As noticed by a OpenBSD developer: http://www.openssh.com/txt/legacy-cert.adv OpenSSH Security Advisory: legacy-certs.adv This document may be found at: http://www.openssh.com/txt/legacy-cert.adv 1. Vulnerability Legacy certificates generated by OpenSSH might contain data from the stack thus leaking confidential information. 2. Affected configurations OpenSSH 5.6 and OpenSSH 5.7 only when generating legacy certificates. These must be specifically requested using the "-t" option on the ssh-keygen CA command-line. 3. Mitigation Avoid generating legacy certificates using OpenSSH 5.6 or 5.7 If legacy certificates have been issued with a vulnerable OpenSSH version, consider rotating any CA key used. 4. Details When generating legacy *-cert-v00@openssh.com certificates, the nonce field was not being correctly filled with random data but was left uninitialised, containing the contents of the stack. The contents of the stack at this point in ssh-keygen's execution do not appear to leak the CA private key or other sensitive data, but this possibility cannot be excluded on all platforms and library versions. If certificates are generated using user-specified contents (as opposed to the CA specifying all fields) then they will be less resistant to hash collision attacks. Fortunately, such attacks are not currently considered practical for the SHA family of hashes used to sign these certificates. 5. Credit This issue was privately reported by Mateusz Kocielski on January 26, 2011. 6. Fix OpenSSH 5.8 contains a fix for this vulnerability. Users who prefer to continue to use OpenSSH 5.6 or 5.7 may apply this patch: Index: key.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/key.c,v retrieving revision 1.95 diff -u -r1.95 key.c --- key.c 10 Nov 2010 01:33:07 -0000 1.95 +++ key.c 3 Feb 2011 06:52:33 -0000 @@ -1823,8 +1823,8 @@ buffer_put_cstring(&k->cert->certblob, key_ssh_name(k)); /* -v01 certs put nonce first */ + arc4random_buf(&nonce, sizeof(nonce)); if (!key_cert_is_legacy(k)) { - arc4random_buf(&nonce, sizeof(nonce)); buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce)); } Thanks Reproducible: Always
5.8p1 now in the tree
Thank you. Arches, please stabilize =net-misc/openssh-5.8_p1
works for me on amd64!
works also on my x86hardened
Are failed tests ok? Namely: interop-tests
Christian, can you describe what you are seeing? Ithink forwarding.sh is hanging for me.
Tested OK on SPARC, ssh works properly.
Stable for HPPA.
Stable on alpha.
(In reply to comment #6) > Christian, can you describe what you are seeing? Ithink forwarding.sh is > hanging for me. > Here too at an almost stable x86 Gentoo.
Created attachment 261861 [details] build.log Brent, Toralf, I see no forwarding.sh here. SSH itself works perfectly fine. Portage 2.1.9.25 (default/linux/x86/10.0/desktop, gcc-4.4.4, glibc-2.11.2-r3, 2.6.36-gentoo-r5 i686) ================================================================= System uname: Linux-2.6.36-gentoo-r5-i686-AMD_Athlon-tm-_X2_Dual_Core_Processor_BE-2400-with-gentoo-1.12.14 Timestamp of tree: Tue, 08 Feb 2011 18:30:01 +0000 distcc 3.1 i686-pc-linux-gnu [disabled] ccache version 2.4 [enabled] app-shells/bash: 4.1_p9 dev-java/java-config: 2.1.11-r3 dev-lang/python: 2.6.6-r1, 3.1.2-r4 dev-util/ccache: 2.4-r9 dev-util/cmake: 2.8.1-r2 sys-apps/baselayout: 1.12.14-r1 sys-apps/sandbox: 2.4 sys-devel/autoconf: 2.13, 2.65-r1 sys-devel/automake: 1.4_p6-r1, 1.5-r1, 1.6.3-r1, 1.7.9-r2, 1.8.5-r4, 1.9.6-r3, 1.10.3, 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.3.4, 4.4.4-r2 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.10 sys-devel/make: 3.81-r2 virtual/os-headers: 2.6.36.1 (sys-kernel/linux-headers) ACCEPT_KEYWORDS="x86" ACCEPT_LICENSE="*" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=athlon-xp -pipe -msse3" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /opt/openfire/resources/security/ /opt/openjms/config /usr/lib/fax /usr/share/config /usr/share/openvpn/easy-rsa /var/bind /var/lib/hsqldb /var/qmail/alias /var/qmail/control /var/spool/fax/etc /var/spool/torque /var/vpopmail/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/games/angband/edit/ /etc/gconf /etc/php/apache2-php5.2/ext-active/ /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.2/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.2/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-O2 -march=athlon-xp -pipe -msse3" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests binpkg-logs ccache distlocks fixlafiles fixpackages metadata-transfer news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv" GENTOO_MIRRORS="http://distfiles.gentoo.org" LANG="de_DE.utf8" LC_ALL="de_DE.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu" LINGUAS="de" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow 3dnowext X a52 aac aiglx alsa applet artworkextra asf astribank audiofile bash-completion berkdb bidi bluetooth bogofilter bootsplash branding bzip2 cairo ccache cdda cddb cdparanoia cdr cli compat console consolekit cracklib crypt css cups curl custom-cflags cxx dbus deskbar dga directfb divx4linux dri dts dvd dvdr dvdread dvi emacs emboss encode evince exif extensions fam fat fbcon fbcondecor fdftk ffmpeg fontconfig foomaticdb fortran ftp gb gcj gdbm gdu gif glitz gphoto2 gpm gsf gtk gtk2 gtkhtml hal howl iconv icq idn imagemagick imlib ipv6 java javascript jpeg jpeg2k kde kpathsea libnotify libotf lm_sensors mad matroska melt mikmod mime mjpeg mmx mmxext mng modules mp3 mp4 mpeg mpeg2 mudflap mule mysql ncurses networking nforce2 nls noaudio nocardbus novideo nowebdav nptl nptlonly nss objc objc++ objc-gc ocamlopt offensive ogg opengl openmp pam pango passwordsave pcre pdf perl plotutils pmu png policykit ppds pppd prediction preview-latex print publishers python qt-static qt3support qt4 readline reports run-as-root samba sdk sdl secure-delete semantic-desktop session slang smp spell sse ssl startup-notification static-analyzer svg svga sysfs t1lib tcpd theora threads thumbnailing tiff tk toolkit-scroll-bars totem truetype truetype-fonts type1-fonts udev unicode usb userlocales vcd videos vorbis win32codecs wmf wxwindows x264 x86 xcb xface xft xml xorg xosd xpm xulrunner xv xvid zlib" ALSA_CARDS="intel8x0" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="mouse keyboard evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="de" LIRC_DEVICES="atiusb" NGINX_MODULES_HTTP="perl" PHP_TARGETS="php5-3 php5-2" RUBY_TARGETS="jruby ruby18 ree18" USERLAND="GNU" VIDEO_CARDS="radeon" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
amd64 done
some of the test failures described here are gone for FEATURES="userpriv usersandbox". Rest are not a regression and won't hold stabilization. ppc stable
x86 stable
(In reply to comment #11) > Brent, Toralf, I see no forwarding.sh here. SSH itself works perfectly fine. Now the test are passed on my system too, changes within last 3 days are only an update of zziplib and a recompiled glibc (with debug info: n22 ~ # grep ^CFL /etc/make.conf CFLAGS="-O2 -march=native -pipe -fomit-frame-pointer -mfpmath=sse" n22 ~ # grep ^CFL /etc/portage/env/sys-libs/glibc CFLAGS="-O2 -march=native -pipe -g -ggdb"
arm/ia64/m68k/s390/sh/sparc stable
Thanks, everyone. GLSA Vote: no.
Can't emerge on x86 selinux/hardened Portage 2.1.9.25 (selinux/v2refpolicy/x86/hardened, gcc-4.4.4, glibc-2.11.2-r3, 2.6.36-hardened-r6 i686) ================================================================= System Settings ================================================================= System uname: Linux-2.6.36-hardened-r6-i686-Unknown_CPU_Typ-with-gentoo-1.12.14 Timestamp of tree: Wed, 16 Feb 2011 11:45:01 +0000 app-shells/bash: 4.1_p9 dev-lang/python: 2.6.6-r1, 3.1.2-r4 dev-util/cmake: 2.8.1-r2 sys-apps/baselayout: 1.12.14-r1 sys-apps/sandbox: 2.4 sys-devel/autoconf: 2.65-r1 sys-devel/automake: 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.3.4, 4.4.4-r2 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.10 sys-devel/make: 3.81-r2 virtual/os-headers: 2.6.36.1 (sys-kernel/linux-headers) ACCEPT_KEYWORDS="x86" ACCEPT_LICENSE="* -@EULA" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -march=i686 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests binpkg-logs distlocks fixlafiles fixpackages loadpolicy news parallel-fetch protect-owned sandbox selinux sesandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="ftp://gentoo.virginmedia.com/sites/gentoo http://gentoo.virginmedia.com/ " LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/sunrise" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="acl alsa apache2 berkdb cdb cdr cli cracklib crypt cxx dovecot-sasl dri dvd fam fortran hardened iconv imap ipv6 kerberos libwww maildir mbox modules mudflap ncurses network-cron nis nls openmp pam pcre perc perl php pic pop3d postgres pppd python readline samba sasl selinux session ssh ssl tcpd unicode vda vhosts winbind x86 xml xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nouveau nv r128 radeon savage sis tdfx trident vesa dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS error: i686-pc-linux-gnu-gcc -O2 -march=i686 -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wno-poino-pointer-sign -Wno-unused-result -fno-strict-aliasing -fno-builtin-memset -fstack-protector-all -I. -I. -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DSSH_RAND_HELPER=\"/usr/lib/misc/ssh-rand-helper\" -DHAVE_CONFIG_H -c nchan.c port-linux.c: In function 'ssh_selinux_setfscreatecon': port-linux.c:212: warning: unused variable 'context' port-linux.c: At top level: port-linux.c:220: error: expected identifier or '(' before 'if' port-linux.c:222: error: expected identifier or '(' before '}' token cc1: warning: unrecognized command line option "-Wno-unused-result" make[1]: *** [port-linux.o] Error 1 make[1]: Leaving directory `/var/tmp/portage/net-misc/openssh-5.8_p1/work/openssh-5.8p1/openbsd-compat' make: *** [openbsd-compat/libopenbsd-compat.a] Error 2 make: *** Waiting for unfinished jobs.... emake failed
Created attachment 262811 [details] Full build log Adding the full build log. Not sure about the Wno-unused-result warnings.
you do not report build failures in stabilization bugs. file a new bug.
ive punted openssh-5.8_p1 and moved all the keywords to openssh-5.8_p1-r1. the latter has a few minor issues resolved that people in stable are hitting.
CVE-2011-0539 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0539): The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
Vote: NO. Closing noglsa.
