Bug#729148: marked as done (Memory corruption vulnerability when using AES-GCM)

[Debian Bug Tracking System]

Your message dated Sat, 09 Nov 2013 21:24:51 +0000
with message-id <e1vfg1t-0003a0...@franck.debian.org>
and subject line Bug#729029: fixed in openssh 1:6.4p1-1
has caused the Debian Bug report #729029,
regarding Memory corruption vulnerability when using AES-GCM
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
729029: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729029
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: openssh-server
Version: 1:6.2p2-6~bpo7
Severity: grave
Tags: patch, security, fixed-upstream

The recent security advisory from OpenSSH upstream dated 2013-11-07
mentions that "a memory corruption vulnerability exists in the
post-authentication sshd process when an AES-GCM cipher
(aes128-...@openssh.com or aes256-...@openssh.com) is selected during
kex exchange."

"If exploited, this vulnerability might permit code execution with the
privileges of the authenticated user and may therefore allow bypassing
restricted shell/command configurations."

This only applies to OpenSSH 6.2 and 6.3 built against OpenSSL
supporting AES-GCM. It has been fixed in upstream, OpenSSH 6.4.

The advisory mentions usage of the following patch:

Index: monitor_wrap.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/monitor_wrap.c,v
retrieving revision 1.76
diff -u -p -u -r1.76 monitor_wrap.c
--- monitor_wrap.c      17 May 2013 00:13:13 -0000      1.76
+++ monitor_wrap.c      6 Nov 2013 16:31:26 -0000
@@ -469,7 +469,7 @@ mm_newkeys_from_blob(u_char *blob, int b
        buffer_init(&b);
        buffer_append(&b, blob, blen);
 
-       newkey = xmalloc(sizeof(*newkey));
+       newkey = xcalloc(1, sizeof(*newkey));
        enc = &newkey->enc;
        mac = &newkey->mac;
        comp = &newkey->comp;

Alternatively, AES-GCM should be disabled in sshd_config as a workaround
to this vulnerability.

See also: <http://www.openssh.com/txt/gcmrekey.adv>

Linux edi 3.10-0.bpo.3-amd64 #1 SMP Debian 3.10.11-1~bpo70+1
(2013-09-24) x86_64 GNU/Linux
openssh-server: 1:6.2p2-6~bpo7
openssl: 1.0.1e-2
-- 
Patrick Godschalk
arg...@argure.nl
GPG: <https://argure.nl/identity/ecc14594.asc>
This e-mail falls under the CC0 1.0 Universal Public Domain Dedication.

--- End Message ---

--- Begin Message ---

Source: openssh
Source-Version: 1:6.4p1-1

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 729...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwat...@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 09 Nov 2013 18:24:16 +0000
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome 
openssh-client-udeb openssh-server-udeb
Architecture: source i386 all
Version: 1:6.4p1-1
Distribution: unstable
Urgency: high
Maintainer: Debian OpenSSH Maintainers <debian-...@lists.debian.org>
Changed-By: Colin Watson <cjwat...@debian.org>
Description: 
 openssh-client - secure shell (SSH) client, for secure access to remote 
machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote 
machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for 
ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 158590 436052 651357 729029
Changes: 
 openssh (1:6.4p1-1) unstable; urgency=high
 .
   * New upstream release.  Important changes:
     - 6.3/6.3p1 (http://www.openssh.com/txt/release-6.3):
       + sftp(1): add support for resuming partial downloads using the
         "reget" command and on the sftp commandline or on the "get"
         commandline using the "-a" (append) option (closes: #158590).
       + ssh(1): add an "IgnoreUnknown" configuration option to selectively
         suppress errors arising from unknown configuration directives
         (closes: #436052).
       + sftp(1): update progressmeter when data is acknowledged, not when
         it's sent (partially addresses #708372).
       + ssh(1): do not fatally exit when attempting to cleanup multiplexing-
         created channels that are incompletely opened (closes: #651357).
     - 6.4/6.4p1 (http://www.openssh.com/txt/release-6.4):
       + CVE-2013-4548: sshd(8): fix a memory corruption problem triggered
         during rekeying when an AES-GCM cipher is selected (closes:
         #729029).  Full details of the vulnerability are available at:
         http://www.openssh.com/txt/gcmrekey.adv
   * When running under Upstart, only consider the daemon started once it is
     ready to accept connections (by raising SIGSTOP at that point and using
     "expect stop").
Checksums-Sha1: 
 d3d59b8f7f36dc1d53307ddfced196d04657f620 2586 openssh_6.4p1-1.dsc
 cf5fe0eb118d7e4f9296fbc5d6884965885fc55d 1201402 openssh_6.4p1.orig.tar.gz
 99d8fe7771b5135e6da98fcd2a081bd34036edae 171847 openssh_6.4p1-1.debian.tar.gz
 7e97ebf8d108d51521bc0b6ed2a6ab319865183b 599808 openssh-client_6.4p1-1_i386.deb
 1f90c0c75d29a0aeed75d731b45d31d3ae756da0 261508 openssh-server_6.4p1-1_i386.deb
 f6ec921377b9a788c0153ab0f0d4226c2711a235 1060 ssh_6.4p1-1_all.deb
 eaed6150c0f0dbd90e8771163cbcc4fede986b7d 113730 ssh-krb5_6.4p1-1_all.deb
 1ea2ed34e049677d9385a6a72c74fb11328dbdc4 121450 
ssh-askpass-gnome_6.4p1-1_i386.deb
 0797ea0ccff3611726edca0e13d6df8543d6b61e 185162 
openssh-client-udeb_6.4p1-1_i386.udeb
 7f12f2d5b2ed96c1d78d1e441fe63da5d5b44568 212216 
openssh-server-udeb_6.4p1-1_i386.udeb
Checksums-Sha256: 
 3f7b4085228cd4db9990011c9902e872737a644013f0f981299e9797bce1a600 2586 
openssh_6.4p1-1.dsc
 5530f616513b14aea3662c4c373bafd6a97a269938674c006377e381f68975d2 1201402 
openssh_6.4p1.orig.tar.gz
 a1a70cef430e9723b49f2afbc08f01df4b17ee72348d6c6c5dbe67e004f9a109 171847 
openssh_6.4p1-1.debian.tar.gz
 3c4c382b68bff757daba80ab4328e3ddfab1d1097303e7c0d2fb832f2784effe 599808 
openssh-client_6.4p1-1_i386.deb
 4e0e053d91edec9c78165d1faf2fb9fc27baf33a06141bee5eddb3be6073bd15 261508 
openssh-server_6.4p1-1_i386.deb
 9fad63aa5df44b86cfdb69ff27794718eaf3e804a9d005e46ca5b3a3a97fdc4e 1060 
ssh_6.4p1-1_all.deb
 26b08bc547b8467462448efd5a2f835c8dbe5599f800ca57fdd29eedd84e83fe 113730 
ssh-krb5_6.4p1-1_all.deb
 916ad5c7fc011adf1f2409998fd4df906c29a48e4af9a562d7c6dda59d8e77a8 121450 
ssh-askpass-gnome_6.4p1-1_i386.deb
 6c5cd1265bdaeed6a11504fc2e8c66e9c32c62b6fae9b4f88384b93c0c47daa3 185162 
openssh-client-udeb_6.4p1-1_i386.udeb
 f292febd717cecaa0f6c25562bf1dbe714f4481b55f49df39f6253c6e6f148d0 212216 
openssh-server-udeb_6.4p1-1_i386.udeb
Files: 
 707f9097f554faf738a41594dc9dcec3 2586 net standard openssh_6.4p1-1.dsc
 a62b88b884df0b09b8a8c5789ac9e51b 1201402 net standard openssh_6.4p1.orig.tar.gz
 9a9e5dcb06b079c035caead19a3a043a 171847 net standard 
openssh_6.4p1-1.debian.tar.gz
 58708693dfa5b77dc6b6121591877854 599808 net standard 
openssh-client_6.4p1-1_i386.deb
 55d558b527e3b2aaa53c250903f5bfe4 261508 net optional 
openssh-server_6.4p1-1_i386.deb
 00268a9c416eefe9f9d23ef8fe65bbc2 1060 net extra ssh_6.4p1-1_all.deb
 1e33bed0871d4dc8f9d950549bf27e7a 113730 oldlibs extra ssh-krb5_6.4p1-1_all.deb
 4c7183639e9450f16a54daff2460a7ec 121450 gnome optional 
ssh-askpass-gnome_6.4p1-1_i386.deb
 13aa54a73a0da6ab353173172a08a456 185162 debian-installer optional 
openssh-client-udeb_6.4p1-1_i386.udeb
 a5556a27a17d3c6a99d0b9935db0a9ae 212216 debian-installer optional 
openssh-server-udeb_6.4p1-1_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Colin Watson <cjwat...@debian.org> -- Debian developer

iQIVAwUBUn6SYDk1h9l9hlALAQhU2RAAlDhFCCcWHxlyj0oAl1LXNT7n68re0yfU
WuXOz9VJYavcigaX3872CkdCxhHMHSQ9idiodr+HhcubdbE/x2y9dYe+0mT6mygk
LwL6ed+Z60wF5IU31ZMhymhGDKq+kXaTo/rGdV25KM+MHbOBSjaEgjzc6Of+KVzi
BbuziJ0KKaaBpqYNS5Vevih1EIgLxRyvSLAQKH1opmjBHk7M3ljCQH1u/K9AnNPx
B8wKbl3vwQQwsxczzQ7tXOvGkUP9Vr7y21XSc8RJnrBojUL3Yl2SjWJWl0tO+sJ3
9KGZFU0sL45NdAxKxw5hO6X9VVVtf5gR0A6G8/8P5Ja28LacbnR3QcAq8/xGIcEA
hVQzTE+SO0we8zoCVYTQhoWtq97eDXDJRoqLxQaIkDo2fwzm4/nzp+4y81pn+pQ6
0SiY64Ix1tcewlgi5CI1LPfawMP/u6bv2C7xr2aVnLcUCoKyiTl2LuyNP+pIMdxy
QIkJUH3IBHtAMtGVW/GwtgLGo0v+v4aMki0+AJhoLXBZfPMyOdIMA5xZQMBtAqkM
dTAARD1gmbzgReq35y4amcEXbSHcHwM9e/LCJdHDSnM7m9jdtjuNI9Ipg5tuaylW
HQpKs3sXZLTMRgUfQp+a4uWA6kio6nsuR+ZoDjycLMzJCWpydWLn1xG8ScxSPjvj
sXWC6BYZ0/4=
=nUhU
-----END PGP SIGNATURE-----

--- End Message ---