OpenSSL ASN.1 vulnerability: sshd not affected

Roumen Petrov openssh at roumenpetrov.info
Fri Apr 20 07:04:43 EST 2012


Damien Miller wrote:
> Hi,
>
> Tavis Ormandy found some bugs in OpenSSL's ASN.1 and buffer code that
> can be exploited to cause a heap overflow:
>
> http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html
>
> Fortunately OpenSSH's sshd is not vulnerable - it has avoided the use
> of ASN.1 parsing since 2002 when Markus wrote a custom RSA verification
> function (openssh_RSA_verify):
>
> http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-rsa.c?rev=HEAD;content-type=text%2Fplain
>
> That's now eight exploitable bugs that this change has saved us from.
> It's a good lesson in how excising even a relatively small amount of
> complex attack surface can make a substantial difference to the security
> of an application.
>
> This gloating only applies to sshd though - private key loading still
> uses the affected OpenSSL code, so if you are somehow allowing untrusted
> users to supply private keys to ssh, ssh-keygen or ssh-add in a
> privileged context then you should apply the OpenSSL fixes forthwith.
I cannot understand this sentence. Issue is with operation on file 
stream. I cannot remember exact version when key reading from streams 
was replaces by "atomic" operation - read file into memory and then use 
memory to parse.

Please could you clarify are user programs vulnerable or not ?

> -d
>
Roumen

-- 
Get X.509 certificates support in OpenSSH:
http://roumenpetrov.info/openssh/





More information about the openssh-unix-dev mailing list