OpenSSL ASN.1 vulnerability: sshd not affected

Aris Adamantiadis aris at 0xbadc0de.be
Fri Apr 20 05:49:56 EST 2012


Le 19/04/12 14:19, Damien Miller a écrit :
> Fortunately OpenSSH's sshd is not vulnerable - it has avoided the use
> of ASN.1 parsing since 2002 when Markus wrote a custom RSA verification
> function (openssh_RSA_verify):

Hi Damien,

In order to check the impact that this bug has on other software using
libcrypto, your email caught my eye.
I have a hard day figuring out if RSA_verify from libcrypto is
vulnerable. From what I could read, this bug is only exploitable when
the ASN.1 parsing is done on BIO objects, and RSA_verify parses from
memory, thus avoiding the bug. (I could see it calls d2i_X509_SIG()
which is not bio nor fp).
OpenSSL also claims [1] that this bug is not exploitable on SSL/TLS
clients/servers, so my opinion is that OpenSSH (and other software
using RSA_verify) are not vulnerable.

But of course this doesn't alter anything in the good security
practices in use for OpenSSH, that will protect from the next ASN.1 bug :)

Aris

[1] http://www.openssl.org/news/secadv_20120419.txt


More information about the openssh-unix-dev mailing list