 > (https://secure.ucc.asn.au/hg/dropbear/diff/00703f1df67a/random.c) regards, --dkg
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ