Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Aug 2015 10:39:00 +0200
From: Adam Maris <amaris@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request - OpenSSH 6.9 PAM privilege separation
 vulnerabilities


On 11/08/15 20:40, Moritz Jodeit wrote:
> Hello list,
>
> could you please assign two CVE IDs for the following two security
> issues fixed in OpenSSH 7.0 (directly taken from the release notes [1]):
>
>   * sshd(8): Portable OpenSSH only: Fixed a privilege separation
>     weakness related to PAM support. Attackers who could successfully
>     compromise the pre-authentication process for remote code
>     execution and who had valid credentials on the host could
>     impersonate other users.  Reported by Moritz Jodeit.
>
>   * sshd(8): Portable OpenSSH only: Fixed a use-after-free bug
>     related to PAM support that was reachable by attackers who could
>     compromise the pre-authentication process for remote code
>     execution. Also reported by Moritz Jodeit.
>
> [1] http://www.openssh.com/txt/release-7.0
>
> Thank you,
> Moritz
Could you assign CVEs for the other two issues as well?

  * sshd(8): fix circumvention of MaxAuthTries using keyboard-
    interactive authentication. By specifying a long, repeating
    keyboard-interactive "devices" string, an attacker could request
    the same authentication method be tried thousands of times in
    a single pass. The LoginGraceTime timeout in sshd(8) and any
    authentication failure delays implemented by the authentication
    mechanism itself were still applied. Found by Kingcope.

  * sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-
    writable. Local attackers may be able to write arbitrary messages
    to logged-in users, including terminal escape sequences.
    Reported by Nikolay Edigaryev.

Or have they CVEs already?

Thanks.

-- 
Adam Maris / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ