Bug 450884

Summary:	Kernel : /dev/ptmx to measure inter-keystroke timing (CVE-2013-0160)
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Kernel	Assignee:	Gentoo Kernel Security <security-kernel>
Status:	RESOLVED OBSOLETE
Severity:	normal	CC:	kernel
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Agostino Sarubbo gentoo-dev

2013-01-08 13:10:32 UTC

From https://bugzilla.redhat.com/show_bug.cgi?id=892983 :

A security flaw was found in the way "/dev/ptmx", a character device used to create a 
pseudo-terminal master (PTM) and slave (PTS) pair, of the Linux kernel, used to transmit data 
through the PTM when a keystroke was pressed. An unprivileged, local user could use this flaw to 
determine inter-keystroke timing (measure latency between keystrokes), possibly allowing them to 
determine effective length of an password being typed in.

References:
[1] http://vladz.devzero.fr/013_ptmx-timing.php
[2] http://users.ece.cmu.edu/~dawnsong/papers/ssh-timing.pdf
[3] http://www.openwall.com/lists/oss-security/2013/01/07/5
[4] https://bugzilla.novell.com/show_bug.cgi?id=797175

Reproducers:
[5] http://vladz.devzero.fr/svn/codes/PoC/ptmx-keystroke-latency.c
    (to display latency between keystrokes)
[6] http://vladz.devzero.fr/svn/codes/PoC/ptmx-su-pwdlen.sh
    (to determine password length)

Comment 1 Aaron Bauman (RETIRED) gentoo-dev

2018-04-04 18:26:41 UTC

There are no longer any 2.x or <=3.7.9 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.