Bug 11622

Summary: openssh possible memory corruption vulnerability (CVE-2013-4548)
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: oe, sysadmin-bugs
Version: 3   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/573333/
Whiteboard: MGA2TOO
Source RPM: openssh-6.1p1-4.mga3.src.rpm CVE:
Status comment:

Description David Walser 2013-11-08 16:38:23 CET 
Upstream has issued an advisory on November 7:
http://www.openssh.com/txt/gcmrekey.adv

The following command suggests to me that the AES-GCM is enabled in our openssl, which would make this advisory affect us:

$ openssl list-cipher-algorithms | grep GCM
id-aes128-GCM
id-aes192-GCM
id-aes256-GCM
id-aes128-GCM
id-aes192-GCM
id-aes256-GCM

Oden has applied the upstream patch in openssh-6.2p2-3.mga4:
http://svnweb.mageia.org/packages?view=revision&revision=549918

It appears that we should issue an update for Mageia 2 and Mageia 3 as well.

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2013-11-08 17:02:32 CET 
Patched packages uploaded for Mageia 2 and Mageia 3.

Advisory:
========================

Updated openssh packages fix security vulnerability:

A memory corruption vulnerability exists in the post-authentication sshd
process when an AES-GCM cipher is selected during kex exchange. If exploited,
this vulnerability might permit code execution with the privileges of the
authenticated user and may therefore allow bypassing restricted shell/command
configurations.

References:
http://www.openssh.com/txt/gcmrekey.adv
========================

Updated packages in core/updates_testing:
========================
openssh-5.9p1-5.2.mga2
openssh-clients-5.9p1-5.2.mga2
openssh-server-5.9p1-5.2.mga2
openssh-askpass-common-5.9p1-5.2.mga2
openssh-askpass-5.9p1-5.2.mga2
openssh-askpass-gnome-5.9p1-5.2.mga2
openssh-6.1p1-4.1.mga3
openssh-clients-6.1p1-4.1.mga3
openssh-server-6.1p1-4.1.mga3
openssh-askpass-common-6.1p1-4.1.mga3
openssh-askpass-6.1p1-4.1.mga3
openssh-askpass-gnome-6.1p1-4.1.mga3
openssh-ldap-6.1p1-4.1.mga3

from SRPMS:
openssh-5.9p1-5.2.mga2.src.rpm
openssh-6.1p1-4.1.mga3.src.rpm

Assignee: bugsquad => qa-bugs
Whiteboard: (none) => MGA2TOO

Comment 2 David Walser 2013-11-08 17:04:59 CET 
CVE-2013-4548 has been allocated for this issue:
http://openwall.com/lists/oss-security/2013/11/08/3

Hopefully there isn't another CVE for it as well, given the message.

Updating the advisory.

Advisory:
========================

Updated openssh packages fix security vulnerability:

A memory corruption vulnerability exists in the post-authentication sshd
process when an AES-GCM cipher is selected during kex exchange. If exploited,
this vulnerability might permit code execution with the privileges of the
authenticated user and may therefore allow bypassing restricted shell/command
configurations (CVE-2013-4548).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4548
http://www.openssh.com/txt/gcmrekey.adv
========================

Updated packages in core/updates_testing:
========================
openssh-5.9p1-5.2.mga2
openssh-clients-5.9p1-5.2.mga2
openssh-server-5.9p1-5.2.mga2
openssh-askpass-common-5.9p1-5.2.mga2
openssh-askpass-5.9p1-5.2.mga2
openssh-askpass-gnome-5.9p1-5.2.mga2
openssh-6.1p1-4.1.mga3
openssh-clients-6.1p1-4.1.mga3
openssh-server-6.1p1-4.1.mga3
openssh-askpass-common-6.1p1-4.1.mga3
openssh-askpass-6.1p1-4.1.mga3
openssh-askpass-gnome-6.1p1-4.1.mga3
openssh-ldap-6.1p1-4.1.mga3

from SRPMS:
openssh-5.9p1-5.2.mga2.src.rpm
openssh-6.1p1-4.1.mga3.src.rpm
David Walser 2013-11-08 17:05:12 CET

Summary: openssh possible memory corruption vulnerability => openssh possible memory corruption vulnerability (CVE-2013-4548)

Comment 3 Oden Eriksson 2013-11-08 17:27:25 CET 
======================================================
Name: CVE-2013-4548
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4548
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130612
Category: 
Reference: MLIST:[oss-security] 20131107 Re: CVE Request - OpenSSH
Reference: URL:http://openwall.com/lists/oss-security/2013/11/08/3
Reference: CONFIRM:http://www.openssh.com/txt/gcmrekey.adv

The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH
6.2 and 6.3, when an AES-GCM cipher is used, does not properly
initialize memory for a MAC context data structure, which allows
remote authenticated users to bypass intended ForceCommand and
login-shell restrictions via packet data that provides a crafted
callback address.

CC: (none) => oe

Comment 4 David Walser 2013-11-08 18:35:25 CET 
Ubuntu has issued an advisory for this today (November 8):
http://www.ubuntu.com/usn/usn-2014-1/

They classified this as a high severity issue.

However, they also say this:
mdeslaur> only affects openssh 6.2+ as that is when AES-GCM support was
mdeslaur> introduced

Which would mean we don't have to issue an update.  Closing as INVALID.

Note that this was a real issue in Cauldron, and is FIXED there.

CC'ing sysadmins as the openssh updates in updates_testing should be removed.

Status: NEW => RESOLVED
URL: (none) => http://lwn.net/Vulnerabilities/573333/
CC: (none) => sysadmin-bugs
Resolution: (none) => INVALID