Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 22 Jul 2015 23:07:05 +0000
From: mancha <mancha1@...o.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request for OpenSSH vulnerability -
 authentication limits bypass

Attached patch fixes.

--mancha

On Tue, Jul 21, 2015 at 11:16:35AM +0200, king cope wrote:
> Hello list, solar designer,
> 
> Can you please add a CVE for the mentioned vulnerability in OpenSSH.
> 
> The OpenSSH server normally wouldn't allow successive authentications
> that exceed the MaxAuthTries setting in sshd_config, with this
> vulnerability the allowed login retries can be extended limited only
> by the LoginGraceTime setting, that can be more than 10000 tries
> (depends on the network speed), and even more for local attacks.
> Technically this vulnerability affects OpenSSH. It can be found with
> FreeBSD installations because these use the keyboard-interactive
> authentication mechanism (that is the one affected) in combination
> with pam. I haven't tested skey/bsd auth.  To note that this
> vulnerability looks pretty old, a test against FreeBSD 6.2 (2007
> release date) showed it vulnerable.  Additionally there is no delay
> between the authentication retries, but this is another issue that
> makes this vulnerability more effective.
> 
> CVE please!
> 
> Thank you,
> 
> KC
> 
> Reference: http://seclists.org/fulldisclosure/2015/Jul/92

View attachment "openssl-6.9p1_kbd-interactive.diff" of type "text/plain" (1350 bytes)

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ