[Bug 3694] New: Which patch fixes the CanonicalizeHostname vulnerability?
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue May 28 13:14:04 AEST 2024
https://bugzilla.mindrot.org/show_bug.cgi?id=3694
Bug ID: 3694
Summary: Which patch fixes the CanonicalizeHostname
vulnerability?
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: rmsh1216 at 163.com
As it is written in the
security(https://www.openssh.com/security.html):
February 2, 2023
ssh(1) in OpenSSH between and 6.5 and 9.1 (inclusive).
ssh(1) failed to check DNS names returned from libc for validity.
If the CanonicalizeHostname and CanonicalizePermittedCNAMEs options
were enabled, and the system/libc resolver did not check that names in
DNS responses were valid, then use of these options could allow an
attacker with control of DNS to include invalid characters (possibly
including wildcards) in names added to known_hosts files when they were
updated. These names would still have to match the
CanonicalizePermittedCNAMEs allow-list, so practical exploitation
appears unlikely.
This bug is corrected in OpenSSH 9.2.
But I do not find the fix patch, please let me know, thanks a lot.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list