Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 490728 (CVE-2013-4548) - <net-misc/openssh-{6.2_p2-r5,6.3_p1-r1} : AES-GCM memory corruption/ACE vulnerability (CVE-2013-4548)
Summary: <net-misc/openssh-{6.2_p2-r5,6.3_p1-r1} : AES-GCM memory corruption/ACE vulne...
Status: RESOLVED FIXED
Alias: CVE-2013-4548
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial
Assignee: Gentoo Security
URL:
Whiteboard: ~1 [noglsa]
Keywords:
: 490752 (view as bug list)
Depends on:
Blocks:
 
Reported: 2013-11-08 04:23 UTC by Andrew Hamilton
Modified: 2013-11-27 21:24 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Hamilton 2013-11-08 04:23:32 UTC
From http://www.openssh.com/txt/gcmrekey.adv

A memory corruption vulnerability exists in the post-authentication sshd process when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is selected during kex exchange.

If exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations.

Affected: OpenSSH 6.2 and 6.3 built against OpenSSL supporting AES-GCM are affected.

Fixed: OpenSSH 6.4

Mitigation: Disable AES-GCM in the server configuration.
Comment 1 Tim Harder gentoo-dev 2013-11-08 05:07:01 UTC
Fixed in openssh-6.3_p1-r1.

Adding 6.4 will probably have to wait for a new X509 patch.
Comment 2 Agostino Sarubbo gentoo-dev 2013-11-08 08:43:13 UTC
(In reply to Tim Harder from comment #1)
> Fixed in openssh-6.3_p1-r1.
> 
> Adding 6.4 will probably have to wait for a new X509 patch.

Please remove the affected versions.
Comment 3 Fabian Henze 2013-11-08 15:05:00 UTC
What about a fix for OpenSSH 6.2?
Comment 4 Alex Legler (RETIRED) archtester gentoo-dev Security 2013-11-08 15:19:28 UTC
*** Bug 490752 has been marked as a duplicate of this bug. ***
Comment 5 Tim Harder gentoo-dev 2013-11-08 18:53:01 UTC
(In reply to Fabian Henze from comment #3)
> What about a fix for OpenSSH 6.2?

Done in -r5.
Comment 6 Jason A. Donenfeld gentoo-dev 2013-11-08 22:41:22 UTC
(In reply to Tim Harder from comment #1)
> Adding 6.4 will probably have to wait for a new X509 patch.

Looks to me like the only changes are s/xmalloc/xcalloc/g:

http://data.zx2c4.com/openssh-6.3-6.4.diff
Comment 7 Tim Harder gentoo-dev 2013-11-09 00:02:54 UTC
(In reply to Jason A. Donenfeld from comment #6)
> (In reply to Tim Harder from comment #1)
> > Adding 6.4 will probably have to wait for a new X509 patch.
> 
> Looks to me like the only changes are s/xmalloc/xcalloc/g:
> 
> http://data.zx2c4.com/openssh-6.3-6.4.diff

Which is why I'm not in a rush to bump 6.4, I thought that implication was obvious. :)
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2013-11-27 21:24:58 UTC
CVE-2013-4548 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4548):
  The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2
  and 6.3, when an AES-GCM cipher is used, does not properly initialize memory
  for a MAC context data structure, which allows remote authenticated users to
  bypass intended ForceCommand and login-shell restrictions via packet data
  that provides a crafted callback address.