Bug 17809 - libssh needs to be updated for CVE-2016-0739
Summary: libssh needs to be updated for CVE-2016-0739
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/676929/
Whiteboard: has_procedure advisory MGA5-64-OK MGA...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2016-02-23 14:47 CET by Pascal Terjan
Modified: 2016-02-24 18:07 CET (History)
3 users (show)

See Also:
Source RPM: libssh
CVE:
Status comment:


Attachments

Description Pascal Terjan 2016-02-23 14:47:23 CET
libssh versions 0.1 and above have a bits/bytes confusion bug and generate the an anormaly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods.
The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. There are practical algorithms (Baby steps/Giant steps, Pollardâs rho) that can solve this problem in O(2^63) operations.

Both client and server are are vulnerable, pre-authentication. This vulnerability could be exploited by an eavesdropper with enough resources to decrypt or intercept SSH sessions. The bug was found during an internal code review by Aris Adamantiadis of the libssh team.

Packages were uploaded in cauldron and in 5/core/updates_testing
Comment 1 Samuel Verschelde 2016-02-23 14:50:58 CET
Assigning to packagers collectively since ssh does not have a registered maintainer.

Assignee: bugsquad => pkg-bugs

Comment 2 Pascal Terjan 2016-02-23 14:52:50 CET
Note the last line, I created the update candidate already :)
Comment 3 Samuel Verschelde 2016-02-23 15:12:31 CET
Oops, assigning to you then, as you should have, until you decide it's ready for QA!

Assignee: pkg-bugs => pterjan

Comment 4 David Walser 2016-02-23 15:31:18 CET
Testing procedure (please note that openssh does *not* use this):
https://bugs.mageia.org/show_bug.cgi?id=8880#c2

Advisory:
========================

Updated libssh packages fix security vulnerability:

libssh versions 0.1 and above have a bits/bytes confusion bug and generate an
abnormally short ephemeral secret for the diffie-hellman-group1 and
diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits
long, instead of the recommended sizes of 1024 and 2048 bits respectively.
Both client and server are are vulnerable, pre-authentication. This
vulnerability could be exploited by an eavesdropper with enough resources to
decrypt or intercept SSH sessions (CVE-2016-0739).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0739
https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/
========================

Updated packages in core/updates_testing:
========================
libssh4-0.6.5-1.mga5
libssh-devel-0.6.5-1.mga5

from libssh-0.6.5-1.mga5.src.rpm

Assignee: pterjan => qa-bugs
Whiteboard: (none) => has_procedure

Comment 5 David Walser 2016-02-23 15:32:07 CET
kio_sftp also uses this (sftp:/ protocol in Konqueror).

kio_sftp is really neat.  Very straightforward to use:
http://blog.cynapses.org/2009/07/24/kio_sftp-in-action/

CC: (none) => luigiwalser

Comment 6 Pascal Terjan 2016-02-23 16:31:14 CET
I forgot to change the release...
Comment 7 David Walser 2016-02-23 16:42:47 CET
(In reply to Pascal Terjan from comment #6)
> I forgot to change the release...

You mean you forgot to add a subrel.  Please add it on the line directly above the %mkrel line.  Thanks.
Comment 8 David Walser 2016-02-23 16:43:37 CET
Oh you already did.

Updated packages in core/updates_testing:
========================
libssh4-0.6.5-1.1.mga5
libssh-devel-0.6.5-1.1.mga5

from libssh-0.6.5-1.1.mga5.src.rpm
Comment 9 Len Lawrence 2016-02-24 09:25:09 CET
mga5  x86_64  4.1.15-desktop-2.mga5  Mate

Before update.  Needed to install hydra,
"a very fast network logon cracker which support many different services"

$ sudo urpmi hydra
(medium "Core Release (distrib1)")
  hydra                          8.1          1.mga5        x86_64  
  lib64fbclient2                 2.5.3.26778  4.mga5        x86_64  
  lib64ncpfs2.3                  2.2.6        18.mga5       x86_64  

Used test procedure referenced in comment #4.

$ hydra -l testuser -p testpass ssh://localhost
Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2016-02-24 08:09:15
[DATA] max 1 task per 1 server, overall 64 tasks, 1 login try (l:1/p:1), ~0 tries per task
[DATA] attacking service ssh on port 22
1 of 1 target completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2016-02-24 08:09:18


Updated to lib64ssh4-0.6.5-1.1.mga5
and
# urpmi --search-media "Updates Testing" lib64ssh-devel
(medium "Core Release (distrib1)")
  lib64gpg-error-devel           1.13         3.mga5        x86_64  
(medium "Core Updates (distrib3)")
  lib64gcrypt-devel              1.5.4        5.2.mga5      x86_64  
(medium "Core Updates Testing (distrib5)")
  lib64ssh-devel                 0.6.5        1.1.mga5      x86_64  

$ hydra -l testuser -p testpass ssh://localhost
[DATA] max 1 task per 1 server, overall 64 tasks, 1 login try (l:1/p:1), ~0 tries per task
[DATA] attacking service ssh on port 22
1 of 1 target completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2016-02-24 08:19:53

CC: (none) => tarazed25

Len Lawrence 2016-02-24 09:25:32 CET

Whiteboard: has_procedure => has_procedure MGA5-64-OK

Comment 10 Len Lawrence 2016-02-24 10:41:26 CET
mga5  i586 in virtualbox  4.4.1-desktop-2.mga5  Mate

Installed hydra for the pre and post update testing of this candidate.
Used this command:
$ hydra -l testuser -p testpass ssh://localhost

to produce the same kind of output as in the 64-bit case, cf comment #9.

lib(64)ssh4 can be validated and pushed to Mageia 5 updates.
Len Lawrence 2016-02-24 10:42:11 CET

Keywords: (none) => validated_update
Whiteboard: has_procedure MGA5-64-OK => has_procedure MGA5-64-OK MGA5-32-OK
CC: (none) => sysadmin-bugs

Comment 11 David Walser 2016-02-24 16:02:43 CET
Adding upstream advisory to references.

Also, Ubuntu has issued an advisory for this on February 23:
http://www.ubuntu.com/usn/usn-2912-1

Advisory:
========================

Updated libssh packages fix security vulnerability:

libssh versions 0.1 and above have a bits/bytes confusion bug and generate an
abnormally short ephemeral secret for the diffie-hellman-group1 and
diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits
long, instead of the recommended sizes of 1024 and 2048 bits respectively.
Both client and server are are vulnerable, pre-authentication. This
vulnerability could be exploited by an eavesdropper with enough resources to
decrypt or intercept SSH sessions (CVE-2016-0739).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0739
https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/
https://www.libssh.org/security/advisories/CVE-2016-0739.txt

URL: https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/ => http://lwn.net/Vulnerabilities/676929/
Severity: normal => major

Comment 12 claire robinson 2016-02-24 17:59:11 CET
Advisory uploaded.

Whiteboard: has_procedure MGA5-64-OK MGA5-32-OK => has_procedure advisory MGA5-64-OK MGA5-32-OK

Comment 13 Mageia Robot 2016-02-24 18:07:09 CET
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0082.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.