Date: Wed, 22 Jul 2015 23:07:05 +0000 From: mancha <mancha1@...o.com> To: oss-security@...ts.openwall.com Subject: Re: CVE Request for OpenSSH vulnerability - authentication limits bypass Attached patch fixes. --mancha On Tue, Jul 21, 2015 at 11:16:35AM +0200, king cope wrote: > Hello list, solar designer, > > Can you please add a CVE for the mentioned vulnerability in OpenSSH. > > The OpenSSH server normally wouldn't allow successive authentications > that exceed the MaxAuthTries setting in sshd_config, with this > vulnerability the allowed login retries can be extended limited only > by the LoginGraceTime setting, that can be more than 10000 tries > (depends on the network speed), and even more for local attacks. > Technically this vulnerability affects OpenSSH. It can be found with > FreeBSD installations because these use the keyboard-interactive > authentication mechanism (that is the one affected) in combination > with pam. I haven't tested skey/bsd auth. To note that this > vulnerability looks pretty old, a test against FreeBSD 6.2 (2007 > release date) showed it vulnerable. Additionally there is no delay > between the authentication retries, but this is another issue that > makes this vulnerability more effective. > > CVE please! > > Thank you, > > KC > > Reference: http://seclists.org/fulldisclosure/2015/Jul/92 View attachment "openssl-6.9p1_kbd-interactive.diff" of type "text/plain" (1350 bytes) Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ