Date: Mon, 19 Dec 2016 11:21:45 -0500 From: <cve-assign@...re.org> To: <oss-security@...ts.openwall.com> CC: <cve-assign@...re.org> Subject: Re: Announce: OpenSSH 7.4 released -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > ssh-agent(1): Will now refuse to load PKCS#11 modules from paths > outside a trusted whitelist > ... > code execution on the system running the ssh-agent if the > attacker has control of the forwarded agent-socket (on the host > running the sshd server) and the ability to write to the filesystem > of the host running ssh-agent Use CVE-2016-10009. > sshd(8): When privilege separation is disabled, forwarded Unix- > domain sockets would be created by sshd(8) with the privileges of > 'root' Use CVE-2016-10010. > sshd(8): Avoid theoretical leak of host private key material to > privilege-separated child processes via realloc() Use CVE-2016-10011. > sshd(8): The shared memory manager used by pre-authentication > compression support had a bounds checks that could be elided by > some optimising compilers > ... > potentially allow attacks against the > privileged monitor process from the sandboxed privilege-separation > process Use CVE-2016-10012. > * sshd(8): Validate address ranges for AllowUser and DenyUsers > directives at configuration load time and refuse to accept invalid > ones. It was previously possible to specify invalid CIDR address > ranges (e.g. user@....1.2.3/55) and these would always match, > possibly resulting in granting access where it was not intended. This currently has no CVE ID. We do not know of common scenarios where an untrusted party is able to specify an invalid CIDR block, but is unable to specify a valid CIDR block that includes any desired IP address. A relevant scenario might exist if privileged third-party software relies, in part, on user input to construct an sshd configuration file. Even if there were such a scenario, it would probably be the responsibility of third-party software to validate the meaning of the CIDR block, and not (for example) accept any string starting with "10." and ending with "/n" where n is greater than 26. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYWAhyAAoJEHb/MwWLVhi2iicP/iUDlPu9wQq9QSAu4UTMZv+g 2m8qA2vyUQKvavzuWFaDADfRpKTMW70IOo3jt3WhOmmt56dp06eF8lLtRzucwkMb sDFQZQ1PJtbYZjNjgxVBjaZ/4DJOhs0J4QHXumIc617mgGqm1QrCTc0kU3qRBpJ7 k/mDov8fQYBhHE0w0FUvn3ofC1ywoI12rThzbX+AfmlRcSXQ9h6N6608bF1mi3yJ Opcgn72HtLJhWB/ABzCmjEFzskJEWiMSEBGQFD5Ct63r2g9mUe0Q9NuTtzQHdngw HdThZ9tfDQ69O33K0R0vG7YQv2KUGTox3nBBjg+Wi4xkEqY0lk0xy1sGUEPyOYcQ JtGbyHoc3aQqDC63KvFQuXRV2jMsKefQSTZclK3GZ3DwDzCq5+q16htNvQ71sU1V TiqQarip0qvmk+VDiI54lWaS5bgLHBPHbKfHlTOElOrjKbYrNmTniNA8nHLR+cSf mniHUcmZEY1fyP3SllLfE/dYhYY/3nc73d43ds23pUWixRHZN+H73iboep/6cHfg BZQ+eZzoxfxv6Bo6nN/o74zc4zvU42pkDwAlOPQzoWpmQO8982Z4BV8INTXpTwSM lsZ60sHyk/wYIjN9+3vK7dzjpLPf7ZV+ifeVnqxtgE2Pol5c3rnVipDAWwy9ZVZX 3nNNmJLRnyazekpyflpT =kEDT -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ