Package: openssh-server Version: 1:6.2p2-6~bpo7 Severity: grave Tags: patch, security, fixed-upstream
The recent security advisory from OpenSSH upstream dated 2013-11-07 mentions that "a memory corruption vulnerability exists in the post-authentication sshd process when an AES-GCM cipher (aes128-...@openssh.com or aes256-...@openssh.com) is selected during kex exchange." "If exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations." This only applies to OpenSSH 6.2 and 6.3 built against OpenSSL supporting AES-GCM. It has been fixed in upstream, OpenSSH 6.4. The advisory mentions usage of the following patch: Index: monitor_wrap.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/monitor_wrap.c,v retrieving revision 1.76 diff -u -p -u -r1.76 monitor_wrap.c --- monitor_wrap.c 17 May 2013 00:13:13 -0000 1.76 +++ monitor_wrap.c 6 Nov 2013 16:31:26 -0000 @@ -469,7 +469,7 @@ mm_newkeys_from_blob(u_char *blob, int b buffer_init(&b); buffer_append(&b, blob, blen); - newkey = xmalloc(sizeof(*newkey)); + newkey = xcalloc(1, sizeof(*newkey)); enc = &newkey->enc; mac = &newkey->mac; comp = &newkey->comp; Alternatively, AES-GCM should be disabled in sshd_config as a workaround to this vulnerability. See also: <http://www.openssh.com/txt/gcmrekey.adv> Linux edi 3.10-0.bpo.3-amd64 #1 SMP Debian 3.10.11-1~bpo70+1 (2013-09-24) x86_64 GNU/Linux openssh-server: 1:6.2p2-6~bpo7 openssl: 1.0.1e-2 -- Patrick Godschalk arg...@argure.nl GPG: <https://argure.nl/identity/ecc14594.asc> This e-mail falls under the CC0 1.0 Universal Public Domain Dedication. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org