OpenSSL ASN.1 vulnerability: sshd not affected
Damien Miller
djm at mindrot.org
Thu Apr 19 22:19:10 EST 2012
Hi,
Tavis Ormandy found some bugs in OpenSSL's ASN.1 and buffer code that
can be exploited to cause a heap overflow:
http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html
Fortunately OpenSSH's sshd is not vulnerable - it has avoided the use
of ASN.1 parsing since 2002 when Markus wrote a custom RSA verification
function (openssh_RSA_verify):
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-rsa.c?rev=HEAD;content-type=text%2Fplain
That's now eight exploitable bugs that this change has saved us from.
It's a good lesson in how excising even a relatively small amount of
complex attack surface can make a substantial difference to the security
of an application.
This gloating only applies to sshd though - private key loading still
uses the affected OpenSSL code, so if you are somehow allowing untrusted
users to supply private keys to ssh, ssh-keygen or ssh-add in a
privileged context then you should apply the OpenSSL fixes forthwith.
-d
More information about the openssh-unix-dev
mailing list