Debian Bug report logs - #506115
openssh: Plaintext Recovery Attack Against SSH

version graph

Package: openssh; Maintainer for openssh is Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>;

Reported by: Hideki Yamane <henrich@debian.or.jp>

Date: Tue, 18 Nov 2008 13:48:05 UTC

Severity: normal

Found in version openssh/1:5.1p1-5

Fixed in version openssh/1:5.2p1-1

Done: Colin Watson <cjwatson@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#506115; Package openssh. (Tue, 18 Nov 2008 13:48:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Hideki Yamane <henrich@debian.or.jp>:
New Bug report received and forwarded. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Tue, 18 Nov 2008 13:48:08 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Hideki Yamane <henrich@debian.or.jp>
To: submit@bugs.debian.org
Subject: openssh: Plaintext Recovery Attack Against SSH
Date: Tue, 18 Nov 2008 22:44:02 +0900
[Message part 1 (text/plain, inline)]
package: openssh
servity: grave
tag: security upstream

Hi OpenSSH package maintainers (and lists),

 I saw new OpenSSH vulnerability issue.
 See http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt

 It says
"The attack was verified against the following product version running on Debian GNU/Linux:

- OpenSSH 4.7p1

Other versions are also affected. Other implementations of the SSH
protocol may also be affected."

 and upstream was reported this issue by CPNI (they say). IMHO, we should
 contact to upstream and wait to be put a solution from them.


-- 
Regards,

 Hideki Yamane     henrich @ debian.or.jp/iijmio-mail.jp
 http://wiki.debian.org/HidekiYamane
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#506115; Package openssh. (Tue, 18 Nov 2008 14:42:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Tue, 18 Nov 2008 14:42:06 GMT) Full text and rfc822 format available.

Message #10 received at 506115@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: Hideki Yamane <henrich@debian.or.jp>, 506115@bugs.debian.org
Subject: Re: Bug#506115: openssh: Plaintext Recovery Attack Against SSH
Date: Tue, 18 Nov 2008 14:40:48 +0000
On Tue, Nov 18, 2008 at 10:44:02PM +0900, Hideki Yamane wrote:
> package: openssh
> servity: grave
> tag: security upstream
> 
> Hi OpenSSH package maintainers (and lists),
> 
>  I saw new OpenSSH vulnerability issue.
>  See http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
> 
>  It says
> "The attack was verified against the following product version running on Debian GNU/Linux:
> 
> - OpenSSH 4.7p1
> 
> Other versions are also affected. Other implementations of the SSH
> protocol may also be affected."
> 
>  and upstream was reported this issue by CPNI (they say). IMHO, we should
>  contact to upstream and wait to be put a solution from them.

I'm aware of this and would be absolutely astonished if upstream
weren't; I'm keeping an eye on CVS for an update.

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#506115; Package openssh. (Thu, 20 Nov 2008 19:12:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Thu, 20 Nov 2008 19:12:04 GMT) Full text and rfc822 format available.

Message #15 received at 506115@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.org>
To: Hideki Yamane <henrich@debian.or.jp>
Cc: 506115@bugs.debian.org
Subject: Re: openssh: Plaintext Recovery Attack Against SSH
Date: Thu, 20 Nov 2008 20:09:33 +0100
severity 506115 grave
thanks

On 2008-11-18 22:44:02 +0900, Hideki Yamane wrote:
> package: openssh
> servity: grave

I assume this is a typo (severity, not servity).

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)




Severity set to `grave' from `normal' Request was from Vincent Lefevre <vincent@vinc17.org> to control@bugs.debian.org. (Thu, 20 Nov 2008 19:12:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#506115; Package openssh. (Fri, 21 Nov 2008 11:51:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Fri, 21 Nov 2008 11:51:10 GMT) Full text and rfc822 format available.

Message #22 received at 506115@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: Hideki Yamane <henrich@debian.or.jp>, 506115@bugs.debian.org
Subject: Re: Bug#506115: openssh: Plaintext Recovery Attack Against SSH
Date: Fri, 21 Nov 2008 11:49:01 +0000
severity 506115 normal
thanks

On Tue, Nov 18, 2008 at 02:40:48PM +0000, Colin Watson wrote:
> On Tue, Nov 18, 2008 at 10:44:02PM +0900, Hideki Yamane wrote:
> > Hi OpenSSH package maintainers (and lists),
> > 
> >  I saw new OpenSSH vulnerability issue.
> >  See http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
> > 
> >  It says
> > "The attack was verified against the following product version running on Debian GNU/Linux:
> > 
> > - OpenSSH 4.7p1
> > 
> > Other versions are also affected. Other implementations of the SSH
> > protocol may also be affected."
> > 
> >  and upstream was reported this issue by CPNI (they say). IMHO, we should
> >  contact to upstream and wait to be put a solution from them.
> 
> I'm aware of this and would be absolutely astonished if upstream
> weren't; I'm keeping an eye on CVS for an update.

Upstream have put out the following advisory notice now:

  http://www.openssh.com/txt/cbc.adv

  OpenSSH Security Advisory: cbc.adv
  
  Regarding the "Plaintext Recovery Attack Against SSH" reported as
  CPNI-957037[1]:
  
  The OpenSSH team has been made aware of an attack against the SSH
  protocol version 2 by researchers at the University of London.
  Unfortunately, due to the report lacking any detailed technical
  description of the attack and CPNI's unwillingness to share necessary
  information, we are unable to properly assess its impact.
  
  Based on the description contained in the CPNI report and a slightly
  more detailed description forwarded by CERT this issue appears to be
  substantially similar to a known weakness in the SSH binary packet
  protocol first described in 2002 by Bellare, Kohno and Namprempre[2].
  The new component seems to be an attack that can recover 14 bits of
  plaintext with a success probability of 2^-14, though we suspect this
  underestimates the work required by a practical attack.
  
  For most SSH usage scenarios, this attack has a very low likelihood of
  being carried out successfully - each attempt has a low probability
  of success and each failure will cause connection termination with a
  fatal error. It is therefore very unlikely for an interactive session
  to be usefully attacked using this protocol weakness: an attacker would
  expect around 32768 connection-killing attempts before they are likely
  to succeed. This level of disruption would certainly be noticed and it
  is highly unlikely that any user would retry the connection enough times
  for the attack to succeed.
  
  The usage pattern where the attack is most likely to succeed is where an
  automated connection is configured to retry indefinitely in the event of
  errors. In this case, it might be possible to recover as much as 14 bits
  of plaintext per hour (assuming a very fast 10 connections per second).
  Implementing a limit on the number of connection retries (e.g. 256) is
  sufficient to render the attack infeasible for this case.
  
  AES CTR mode and arcfour ciphers are not vulnerable to this attack at
  all. These may be preferentially selected by placing the following
  directive in sshd_config and ssh_config:
  
  Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc
  
  A future version of OpenSSH may make CTR mode ciphers the default and/or
  implement other countermeasures, but at present we do not feel that this
  issue is serious enough to make an emergency release.
  
  -d
  
  [1] http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
  [2] http://www.cs.washington.edu/homes/yoshi/papers/TISSEC04/

Accordingly, I'm downgrading this bug; I'd rather not rush out a
configuration change (which could well break interoperability with
unusual servers; it wouldn't be the first time) when upstream doesn't
feel it's urgent enough to do so themselves.

-- 
Colin Watson                                       [cjwatson@debian.org]




Severity set to `normal' from `grave' Request was from Colin Watson <cjwatson@debian.org> to control@bugs.debian.org. (Fri, 21 Nov 2008 11:51:11 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#506115; Package openssh. (Fri, 21 Nov 2008 16:33:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Fri, 21 Nov 2008 16:33:03 GMT) Full text and rfc822 format available.

Message #29 received at 506115@bugs.debian.org (full text, mbox):

From: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
To: 506115@bugs.debian.org
Cc: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Subject: Re: Bug#506115: openssh: Plaintext Recovery Attack Against SSH
Date: Fri, 21 Nov 2008 17:29:33 +0100 (CET)
On Fri, 21 Nov 2008, Colin Watson wrote:

> Accordingly, I'm downgrading this bug; I'd rather not rush out a
> configuration change (which could well break interoperability with
> unusual servers; it wouldn't be the first time) when upstream doesn't
> feel it's urgent enough to do so themselves.

Right.  But what exactly are the pits one could fall into, should one
follow the advice?

   Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc

How would one go about asking the ssh-server something like:

  What ciphers are you capable of?

from a batch job?
The answer would enable the admin to assert if interoperability allows for
such a measure.


Cheers,

-- 
Cristian




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#506115; Package openssh. (Fri, 21 Nov 2008 18:48:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Fri, 21 Nov 2008 18:48:03 GMT) Full text and rfc822 format available.

Message #34 received at 506115@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>, 506115@bugs.debian.org
Cc: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Subject: Re: Bug#506115: openssh: Plaintext Recovery Attack Against SSH
Date: Fri, 21 Nov 2008 18:44:53 +0000
On Fri, Nov 21, 2008 at 05:29:33PM +0100, Cristian Ionescu-Idbohrn wrote:
> On Fri, 21 Nov 2008, Colin Watson wrote:
> > Accordingly, I'm downgrading this bug; I'd rather not rush out a
> > configuration change (which could well break interoperability with
> > unusual servers; it wouldn't be the first time) when upstream doesn't
> > feel it's urgent enough to do so themselves.
> 
> Right.  But what exactly are the pits one could fall into, should one
> follow the advice?
> 
>    Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc

sshd_config(5) says:

     Ciphers
             Specifies the ciphers allowed for protocol version 2.
             Multiple ciphers must be comma-separated.  The supported
             ciphers are ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'',
             ``aes256-cbc'', ``aes128-ctr'', ``aes192-ctr'',
             ``aes256-ctr'', ``arcfour128'', ``arcfour256'',
             ``arcfour'', ``blowfish-cbc'', and ``cast128-cbc''.  The
             default is:

                aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
                arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
                aes192-ctr,aes256-ctr

The comment in the upstream advisory is essentially just reordering the
CTR ones to the front and dropping some of them (3des-cbc, blowfish-cbc,
cast128-cbc, arcfour128, aes192-cbc, aes192-ctr). I don't pretend to
know which of these are most widely-supported, but it seems clear to me
that one could improve safety with a relatively small chance of losing a
cipher you actually needed with:

  Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc

(for example).

If the server didn't support any of those, then I imagine you'd just get
a complete failure.

> How would one go about asking the ssh-server something like:
> 
>   What ciphers are you capable of?
> 
> from a batch job?

Sorry, I don't know of a way to do that, although you could probably get
it from 'ssh -vvv' output.

I'm not going to spend much time on this given that upstream doesn't
think it's serious. I tend to agree having read their analysis, too: if
it takes you several tens of thousands of attempts to connect
successfully, then you should probably consider whether somebody is
mucking about with your connection rather than continuing to type in
your password ...

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#506115; Package openssh. (Thu, 21 May 2009 14:12:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Thu, 21 May 2009 14:12:03 GMT) Full text and rfc822 format available.

Message #39 received at 506115@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: 506115@bugs.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Subject: Re: Bug#506115: openssh: Plaintext Recovery Attack Against SSH
Date: Thu, 21 May 2009 16:09:07 +0200
On Fri, Nov 21, 2008 at 06:44:53PM +0000, Colin Watson wrote:
> On Fri, Nov 21, 2008 at 05:29:33PM +0100, Cristian Ionescu-Idbohrn wrote:
> > On Fri, 21 Nov 2008, Colin Watson wrote:
> > > Accordingly, I'm downgrading this bug; I'd rather not rush out a
> > > configuration change (which could well break interoperability with
> > > unusual servers; it wouldn't be the first time) when upstream doesn't
> > > feel it's urgent enough to do so themselves.
> > 
> > Right.  But what exactly are the pits one could fall into, should one
> > follow the advice?
> > 
> >    Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc
> 
> I'm not going to spend much time on this given that upstream doesn't
> think it's serious. I tend to agree having read their analysis, too: if
> it takes you several tens of thousands of attempts to connect
> successfully, then you should probably consider whether somebody is
> mucking about with your connection rather than continuing to type in
> your password ...

The mitigation patches added in OpenSSH added in 5.2 are too riskey
to interoperability regressions IMO.

However, we could apply the previous mitigation patch in a stable point
update:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.157;r2=1.158;f=h

Colin, what do you think?

Cheers,
        Moritz




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#506115; Package openssh. (Tue, 30 Jun 2009 22:06:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Tue, 30 Jun 2009 22:06:02 GMT) Full text and rfc822 format available.

Message #44 received at 506115@bugs.debian.org (full text, mbox):

From: Luk Claes <luk@debian.org>
To: 506115@bugs.debian.org
Cc: Colin Watson <cjwatson@debian.org>
Subject: Re: openssh: Plaintext Recovery Attack Against SSH
Date: Wed, 01 Jul 2009 00:09:24 +0200
Hi Colin

Can you please send an update to this bug and tell me whether you think
it warrants an update to proposed-updates (to include it in the next
point release), TIA?

Cheers

Luk




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#506115; Package openssh. (Fri, 01 Jan 2010 23:06:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Fri, 01 Jan 2010 23:06:06 GMT) Full text and rfc822 format available.

Message #49 received at 506115@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: Luk Claes <luk@debian.org>, 506115@bugs.debian.org
Cc: Moritz Muehlenhoff <jmm@inutil.org>
Subject: Re: Bug#506115: openssh: Plaintext Recovery Attack Against SSH
Date: Fri, 1 Jan 2010 23:01:31 +0000
On Wed, Jul 01, 2009 at 12:09:24AM +0200, Luk Claes wrote:
> Can you please send an update to this bug and tell me whether you think
> it warrants an update to proposed-updates (to include it in the next
> point release), TIA?

I think the patch Moritz linked to earlier is fine for proposed-updates,
and probably worth it; I backported it in openssh 1:5.1p1-5 as well.

(My apologies for not replying earlier. I somehow missed this ...)

-- 
Colin Watson                                       [cjwatson@debian.org]




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#506115; Package openssh. (Fri, 01 Jan 2010 23:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Fri, 01 Jan 2010 23:33:03 GMT) Full text and rfc822 format available.

Message #54 received at 506115@bugs.debian.org (full text, mbox):

From: Luk Claes <luk@debian.org>
To: Colin Watson <cjwatson@debian.org>
Cc: 506115@bugs.debian.org, Moritz Muehlenhoff <jmm@inutil.org>
Subject: Re: Bug#506115: openssh: Plaintext Recovery Attack Against SSH
Date: Sat, 02 Jan 2010 00:30:50 +0100
Colin Watson wrote:
> On Wed, Jul 01, 2009 at 12:09:24AM +0200, Luk Claes wrote:
>> Can you please send an update to this bug and tell me whether you think
>> it warrants an update to proposed-updates (to include it in the next
>> point release), TIA?
> 
> I think the patch Moritz linked to earlier is fine for proposed-updates,
> and probably worth it; I backported it in openssh 1:5.1p1-5 as well.
> 
> (My apologies for not replying earlier. I somehow missed this ...)

Ok, please upload.

Cheers

Luk




Added tag(s) pending. Request was from Colin Watson <cjwatson@debian.org> to control@bugs.debian.org. (Sat, 02 Jan 2010 00:51:12 GMT) Full text and rfc822 format available.

Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Mon, 04 Jan 2010 15:48:38 GMT) Full text and rfc822 format available.

Notification sent to Hideki Yamane <henrich@debian.or.jp>:
Bug acknowledged by developer. (Mon, 04 Jan 2010 15:48:38 GMT) Full text and rfc822 format available.

Message #61 received at 506115-close@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: 506115-close@bugs.debian.org
Subject: Bug#506115: fixed in openssh 1:5.2p1-1
Date: Mon, 04 Jan 2010 15:44:23 +0000
Source: openssh
Source-Version: 1:5.2p1-1

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:

openssh-client-udeb_5.2p1-1_i386.udeb
  to main/o/openssh/openssh-client-udeb_5.2p1-1_i386.udeb
openssh-client_5.2p1-1_i386.deb
  to main/o/openssh/openssh-client_5.2p1-1_i386.deb
openssh-server-udeb_5.2p1-1_i386.udeb
  to main/o/openssh/openssh-server-udeb_5.2p1-1_i386.udeb
openssh-server_5.2p1-1_i386.deb
  to main/o/openssh/openssh-server_5.2p1-1_i386.deb
openssh_5.2p1-1.diff.gz
  to main/o/openssh/openssh_5.2p1-1.diff.gz
openssh_5.2p1-1.dsc
  to main/o/openssh/openssh_5.2p1-1.dsc
openssh_5.2p1.orig.tar.gz
  to main/o/openssh/openssh_5.2p1.orig.tar.gz
ssh-askpass-gnome_5.2p1-1_i386.deb
  to main/o/openssh/ssh-askpass-gnome_5.2p1-1_i386.deb
ssh-krb5_5.2p1-1_all.deb
  to main/o/openssh/ssh-krb5_5.2p1-1_all.deb
ssh_5.2p1-1_all.deb
  to main/o/openssh/ssh_5.2p1-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 506115@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 04 Jan 2010 13:23:35 +0000
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source all i386
Version: 1:5.2p1-1
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 154434 415008 420682 496017 498684 505378 506115 507541 512198 513417 514313 524423 530692 536182 540623 555951 556644 561887
Changes: 
 openssh (1:5.2p1-1) unstable; urgency=low
 .
   * New upstream release (closes: #536182). Yes, I know 5.3p1 has been out
     for a while, but there's no GSSAPI patch available for it yet.
     - Change the default cipher order to prefer the AES CTR modes and the
       revised "arcfour256" mode to CBC mode ciphers that are susceptible to
       CPNI-957037 "Plaintext Recovery Attack Against SSH".
     - Add countermeasures to mitigate CPNI-957037-style attacks against the
       SSH protocol's use of CBC-mode ciphers. Upon detection of an invalid
       packet length or Message Authentication Code, ssh/sshd will continue
       reading up to the maximum supported packet length rather than
       immediately terminating the connection. This eliminates most of the
       known differences in behaviour that leaked information about the
       plaintext of injected data which formed the basis of this attack
       (closes: #506115, LP: #379329).
     - ForceCommand directive now accepts commandline arguments for the
       internal-sftp server (closes: #524423, LP: #362511).
     - Add AllowAgentForwarding to available Match keywords list (closes:
       #540623).
     - Make ssh(1) send the correct channel number for
       SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE messages to
       avoid triggering 'Non-public channel' error messages on sshd(8) in
       openssh-5.1.
     - Avoid printing 'Non-public channel' warnings in sshd(8), since the
       ssh(1) has sent incorrect channel numbers since ~2004 (this reverts a
       behaviour introduced in openssh-5.1; closes: #496017).
     - Disable nonfunctional ssh(1) ~C escape handler in multiplex slave
       connections (closes: #507541).
     - Fix "whitepsace" typo in ssh_config(5) (closes: #514313, LP: #303835).
   * Update to GSSAPI patch from
     http://www.sxw.org.uk/computing/patches/openssh-5.2p1-gsskex-all-20090726.patch,
     including cascading credentials support (LP: #416958).
   * Use x11.pc when compiling/linking gnome-ssh-askpass2 (closes: #555951).
   * Moved to bzr.debian.org; add Vcs-Bzr and Vcs-Browser control fields.
   * Add debian/README.source with instructions on bzr handling.
   * Make ChrootDirectory work with SELinux (thanks, Russell Coker; closes:
     #556644).
   * Initialise sc to NULL in ssh_selinux_getctxbyname (thanks, Václav Ovsík;
     closes: #498684).
   * Don't duplicate backslashes when displaying server banner (thanks,
     Michał Górny; closes: #505378, LP: #425346).
   * Use hardening-includes for hardening logic (thanks, Kees Cook; closes:
     #561887).
   * Update OpenSSH FAQ to revision 1.110.
   * Remove ssh/new_config, only needed for direct upgrades from potato which
     are no longer particularly feasible anyway (closes: #420682).
   * Cope with insserv reordering of init script links.
   * Remove init script stop link in rc1, as killprocs handles it already.
   * Adjust short descriptions to avoid relying on previous experience with
     rsh, based on suggestions from Reuben Thomas (closes: #512198).
   * Remove manual page references to login.conf, which aren't applicable on
     non-BSD systems (closes: #154434).
   * Remove/adjust manual page references to BSD-specific /etc/rc (closes:
     #513417).
   * Refer to sshd_config(5) rather than sshd(8) in postinst-written
     /etc/ssh/sshd_config, and add UsePAM commentary from upstream-shipped
     configuration file (closes: #415008, although unfortunately this will
     only be conveniently visible on new installations).
   * Include URL to OpenBSD's ssl(8) in ssh(1), since I don't see a better
     source for the same information among Debian's manual pages (closes:
     #530692, LP: #456660).
Checksums-Sha1: 
 dcfd8d5b9f2f28a0c7c5bfbc773cb3d6bbb6e314 1645 openssh_5.2p1-1.dsc
 8273a0237db98179fbdc412207ff8eb14ff3d6de 1016612 openssh_5.2p1.orig.tar.gz
 48c8d2b45c6b55004697ac2d3424b36820914457 231152 openssh_5.2p1-1.diff.gz
 643bf9c4800636ddf25f6dddd1c0cfa4855cbf99 1206 ssh_5.2p1-1_all.deb
 1c2874277d4b2e553c2462604094bc852c18d0a8 72730 ssh-krb5_5.2p1-1_all.deb
 7866ae1fd2763e7b5eb437c39ec4123e2f2daef3 747462 openssh-client_5.2p1-1_i386.deb
 5ea79b9ca3050439a0751c68b90bea1aa928583e 278672 openssh-server_5.2p1-1_i386.deb
 e2e74e87b6243ecdf387d97686539cbed2477f76 80262 ssh-askpass-gnome_5.2p1-1_i386.deb
 99f40e535037814aa7332437666f0ab23686e638 175744 openssh-client-udeb_5.2p1-1_i386.udeb
 cbafe9341bfb14d561941d001936c02adbf76598 197886 openssh-server-udeb_5.2p1-1_i386.udeb
Checksums-Sha256: 
 d7b3aed3402ac67385faf91fe19ad04faaa9902fd5863dcc46c30f4372dabf14 1645 openssh_5.2p1-1.dsc
 4023710c37d0b3d79e6299cb79b6de2a31db7d581fe59e775a5351784034ecae 1016612 openssh_5.2p1.orig.tar.gz
 88878592bc4ed2f2cabc183a9efb2475704f0d7a2bb966c7828229efdf8f6683 231152 openssh_5.2p1-1.diff.gz
 1f303238ddb46e4c94c26984dba47f1932770278896cfd54cd10dcd7401abf2f 1206 ssh_5.2p1-1_all.deb
 16986d0b24d8211a0303de21627351a509ceab186b0857131462b5ed5f0cd378 72730 ssh-krb5_5.2p1-1_all.deb
 b9842297f615f85dd7c2ef01f7eed2ca9f1b374b1972f3d3d152162b92c7e4e3 747462 openssh-client_5.2p1-1_i386.deb
 f8f7e7a29cd05fe6787c2976e48b2e389b7ee12dd9b2d81b3a5170c35664ea4e 278672 openssh-server_5.2p1-1_i386.deb
 cb4f258674ea4a408a9cc33789aa90ce804227e76615efed3c1aeebb2837ec64 80262 ssh-askpass-gnome_5.2p1-1_i386.deb
 46f4acd8ba5b4fb58601e2cc357b4f4a561f07f50be9424f666427a0e186ceb4 175744 openssh-client-udeb_5.2p1-1_i386.udeb
 02ec1defbc6ef4f5068c9c19eb735220837ab79838a6465b0d8550403c20075c 197886 openssh-server-udeb_5.2p1-1_i386.udeb
Files: 
 bdf4750700a34040c354a58fb3928f87 1645 net standard openssh_5.2p1-1.dsc
 ada79c7328a8551bdf55c95e631e7dad 1016612 net standard openssh_5.2p1.orig.tar.gz
 8b71afc010637d3145bbb60f92d5b471 231152 net standard openssh_5.2p1-1.diff.gz
 c9352daad4b15ca1c5fb46cdaa30eb79 1206 net extra ssh_5.2p1-1_all.deb
 d07b23f2478946bc53b906338dd6d7a5 72730 net extra ssh-krb5_5.2p1-1_all.deb
 0c6bc933f6956693cc88bac78f1b471d 747462 net standard openssh-client_5.2p1-1_i386.deb
 ca68b2ce567a74d8821ab7674e4ed248 278672 net optional openssh-server_5.2p1-1_i386.deb
 dd3e7d6c11ae89f950afdf97453a96a7 80262 gnome optional ssh-askpass-gnome_5.2p1-1_i386.deb
 6645f49bdcb0a5d71a74a69dca72393f 175744 debian-installer optional openssh-client-udeb_5.2p1-1_i386.udeb
 334c4f56384deabe748e545d5c244e78 197886 debian-installer optional openssh-server-udeb_5.2p1-1_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iD8DBQFLQe3i9t0zAhD6TNERAqowAJ4uwSXTnpo0RZx0YNFNqhGU6myhGgCeNodS
2eYKn0f2TMRt6piaVN2o8Cs=
=WfwE
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#506115; Package openssh. (Tue, 05 Jan 2010 12:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Tue, 05 Jan 2010 12:27:03 GMT) Full text and rfc822 format available.

Message #66 received at 506115@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: Luk Claes <luk@debian.org>, 506115@bugs.debian.org
Cc: Moritz Muehlenhoff <jmm@inutil.org>
Subject: Re: Bug#506115: openssh: Plaintext Recovery Attack Against SSH
Date: Tue, 5 Jan 2010 12:23:15 +0000
On Sat, Jan 02, 2010 at 12:30:50AM +0100, Luk Claes wrote:
> Colin Watson wrote:
> > On Wed, Jul 01, 2009 at 12:09:24AM +0200, Luk Claes wrote:
> >> Can you please send an update to this bug and tell me whether you think
> >> it warrants an update to proposed-updates (to include it in the next
> >> point release), TIA?
> > 
> > I think the patch Moritz linked to earlier is fine for proposed-updates,
> > and probably worth it; I backported it in openssh 1:5.1p1-5 as well.
> > 
> > (My apologies for not replying earlier. I somehow missed this ...)
> 
> Ok, please upload.

*looks*

Err, hang on. As I said, I backported it in openssh 1:5.1p1-5, which is
the version in stable. That means there's nothing to do, right?

  http://bzr.debian.org/loggerhead/pkg-ssh/openssh/trunk/revision/3292

-- 
Colin Watson                                       [cjwatson@debian.org]




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#506115; Package openssh. (Tue, 05 Jan 2010 18:30:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Tue, 05 Jan 2010 18:30:03 GMT) Full text and rfc822 format available.

Message #71 received at 506115@bugs.debian.org (full text, mbox):

From: Luk Claes <luk@debian.org>
To: Colin Watson <cjwatson@debian.org>
Cc: 506115@bugs.debian.org, Moritz Muehlenhoff <jmm@inutil.org>
Subject: Re: Bug#506115: openssh: Plaintext Recovery Attack Against SSH
Date: Tue, 05 Jan 2010 19:29:09 +0100
Colin Watson wrote:
> On Sat, Jan 02, 2010 at 12:30:50AM +0100, Luk Claes wrote:
>> Colin Watson wrote:
>>> On Wed, Jul 01, 2009 at 12:09:24AM +0200, Luk Claes wrote:
>>>> Can you please send an update to this bug and tell me whether you think
>>>> it warrants an update to proposed-updates (to include it in the next
>>>> point release), TIA?
>>> I think the patch Moritz linked to earlier is fine for proposed-updates,
>>> and probably worth it; I backported it in openssh 1:5.1p1-5 as well.
>>>
>>> (My apologies for not replying earlier. I somehow missed this ...)
>> Ok, please upload.
> 
> *looks*
> 
> Err, hang on. As I said, I backported it in openssh 1:5.1p1-5, which is
> the version in stable. That means there's nothing to do, right?
> 
>   http://bzr.debian.org/loggerhead/pkg-ssh/openssh/trunk/revision/3292

Ah, even better. I guess the bug can be closed in that case?

Cheers

Luk




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#506115; Package openssh. (Tue, 05 Jan 2010 22:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Tue, 05 Jan 2010 22:33:03 GMT) Full text and rfc822 format available.

Message #76 received at 506115@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Colin Watson <cjwatson@debian.org>
Cc: Luk Claes <luk@debian.org>, 506115@bugs.debian.org
Subject: Re: Bug#506115: openssh: Plaintext Recovery Attack Against SSH
Date: Tue, 5 Jan 2010 23:27:08 +0100
Colin Watson wrote:
> On Sat, Jan 02, 2010 at 12:30:50AM +0100, Luk Claes wrote:
> > Colin Watson wrote:
> > > On Wed, Jul 01, 2009 at 12:09:24AM +0200, Luk Claes wrote:
> > >> Can you please send an update to this bug and tell me whether you think
> > >> it warrants an update to proposed-updates (to include it in the next
> > >> point release), TIA?
> > > 
> > > I think the patch Moritz linked to earlier is fine for proposed-updates,
> > > and probably worth it; I backported it in openssh 1:5.1p1-5 as well.
> > > 
> > > (My apologies for not replying earlier. I somehow missed this ...)
> > 
> > Ok, please upload.
> 
> *looks*
> 
> Err, hang on. As I said, I backported it in openssh 1:5.1p1-5, which is
> the version in stable. That means there's nothing to do, right?
> 
>   http://bzr.debian.org/loggerhead/pkg-ssh/openssh/trunk/revision/3292

Doh, you're right. I missed that this was fixed during the freeze. Adding
this to Etch isn't worth the effort, since support for Etch ends in month
anyway.

Cheers,
        Moritz




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#506115; Package openssh. (Tue, 05 Jan 2010 23:21:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Tue, 05 Jan 2010 23:21:03 GMT) Full text and rfc822 format available.

Message #81 received at 506115@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: Luk Claes <luk@debian.org>, 506115@bugs.debian.org
Subject: Re: Bug#506115: openssh: Plaintext Recovery Attack Against SSH
Date: Tue, 5 Jan 2010 23:18:43 +0000
Source: openssh
Source-Version: 1:5.1p1-5

On Tue, Jan 05, 2010 at 11:27:08PM +0100, Moritz Muehlenhoff wrote:
> Colin Watson wrote:
> > Err, hang on. As I said, I backported it in openssh 1:5.1p1-5, which is
> > the version in stable. That means there's nothing to do, right?
> > 
> >   http://bzr.debian.org/loggerhead/pkg-ssh/openssh/trunk/revision/3292
> 
> Doh, you're right. I missed that this was fixed during the freeze. Adding
> this to Etch isn't worth the effort, since support for Etch ends in month
> anyway.

Righto - closing this for the version in lenny as well, then.

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 12 Feb 2010 07:29:34 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 12:40:31 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.