OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src openpkg-web Date: 06-Aug-2003 15:07:45
Branch: OPENPKG_1_2_SOLID HEAD Handle: 2003080614074301
Added files: (Branch: OPENPKG_1_2_SOLID)
openpkg-src/openssh openssh.patch
Modified files:
openpkg-web news.txt
Modified files: (Branch: OPENPKG_1_2_SOLID)
openpkg-src/openssh openssh.spec
Log:
OpenPKG-SA-2003.035-openssh; CAN-2003-0190
Summary:
Revision Changes Path
1.1.6.1 +131 -0 openpkg-src/openssh/openssh.patch
1.70.2.1.2.4+3 -1 openpkg-src/openssh/openssh.spec
1.6054 +1 -0 openpkg-web/news.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.patch
============================================================================
$ cvs diff -u -r0 -r1.1.6.1 openssh.patch
--- /dev/null 2003-08-06 15:07:45.000000000 +0200
+++ openssh.patch 2003-08-06 15:07:45.000000000 +0200
@@ -0,0 +1,131 @@
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0190
+ OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support
+ enabled immediately sends an error message when a user does not
+ exist, which allows remote attackers to determine valid usernames
+ via a timing attack.
+
+Based on RedHat openssh-3.5p1-6.9.src.rpm which is
+mostly based on a patch for 3.6 by Solar Designer.
+
+diff -ur openssh-3.5p1/auth2-none.c openssh-3.5p1-pam/auth2-none.c
+--- auth2-none.c.orig 2002-07-03 20:06:16.000000000 -0400
++++ auth2-none.c 2003-05-01 19:21:30.000000000 -0400
+@@ -100,7 +100,7 @@
+ if (check_nt_auth(1, authctxt->pw) == 0)
+ return(0);
+ #endif
+- return (authctxt->valid ? PRIVSEP(auth_password(authctxt, "")) : 0);
++ return PRIVSEP(auth_password(authctxt, "")) && authctxt->valid;
+ }
+
+ Authmethod method_none = {
+diff -ur openssh-3.5p1/auth2-passwd.c openssh-3.5p1-pam/auth2-passwd.c
+--- auth2-passwd.c.orig 2002-06-06 16:27:56.000000000 -0400
++++ auth2-passwd.c 2003-05-01 19:22:52.000000000 -0400
+@@ -47,11 +47,12 @@
+ log("password change not supported");
+ password = packet_get_string(&len);
+ packet_check_eom();
+- if (authctxt->valid &&
++ if ((PRIVSEP(auth_password(authctxt, password)) == 1)
++ && authctxt->valid
+ #ifdef HAVE_CYGWIN
+- check_nt_auth(1, authctxt->pw) &&
++ && check_nt_auth(1, authctxt->pw)
+ #endif
+- PRIVSEP(auth_password(authctxt, password)) == 1)
++ )
+ authenticated = 1;
+ memset(password, 0, len);
+ xfree(password);
+diff -ur openssh-3.5p1/auth-pam.c openssh-3.5p1-pam/auth-pam.c
+--- auth-pam.c.orig 2002-07-28 16:24:08.000000000 -0400
++++ auth-pam.c 2003-05-01 19:16:27.000000000 -0400
+@@ -201,35 +201,35 @@
+ }
+ }
+
+-/* Attempt password authentation using PAM */
++/* Attempt password authentication using PAM */
+ int auth_pam_password(Authctxt *authctxt, const char *password)
+ {
+ extern ServerOptions options;
+- int pam_retval;
++ int pam_retval, ok = authctxt->valid;
+ struct passwd *pw = authctxt->pw;
+
+ do_pam_set_conv(&conv);
+
+ /* deny if no user. */
+ if (pw == NULL)
+- return 0;
++ ok = 0;
+- if (pw->pw_uid == 0 && options.permit_root_login == PERMIT_NO_PASSWD)
+- return 0;
++ if (pw && pw->pw_uid == 0 && options.permit_root_login == PERMIT_NO_PASSWD)
++ ok = 0;
+- if (*password == '\0' && options.permit_empty_passwd == 0)
++ if (password != NULL && *password == '\0' && options.permit_empty_passwd == 0)
+- return 0;
++ ok = 0;
+
+ __pampasswd = password;
+
+ pamstate = INITIAL_LOGIN;
+ pam_retval = do_pam_authenticate(
+ options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0);
+- if (pam_retval == PAM_SUCCESS) {
++ if ((pam_retval == PAM_SUCCESS) && pw && ok) {
+ debug("PAM Password authentication accepted for "
+ "user \"%.100s\"", pw->pw_name);
+ return 1;
+ } else {
+ debug("PAM Password authentication for \"%.100s\" "
+- "failed[%d]: %s", pw->pw_name, pam_retval,
++ "failed[%d]: %s", pw ? pw->pw_name : "invalid user", pam_retval,
+ PAM_STRERROR(__pamh, pam_retval));
+ return 0;
+ }
+diff -ur openssh-3.5p1/auth-passwd.c openssh-3.5p1-pam/auth-passwd.c
+--- auth-passwd.c.orig 2002-09-25 19:14:16.000000000 -0400
++++ auth-passwd.c 2003-05-08 16:27:29.000000000 -0400
+@@ -92,14 +92,15 @@
+ int
+ auth_password(Authctxt *authctxt, const char *password)
+ {
++ int ok = authctxt->valid && authctxt->pw;
+ #if defined(USE_PAM)
+ if (*password == '\0' && options.permit_empty_passwd == 0)
+- return 0;
+- return auth_pam_password(authctxt, password);
++ ok = 0;
++ return auth_pam_password(authctxt, password) && ok;
+ #elif defined(HAVE_OSF_SIA)
+ if (*password == '\0' && options.permit_empty_passwd == 0)
+- return 0;
+- return auth_sia_password(authctxt, password);
++ ok = 0;
++ return auth_sia_password(authctxt, password) && ok;
+ #else
+ struct passwd * pw = authctxt->pw;
+ char *encrypted_password;
+@@ -119,7 +120,6 @@
+ int authsuccess;
+ int reenter = 1;
+ #endif
+-
+ /* deny if no user. */
+ if (pw == NULL)
+ return 0;
+diff -ur openssh-3.5p1/monitor.c openssh-3.5p1-pam/monitor.c
+--- monitor.c.orig 2002-09-26 23:26:02.000000000 -0400
++++ monitor.c 2003-05-01 19:23:17.000000000 -0400
+@@ -606,7 +606,7 @@
+ passwd = buffer_get_string(m, &plen);
+ /* Only authenticate if the context is valid */
+ authenticated = options.password_authentication &&
+- authctxt->valid && auth_password(authctxt, passwd);
++ auth_password(authctxt, passwd) && authctxt->valid;
+ memset(passwd, 0, strlen(passwd));
+ xfree(passwd);
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.spec
============================================================================
$ cvs diff -u -r1.70.2.1.2.3 -r1.70.2.1.2.4 openssh.spec
--- openpkg-src/openssh/openssh.spec 6 Aug 2003 12:59:53 -0000 1.70.2.1.2.3
+++ openpkg-src/openssh/openssh.spec 6 Aug 2003 13:07:44 -0000 1.70.2.1.2.4
@@ -38,7 +38,7 @@
Group: Security
License: BSD
Version: %{V_base}%{V_portable}
-Release: 1.2.1
+Release: 1.2.2
# package options
%option with_pam no
@@ -58,6 +58,7 @@
Source7: ssh-keyman.1
Source8: ssh-keyman.pod
Source9: http://chrootssh.sourceforge.net/patches/osshChroot-%{V_chroot}.diff
+Patch0: openssh.patch
# build information
Prefix: %{l_prefix}
@@ -95,6 +96,7 @@
%prep
# unpack distribution
%setup -q
+ %patch -p0
# optionally apply chroot(2) patch
%if "%{with_chroot}" == "yes"
@@ .
patch -p0 <<'@@ .'
Index: openpkg-web/news.txt
============================================================================
$ cvs diff -u -r1.6053 -r1.6054 news.txt
--- openpkg-web/news.txt 6 Aug 2003 10:02:02 -0000 1.6053
+++ openpkg-web/news.txt 6 Aug 2003 13:07:43 -0000 1.6054
@@ -1,3 +1,4 @@
+06-Aug-2003: Upgraded package: P<openssh-3.5p1-1.2.2>
06-Aug-2003: Upgraded package: P<rt-3.0.4-20030806>
06-Aug-2003: Upgraded package: P<openssl-0.9.7b-20030806>
06-Aug-2003: Upgraded package: P<delegate-8.5.9-20030806>
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
