Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 664264 (CVE-2018-15473) - <net-misc/openssh-7.7_p1-r8: User enumeration via malformed packets in authentication requests (CVE-2018-15473)
Summary: <net-misc/openssh-7.7_p1-r8: User enumeration via malformed packets in authen...
Status: RESOLVED FIXED
Alias: CVE-2018-15473
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: A4 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-08-22 14:34 UTC by GLSAMaker/CVETool Bot
Modified: 2019-03-21 22:37 UTC (History)
5 users (show)

See Also:
Package list:
net-misc/openssh-7.7_p1-r9
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-08-22 14:34:48 UTC
CVE-2018-15473 (https://nvd.nist.gov/vuln/detail/CVE-2018-15473):
  OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not
  delaying bailout for an invalid authenticating user until after the packet
  containing the request has been fully parsed, related to auth2-gss.c,
  auth2-hostbased.c, and auth2-pubkey.c.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2018-08-22 14:37:35 UTC
Fixed since
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f1972d34210086aa07183ca4b412b7d1888c3971
Comment 2 Larry the Git Cow gentoo-dev 2018-08-22 15:00:27 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd4e2c022dec6fedeabe2613d8968b3931766432

commit bd4e2c022dec6fedeabe2613d8968b3931766432
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2018-08-22 14:59:53 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2018-08-22 15:00:09 +0000

    net-misc/openssh: partial security cleanup
    
    Bug: https://bugs.gentoo.org/664264
    Package-Manager: Portage-2.3.48, Repoman-2.3.10

 net-misc/openssh/Manifest                 |   6 -
 net-misc/openssh/openssh-7.6_p1-r5.ebuild | 342 ----------------------
 net-misc/openssh/openssh-7.7_p1-r6.ebuild | 460 ------------------------------
 net-misc/openssh/openssh-7.7_p1-r7.ebuild | 444 ----------------------------
 net-misc/openssh/openssh-7.7_p1-r8.ebuild | 444 ----------------------------
 5 files changed, 1696 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=419a4fbd29c45b46b5caffa4d8c775693f596a27

commit 419a4fbd29c45b46b5caffa4d8c775693f596a27
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2018-08-22 14:57:16 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2018-08-22 15:00:07 +0000

    net-misc/openssh: move stable keywords
    
    Bug: https://bugs.gentoo.org/664264
    Package-Manager: Portage-2.3.48, Repoman-2.3.10

 net-misc/openssh/openssh-7.7_p1-r9.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 3 Mart Raudsepp gentoo-dev 2018-08-22 17:52:42 UTC
arm64 stable
Comment 4 Michael Boyle 2018-08-22 23:56:28 UTC
Security please vote on weather this is a GLSA. Thank you.

Michael Boyle
Gentoo Security Padawan
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2018-08-23 00:17:19 UTC
GLSA Vote: Yes!

New GLSA request filed.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2018-10-06 17:04:14 UTC
This issue was resolved and addressed in
 GLSA 201810-03 at https://security.gentoo.org/glsa/201810-03
by GLSA coordinator Aaron Bauman (b-man).
Comment 7 Aaron Bauman (RETIRED) gentoo-dev 2018-10-06 17:04:37 UTC
re-opened for cleanup
Comment 8 Larry the Git Cow gentoo-dev 2018-10-06 17:42:29 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5091fd8f2b5a7cb0d3e970df404446d3aef8f3c7

commit 5091fd8f2b5a7cb0d3e970df404446d3aef8f3c7
Author:     Mikle Kolyada <zlogene@gentoo.org>
AuthorDate: 2018-10-06 17:41:43 +0000
Commit:     Mikle Kolyada <zlogene@gentoo.org>
CommitDate: 2018-10-06 17:42:24 +0000

    net-misc/openssh: Security cleanup
    
    Closes: https://bugs.gentoo.org/664264
    Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
    Package-Manager: Portage-2.3.49, Repoman-2.3.11

 net-misc/openssh/Manifest                 |   5 -
 net-misc/openssh/metadata.xml             |   2 -
 net-misc/openssh/openssh-7.5_p1-r4.ebuild | 334 ------------------------------
 3 files changed, 341 deletions(-)
Comment 9 Larry the Git Cow gentoo-dev 2018-10-06 22:31:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fbabae323c3a5684c7886cd4a56cb153ef2b2c17

commit fbabae323c3a5684c7886cd4a56cb153ef2b2c17
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2018-10-06 22:31:32 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2018-10-06 22:31:32 +0000

    Revert "net-misc/openssh: Security cleanup"
    
    This reverts commit 5091fd8f2b5a7cb0d3e970df404446d3aef8f3c7.
    
    <net-misc/openssh-7.6 is still needed for dev-python/twisted.
    
    Bug: https://bugs.gentoo.org/661258
    Bug: https://bugs.gentoo.org/664264
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 net-misc/openssh/Manifest                 |   5 +
 net-misc/openssh/metadata.xml             |   2 +
 net-misc/openssh/openssh-7.5_p1-r4.ebuild | 334 ++++++++++++++++++++++++++++++
 3 files changed, 341 insertions(+)
Comment 10 Thomas Deutschmann (RETIRED) gentoo-dev 2018-10-06 22:32:31 UTC
Cleanup was reverted.
Comment 11 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-10-06 22:39:07 UTC
(In reply to Thomas Deutschmann from comment #10)
> Cleanup was reverted.

tests should be just restricted then, not vuln reverted
Comment 12 Aaron Bauman (RETIRED) gentoo-dev 2019-03-21 22:37:57 UTC
cleanup will be tracked in bug 675522