Pre-zero the MAC context.

Security: CVE-2013-4548 Security: FreeBSD-SA-13:14.openssh Approved by: so
svn path=/head/; revision=43207
2013-11-19 10:20:35 +00:00 · 2013-11-19 10:20:35 +00:00 · f57acf6c24 · 2020-12-08 03:00:23 +00:00
commit f57acf6c24
parent 2a4edf0513
4 changed files with 181 additions and 0 deletions
--- a/share/security/advisories/FreeBSD-SA-13:14.openssh.asc
+++ b/share/security/advisories/FreeBSD-SA-13:14.openssh.asc
@ -0,0 +1,139 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-13:14.openssh                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          OpenSSH AES-GCM memory corruption vulnerability
+
+Category:       contrib
+Module:         openssh
+Announced:      2013-11-19
+Affects:        FreeBSD 10.0-BETA
+Corrected:      2013-11-19 09:35:20 UTC (stable/10, 10.0-STABLE)
+                2013-11-19 09:35:20 UTC (stable/10, 10.0-BETA3-p1)
+                2013-11-19 09:35:20 UTC (stable/10, 10.0-BETA2-p1)
+                2013-11-19 09:35:20 UTC (stable/10, 10.0-BETA1-p2)
+CVE Name:       CVE-2013-4548
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+OpenSSH is an implementation of the SSH protocol suite, providing an
+encrypted and authenticated transport for a variety of services,
+including remote shell access.
+
+AES-GCM (Galois/Counter Mode) is a mode of operation for AES block
+cipher that combines the counter mode of encryption with the Galois
+mode of authentication which can offer throughput rates for state of
+the art, high speed communication channels.
+
+OpenSSH supports the AES-GCM algorithm as specified in RFC 5647.
+
+II.  Problem Description
+
+A memory corruption vulnerability exists in the post-authentication sshd
+process when an AES-GCM cipher (aes128-gcm@openssh.com or
+aes256-gcm@openssh.com) is selected during key exchange.
+
+III. Impact
+
+If exploited, this vulnerability might permit code execution with the
+privileges of the authenticated user, thereby allowing a malicious
+user with valid credentials to bypass shell or command restrictions
+placed on their account.
+
+IV.  Workaround
+
+Disable AES-GCM in the server configuration. This can be accomplished by
+adding the following /etc/sshd_config option, which will disable AES-GCM
+while leaving other ciphers active:
+
+Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc
+
+Systems not running the OpenSSH server daemon (sshd) are not affected.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-13:14/openssh.patch
+# fetch http://security.FreeBSD.org/patches/SA-13:14/openssh.patch.asc
+# gpg --verify openssh.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+Recompile the operating system using buildworld and installworld as
+described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the sshd daemon, or reboot the system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/10/                                                        r258335
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4548>
+
+The latest revision of this advisory is available at
+<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-13:14.openssh.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.15 (FreeBSD)
+
+iQIcBAEBAgAGBQJSizUhAAoJEO1n7NZdz2rn6VcQALriII/5f2ipZQeOt41p5oBi
+r3qQ3uoZc705MGhld/Zz/RjmB8N+NSZUCZQP0sjaEUkksykZNQhmlbvJXB0ywDHP
+ggIpq++7r2igXMwqqj+7SEtOkQc/rP8/pDjAn0CJKDGIItgpYuqB34sEJNNuYjiM
+f/bdfXN3zU4VOiIjCjfGuOamGPXCyRdEAm9HKMVWuDqXIjBHdOxhkw2TnyrC77Vd
+IxOEYsD97XYuJF++55uHBMv+jynrlQfJF9s3+rQVGOqs14KXYJ+HeqFwxJkhIzyg
+BrxotPNcO6i5lFOiZrCcmEkf3SRh3Ok3CFFFdn9EhOTxrfGKRm/7R+WB0NKT4+ll
+sAWfhCCMHkhE/j/0L/DCGL8wD6zH1bzpFWn6efAlih4N5YXSJfGlZdkPw0zl/ZgD
+umYiwpr9PMnPtocfpV51HITNf0T+CUUHJ5bI3Do9cKZyr3yt869r2MNH6PLT0Lyl
+4YTcN6IC1K+2JXxvjry7wuJWaPUDS/Hl7Rb3vivdyFJsOF6cddCq1uoU/COXjEE7
+KF2+KXNKyCZvfPYxzaljvQjEEGZFswN21YrG4dk3JbaOEo0/+s06DJe/YDhagRgQ
+h1DtzesRuV8Mlxf0kCX5dmMEjIYX0ZtsZT7aueoSD0zGDFpiOjMQ2DQ3O9S3UhFz
+ScAFXjtFwMqy8RkwNzIp
+=Nkc2
+-----END PGP SIGNATURE-----
--- a/share/security/patches/SA-13:14/openssh.patch
+++ b/share/security/patches/SA-13:14/openssh.patch
@ -0,0 +1,13 @@
+Index: crypto/openssh/monitor_wrap.c
+===================================================================
+--- crypto/openssh/monitor_wrap.c	(revision 257864)
+++ crypto/openssh/monitor_wrap.c	(working copy)
+@@ -480,7 +480,7 @@ mm_newkeys_from_blob(u_char *blob, int blen)
+ 	buffer_init(&b);
+ 	buffer_append(&b, blob, blen);
+ 
+-	newkey = xmalloc(sizeof(*newkey));
+	newkey = xcalloc(1, sizeof(*newkey));
+ 	enc = &newkey->enc;
+ 	mac = &newkey->mac;
+ 	comp = &newkey->comp;
--- a/share/security/patches/SA-13:14/openssh.patch.asc
+++ b/share/security/patches/SA-13:14/openssh.patch.asc
@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.15 (FreeBSD)
+
+iQIcBAABAgAGBQJSiy7MAAoJEO1n7NZdz2rnCrcP/2oBQZKd1oe+eyS5AG4u+kAx
+tyCBm6QDBHobyg5KoqwbfFanTQxBIFpKUN6FdIIQbmprSOHZuxeqfWT2iI7eUhym
+HOTjzCeY11jvq4VUcWK+gTz2MSZ334ZLzJDAMBLtCVpfk9a6hFYbxDippn5h2lnV
+Fe3qsr9nZBkYC9p7IoVLXS41G60SV1VgSu3WyrX0+dAPWSMgvBdZ21opwjBXm39z
+JpjXdTfCMjq+FjXugiLo7yndXiErn8MetFie5xUgLxCX5f/3dwWrM9UBDtP+KKoU
+aTSx4dCRYeB92bwgIwTWTNL4Bi/fgN1M/dNOsL4/x1qjH7juZCqikPGNwfYd8eUJ
+lonHJxoYE3CSYrXJrX5X6h3lchUi3HUv30wgalxlHzNH2Z1k/fu1Ji3M5WaUeSZO
+SwWvJONKymzrPnXJYI39t3YutblA061p6Du8xhXk94AqefYnSOYyoeQkjuIRrRVR
+JlG9WR9S1LxUvQUvhdAxY5X1spvjJCH6HthYaRndlwcMPmV2VT00sIPvtHdjVTVr
+noJrULAj5T7b8esJTxgr+nt8uhfSUYTsSHhbkiJVJjb09BdkKu2+nVFH9LiFRflZ
+YVBszcu9QvkNglVVwdfSblFWBTc9bq6fOkfURlgl63WXKwfM5a8hLDKYy/TtuXwx
+PEqlGw0i5Lp/B9hpkbW9
+=imhD
+-----END PGP SIGNATURE-----
--- a/share/xml/advisories.xml
+++ b/share/xml/advisories.xml
@ -7,6 +7,18 @@
  <year>
    <name>2013</name>

+    <month>
+      <name>11</name>
+
+      <day>
+	<name>19</name>
+
+	<advisory>
+	  <name>FreeBSD-SA-13:14.openssh</name>
+	</advisory>
+      </day>
+    </month>
+
    <month>
      <name>9</name>