[Bug 3694] New: Which patch fixes the CanonicalizeHostname vulnerability?

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue May 28 13:14:04 AEST 2024


https://bugzilla.mindrot.org/show_bug.cgi?id=3694

            Bug ID: 3694
           Summary: Which patch fixes the CanonicalizeHostname
                    vulnerability?
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: security
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: rmsh1216 at 163.com

As it is written in the
security(https://www.openssh.com/security.html):
February 2, 2023
ssh(1) in OpenSSH between and 6.5 and 9.1 (inclusive).
ssh(1) failed to check DNS names returned from libc for validity.
If the CanonicalizeHostname and CanonicalizePermittedCNAMEs options
were enabled, and the system/libc resolver did not check that names in
DNS responses were valid, then use of these options could allow an
attacker with control of DNS to include invalid characters (possibly
including wildcards) in names added to known_hosts files when they were
updated. These names would still have to match the
CanonicalizePermittedCNAMEs allow-list, so practical exploitation
appears unlikely.
This bug is corrected in OpenSSH 9.2.

But I do not find the fix patch, please let me know, thanks a lot.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list