1. Forum
  2. Usenet
  3. COMP.UNIX.BSD.FREEBSD.ANN

  • [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-17:06.openssh

    From FreeBSD Security Advisories@21:1/5 to All on Thu Aug 10 08:00:00 2017
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    ============================================================================= FreeBSD-SA-17:06.openssh Security Advisory
    The FreeBSD Project

    Topic: OpenSSH Denial of Service vulnerability

    Category: contrib
    Module: OpenSSH
    Announced: 2017-08-10
    Affects: All supported versions of FreeBSD.
    Corrected: 2017-08-10 06:36:37 UTC (stable/11, 11.1-STABLE)
    2017-08-10 06:59:07 UTC (releng/11.1, 11.1-RELEASE-p1)
    2017-08-10 06:59:26 UTC (releng/11.0, 11.0-RELEASE-p12)
    2017-08-10 06:36:37 UTC (stable/10, 10.3-STABLE)
    2017-08-10 06:59:43 UTC (releng/10.3, 10.3-RELEASE-p21)
    CVE Name: CVE-2016-6515

    For general information regarding FreeBSD Security Advisories,
    including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>.

    I. Background

    OpenSSH is an implementation of the SSH protocol suite, providing an
    encrypted and authenticated transport for a variety of services,
    including remote shell access.

    OpenSSH supports a built-in password authentication method, which is
    enabled with PasswordAuthentication. This option is disabled by
    default on FreeBSD.

    II. Problem Description

    There is no limit on the password length.

    III. Impact

    A remote attacker may be able to cause an affected SSH server to use
    excessive amount of CPU by sending very long passwords, when PasswordAuthentication is enabled by the system administrator.

    IV. Workaround

    Disable PasswordAuthentication in /etc/ssh/sshd_config and restart
    sshd. This is the default FreeBSD configuration.

    V. Solution

    Perform one of the following:

    1) Upgrade your vulnerable system to a supported FreeBSD stable or
    release / security branch (releng) dated after the correction date.

    Restart SSH service.

    2) To update your vulnerable system via a binary patch:

    Systems running a RELEASE version of FreeBSD on the i386 or amd64
    platforms can be updated via the freebsd-update(8) utility:

    # freebsd-update fetch
    # freebsd-update install

    Restart SSH service.

    3) To update your vulnerable system via a source code patch:

    The following patches have been verified to apply to the applicable
    FreeBSD release branches.

    a) Download the relevant patch from the location below, and verify the
    detached PGP signature using your PGP utility.

    # fetch https://security.FreeBSD.org/patches/SA-17:06/openssh.patch
    # fetch https://security.FreeBSD.org/patches/SA-17:06/openssh.patch.asc
    # gpg --verify openssh.patch.asc

    b) Apply the patch. Execute the following commands as root:

    # cd /usr/src
    # patch < /path/to/patch

    c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

    Restart the SSH daemon, or reboot the system.

    VI. Correction details

    The following list contains the correction revision numbers for each
    affected branch.

    Branch/path Revision
    - ------------------------------------------------------------------------- stable/10/ r322341 releng/10.3/ r322344 stable/11/ r322341 releng/11.0/ r322343 releng/11.1/ r322342
    - -------------------------------------------------------------------------

    To see which files were modified by a particular revision, run the
    following command, replacing NNNNNN with the revision number, on a
    machine with Subversion installed:

    # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

    Or visit the following URL, replacing NNNNNN with the revision number:

    <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

    VII. References

    <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6515>

    The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.asc> -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.1.21 (FreeBSD)

    iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlmMBgIACgkQ7Wfs1l3P aucJdxAA08okYfV547zvlAnX0t2lzVY7k0EDpXJChmmOjTwcvWODXMCyfTzP0EQb E7QjGushlfGU8tgCrbcFf46r2NgDRlqf5/+QK/fIohcQNwfKwJV0J5oeICzTwwOY rAjgeg03T785nSiF/WyX3NsdWv/uVvJqalAqfohj4O1YUEkZPezDUdcys+ESvqAW ujEQId1sD3wlHcwZweFmN60hzHuqR2o6+/3G8aT9ZZG3v46nM6moZiUyF5vh1hEl 16y86kyAIrTb0cCpsUL3M6ajQ15y/EQEzQBCqMedGdWlJzOFZyxgsCikcCw+07pr u0NCrzq37E+8hQGFQk5ZoZxQb/8xaReQACi+RZeJAevWX0vOni6dCSWPMy6WqXOf D8CzEcZiT+fYB4/zev/xPxlF5onEw4gbTkgbu1KLvBD9AgSKu7MdPoxkpyOwolMs nAC084kl+yYJuxHAr7W58VdGPFDOHsvG6YYWQ4nwKjJqKGi24eOGQkOPUtBuJRYA Q8ISdE0VXiMmND0vhLNDh0Gjbupz3nBNoawGAGy9OsNqRhQ6ioYIte67Ku+ev7nz ydS8P72ExWuYQHsyVIoJviAAFnSPA2H15/tCES5Di8SkeLik7tQrI3SHOH0qd328 dl0l2VGnnWYsAgGa68Xksn/DZd07cdpp5q1GitqvMPeDBb8/Iaw=
    =FxJQ
    -----END PGP SIGNATURE-----
    _______________________________________________
    freebsd-announce@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-announce
    To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)