Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2002.312 -- NetBSD Security Advisory 2002-005 OpenSSH protocol version 2 challenge-response authentication vulnerability 28 June 2002 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: OpenSSH Vendor: NetBSD Operating System: NetBSD-current: prior to May 14, 2002 NetBSD-1.6_BETAx NetBSD-1.5.2 NetBSD-1.5.1 NetBSD-1.5 Impact: Root Compromise Access Required: Remote Ref: AL-2002.05 AA-2002.05 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2002-005 ================================= Topic: OpenSSH protocol version 2 challenge-response authentication vulnerability Version: NetBSD-current: prior to May 14, 2002 NetBSD-1.6_BETAx: affected NetBSD-1.5.2: affected NetBSD-1.5.1: affected NetBSD-1.5: affected NetBSD-1.4.*: not affected (does not ship with OpenSSH) pkgsrc: packages prior to openssh-18.104.22.168 Severity: high, remote root compromise Workaround: NetBSD-current: May 14, 2002 NetBSD-1.6 branch: partial by default (priv sep) NetBSD-1.5 branch: instructions below, OpenSSH 3 and later pkgsrc: June 25, 2002 (with openssh-22.214.171.124) Fixed: NetBSD-current: June 26, 2002 (OpenSSH 3.4) NetBSD-1.6 branch: June 26, 2002 (OpenSSH 3.4) NetBSD-1.5 branch: June 26, 2002 (patch on advisory) pkgsrc: June 26, 2002 (with openssh-126.96.36.199) Version string "NetBSD_Secure_Shell-20020626" will identify that the fix is in place. Abstract ======== OpenSSH has a vulnerability in protocol version 2 challenge-response authentication. OpenSSH 3.4 must be installed to completely overcome the problem. Technical Details ================= Vulnerability itself: http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20584 http://openssh.org/txt/iss.adv http://openssh.org/txt/preauth.adv CERT CA-2002-18 http://www.cert.org/advisories/CA-2002-18.html http://www.kb.cert.org/vuls/id/369347 Solutions and Workarounds ========================= Some workarounds are available, which may somewhat mitigate the risk: - Turn off challenge-response authentication by having the following in sshd_config: ChallengeResponseAuthentication no On some systems, the following option is also required together with the above. It is not relevant for NetBSD. PAMAuthenticationViaKbdInt no Note that turning these features off will disable SSH logins via S/Key (OTP) authentication. Compiling OpenSSH without support for S/Key and PAM authentication will also eliminate this vulnerability. - If you do not require SSH Protocol version 2 support, disabling it will eliminate the vulnerable codepath. Remember that version 1 is considered significantly less secure than version 2, and this workaround is not recommended for long term use. Additionally, if your users use version 2 authentication methods, they will be unable to connect. - The new Privelege Separation feature (available since OpenSSH 3.2.x) has been promoted as a potential mitigation of this issue. This feature is available in NetBSD-current as of May 14th, and is enabled by default. Privilege Separation might provide a benefit, potentially preventing this or future vulnerabilities from being root exploits, and limiting their nature to a denial of service. Although a useful defensive feature, this is not guaranteed, expecially given the implementation has not yet met the test of time. Do not avoid patching this issue simply because you have enabled Privelege Separation. Effect of privilege separation: http://www.citi.umich.edu/u/provos/ssh/privsep.html The following instructions describe how to upgrade your OpenSSH binaries by updating your source tree and rebuilding and installing a new version. Releases of NetBSD 1.5.3 and NetBSD 1.6 are imminent. This is a reminder to consider upgrading when they are available, if you are running anything older than NetBSD 1.5.3. Many security-related improvements have been made. To check if your system has a vulnerable version of sshd, run "sshd -V" (it is an invalid argument, but it will present the version number). Any version dated "NetBSD_Secure_Shell-20020626" or later will identify that the fix is in place. Although workarounds were provided above, update your binaries to make very sure that you don't have vulnerable binaries around. * NetBSD-current: Systems running NetBSD-current dated from before 2002-05-13 should be upgraded to NetBSD-current dated 2002-05-14 or later if you wish to use privilege separation support as a stopgap measure. It is recommended to update to source dated 2002-06-26 for a complete fix (with OpenSSH 3.4). The following directories need to be updated from the netbsd-current CVS branch (aka HEAD): crypto/dist/ssh usr.bin/ssh To update from CVS, re-build, and re-install: # cd src # cvs update -d -P crypto/dist/ssh usr.bin/ssh # cd usr.bin/ssh # make cleandir dependall # make install You also need to have an sshd UID and GID, as well as /var/chroot/sshd directory (chroot jail), as below: Create a group, with /usr/sbin/groupadd, or vi /etc/group sshd:*:16: Create a user, with vipw, or /usr/sbin/useradd sshd:*:16:16::0:0:sshd privsep:/var/chroot/sshd:/sbin/nologin Create the directory /var/chroot/sshd Make sure you have "UsePrivilegeSeparation yes" in your /etc/ssh/sshd_config (or it can be commented out, as the default value is "yes"), to mitigate future issues. * NetBSD 1.6 and beta: Systems running NetBSD 1.6 beta systems have OpenSSH privilege separation turned on by default, follow the workaround section as approriate for your environment, and upgrade to source dated 2002-06-26 (with OpenSSH 3.4) to close this vulnerability. NetBSD 1.6 will ship with OpenSSH 3.4, which has a complete fix. The following directories need to be updated from the netbsd-1-6 CVS branch: crypto/dist/ssh usr.bin/ssh To update from CVS, re-build, and re-install: # cd src # cvs update -d -P crypto/dist/ssh usr.bin/ssh # cd usr.bin/ssh # make cleandir dependall # make install The sshd user, group, and chroot jail directories should already exist in a 1.6 installation. * NetBSD 1.5, 1.5.1, 1.5.2: Systems running NetBSD 1.5.* releases dated from before 2002-06-26 should be upgraded to sources dated 2002-06-26 or later. Sources on the branch after that date include changes presented in the following advisory: http://openssh.org/txt/preauth.adv NOTE: the upgrade process will pull in changes presented in this advisory. Therefore, (1) it won't get you OpenSSH 3.4, (2) It won't make your sshd support privilege separation. If you need to enable privilege separation, install OpenSSH from pkgsrc (openssh-188.8.131.52). The following directories need to be updated from the netbsd-1-5 CVS branch: crypto/dist/ssh usr.bin/ssh To update from CVS, re-build, and re-install: # cd src # cvs update -d -P crypto/dist/ssh usr.bin/ssh # cd usr.bin/ssh # make cleandir dependall # make install * pkgsrc: (All systems, including NetBSD 1.4.*) For a complete fix, openssh-184.108.40.206 or later should be installed from pkgsrc/security/openssh. See above, as well as console messages during pkgsrc build, for instructions to enable privilege separation functionality. Thanks To ========= Markus Friedl and Jun-ichiro itojun Hagino for patches, and initial advisory text. Revision History ================ 2002-06-26 Initial release More Information ================ An up-to-date PGP signed copy of this release will be maintained at ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-005.txt.asc Information about NetBSD and NetBSD security can be found at http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/. Copyright 2002, The NetBSD Foundation, Inc. All Rights Reserved. $NetBSD: NetBSD-SA2002-005.txt,v 1.25 2002/06/27 14:27:43 david Exp $ - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (NetBSD) Comment: For info see http://www.gnupg.org iQCVAwUBPRrmHD5Ru2/4N2IFAQF7HQP+IIcCWFouTSuh/7jZZYVzXSzGFPGCJ2XW 1FRBhThxci6IpR+k7D6hrphaSKtyksP0MLNLC9fZowwiZFINE+2rqoyZ76YX7j7p wZU01Xxiai59a8v54SiHRBfCu4OKmTkdvUahwyPMQ6g+CLEwDl2fF68Uow42w7U2 1w5jn+FmAXE= =r1yo - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to email@example.com and we will forward your request to the appropriate person. This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to use any or all of this information is the responsibility of each user or organisation, and should be done so in accordance with site policies and procedures. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the original authors to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/Information/advisories.html If you believe that your system has been compromised, contact AusCERT or your representative in FIRST (Forum of Incident Response and Security Teams). Internet Email: firstname.lastname@example.org Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key iQCUAwUBPRx41ih9+71yA2DNAQGn9AP4ormF901uPH0KHW3LmeGJw8kEGx/n2pA2 RByfbMXj+pG/HOWEKYisChMY3XnnqVSQUStzYP6093dBV4vQYlmjZDxHXUF3bjau 8c5jbAey0CsKhEXOOBVP0iv4tASWAMVPtGJC1/ivd+OUEm9lWsxdmZq4MXIJM0lf J61ujFDyNA== =bJPB -----END PGP SIGNATURE-----