Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 595342 - <net-misc/openssh-7.3_p1-r6: Remote pre-auth crash
Summary: <net-misc/openssh-7.3_p1-r6: Remote pre-auth crash
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa cleanup]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-09-28 07:59 UTC by Hanno Böck
Modified: 2016-12-07 10:33 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2016-09-28 07:59:37 UTC
This tweet indicates that there is a remotely triggerable crash in openssh:
https://twitter.com/robertswiecki/status/780436362105393153

Here's the supposed fix:
https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737

Details are scarce. Although it's "just" a crash / NULL deref it could lock an admin out of a server if the sshd service isn't automatically restarted.
Comment 1 Lars Wendler (Polynomial-C) gentoo-dev 2016-09-28 08:42:52 UTC
commit c938f8ceb36e6791d096ae9df9819f6b3be5315c
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Wed Sep 28 10:27:46 2016

    net-misc/openssh: Sec-revbump to fix remote pre-auth crash (bug #595342).
    
    Package-Manager: portage-2.3.1
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Comment 2 Agostino Sarubbo gentoo-dev 2016-09-28 08:50:13 UTC
Ready to stabilize?
Comment 3 Lars Wendler (Polynomial-C) gentoo-dev 2016-09-28 11:23:23 UTC
Arches please test and mark stable =net-misc/openssh-7.3_p1-r6 with target KEYWORDS:

alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
Comment 4 Agostino Sarubbo gentoo-dev 2016-09-28 12:32:42 UTC
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2016-09-28 12:33:10 UTC
x86 stable
Comment 6 Jeroen Roovers gentoo-dev 2016-09-28 18:00:11 UTC
Stable for PPC64.
Comment 7 Jeroen Roovers gentoo-dev 2016-09-28 18:00:27 UTC
oops, wrong bug
Comment 8 Paul B. Henson 2016-09-28 19:13:24 UTC
(In reply to Hanno Boeck from comment #0)
> 
> Details are scarce. Although it's "just" a crash / NULL deref it could lock
> an admin out of a server if the sshd service isn't automatically restarted.

Unless I misunderstand, this looks like a an issue during the key exchange between the ssh client and the ssh server, which takes place with a child of the master sshd process? So you're basically DoS'ing your own session? How would this impact the parent sshd process and prevent it from spawning other children to handle other attempted connections to the server?
Comment 9 Jeroen Roovers gentoo-dev 2016-09-29 03:36:12 UTC
Stable for HPPA.
Comment 10 Jeroen Roovers gentoo-dev 2016-09-29 03:36:35 UTC
Stable for PPC64.
Comment 11 Tobias Klausmann gentoo-dev 2016-09-29 09:10:35 UTC
Stable on alpha.
Comment 12 Agostino Sarubbo gentoo-dev 2016-09-29 09:42:50 UTC
sparc stable
Comment 13 Agostino Sarubbo gentoo-dev 2016-09-29 12:40:40 UTC
ppc stable
Comment 14 Agostino Sarubbo gentoo-dev 2016-09-29 13:16:31 UTC
arm stable
Comment 15 Agostino Sarubbo gentoo-dev 2016-09-29 13:33:09 UTC
ia64 stable.

Maintainer(s), please cleanup.
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2016-12-07 10:33:12 UTC
This issue was resolved and addressed in
 GLSA 201612-18 at https://security.gentoo.org/glsa/201612-18
by GLSA coordinator Aaron Bauman (b-man).