I discovered that a brute force scanner could easily detect existing users by checking the ssh service if pam was compiled with USE=ssh. When you try to connect to ssh on a pam[+ssh] enabled server, the ssh client will show just "Password:" as prompt for non-existing users while it displays "SSH passphrase:" for existing users. Not sure if this should be fixed in pam or ssh. Probably in pam, as a local login prompt shows the same behaviour. Reproducible: Always Steps to Reproduce: 1. Compile pam with USE="ssh" 2. Merge configs and restart sshd 3. Try to login with bad username via ssh Actual Results: Prompt "Password" is shown instead of "SSH passphrase" which would be shown if the user existed. Expected Results: Make no difference in prompt - whether the user exists or not. Otherwise this behaviour may be exploitable to support brute force/dictionary attacks. This behaviour enables attackers to verify the existence of users which usually services try to hide from remote connections (e.g. proftpd with mod_delay, sshd still asks for a password independent of user existence, etc). It should be fixed.
CVE-2009-1273 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1273): pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.
Created attachment 194306 [details, diff] A proposed patch to the brute-force username enumeration vulnerability. This patch should fix the vulnerability described -- which was also present in the latest version, pam_ssh-1.97.
Comment on attachment 194306 [details, diff] A proposed patch to the brute-force username enumeration vulnerability. Actually, the bug was fixed in version 1.97: > $Id: NEWS,v 1.12 2009/04/11 19:43:44 rosenauer Exp $ > > Version 1.97 > ============ > > SECURITY FIX: pam_ssh used a certain prompt if a user found to exist > to ask for the SSH passphrase explicitely depending on whether the > username was valid or invalid, which made it easier for remote > attackers to enumerate usernames. (CVE-2009-1273)
Thanks Mansour, version 1.97 is in tree, if security team wants to handle the bug.
Arches, please test and mark stable: =sys-auth/pam_ssh-1.97 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
amd64/x86 stable
Please do stable 1.97-r1 rather than -r0. Thanks!
Re-adding arches as per comment #8 and bug 279538.
alpha/arm/ia64/m68k/s390/sh/sparc stable
ppc64 done
ppc stable
glsa: yes
This issue has been fixed since Aug 09, 2009. No GLSA will be issued.
