<<< Date Index >>>     <<< Thread Index >>>

[SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1576-1                  security@xxxxxxxxxx
http://www.debian.org/security/                           Florian Weimer
May 14, 2008                          http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : openssh
Vulnerability  : predictable random number generator
Problem type   : remote
Debian-specific: yes
CVE Id(s)      : CVE-2008-0166

The recently announced vulnerability in Debian's openssl package
(DSA-1571-1, CVE-2008-0166) indirectly affects OpenSSH.  As a result,
all user and host keys generated using broken versions of the openssl
package must be considered untrustworthy, even after the openssl update
has been applied.

1. Install the security updates

   This update contains a dependency on the openssl update and will
   automatically install a corrected version of the libss0.9.8 package,
   and a new package openssh-blacklist.

   Once the update is applied, weak user keys will be automatically
   rejected where possible (though they cannot be detected in all
   cases).  If you are using such keys for user authentication, they
   will immediately stop working and will need to be replaced (see
   step 3).

   OpenSSH host keys can be automatically regenerated when the OpenSSH
   security update is applied.  The update will prompt for confirmation
   before taking this step.

2. Update OpenSSH known_hosts files

   The regeneration of host keys will cause a warning to be displayed when
   connecting to the system using SSH until the host key is updated in the
   known_hosts file.  The warning will look like this:

   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
   @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
   IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
   Someone could be eavesdropping on you right now (man-in-the-middle attack)!
   It is also possible that the RSA host key has just been changed.

   In this case, the host key has simply been changed, and you should update
   the relevant known_hosts file as indicated in the error message.
   
   It is recommended that you use a trustworthy channel to exchange the
   server key.  It is found in the file /etc/ssh/ssh_host_rsa_key.pub on
   the server; it's fingerprint can be printed using the command:

      ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub

   In addition to user-specific known_hosts files, there may be a
   system-wide known hosts file /etc/ssh/known_hosts.  This is file is
   used both by the ssh client and by sshd for the hosts.equiv
   functionality.  This file needs to be updated as well.

3. Check all OpenSSH user keys

   The safest course of action is to regenerate all OpenSSH user keys,
   except where it can be established to a high degree of certainty that the
   key was generated on an unaffected system.

   Check whether your key is affected by running the ssh-vulnkey tool, included
   in the security update.  By default, ssh-vulnkey will check the standard
   location for user keys (~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity),
   your authorized_keys file (~/.ssh/authorized_keys and
   ~/.ssh/authorized_keys2), and the system's host keys
   (/etc/ssh/ssh_host_dsa_key and /etc/ssh/ssh_host_rsa_key).

   To check all your own keys, assuming they are in the standard
   locations (~/.ssh/id_rsa, ~/.ssh/id_dsa, or ~/.ssh/identity):

     ssh-vulnkey

   To check all keys on your system:

     sudo ssh-vulnkey -a

   To check a key in a non-standard location:

     ssh-vulnkey /path/to/key

   If ssh-vulnkey says "Unknown (no blacklist information)", then it has no
   information about whether that key is affected.  In this case, you
   can examine the modification time (mtime) of the file using "ls -l".
   Keys generated before September 2006 are not affected.  Keep in mind
   that, although unlikely, backup procedures may have changed the file
   date back in time (or the system clock may have been incorrectly
   set).
   
   If in doubt, generate a new key and remove the old one from any
   servers.

4. Regenerate any affected user keys

   OpenSSH keys used for user authentication must be manually regenerated,
   including those which may have since been transferred to a different system
   after being generated.

   New keys can be generated using ssh-keygen, e.g.:

   $ ssh-keygen
   Generating public/private rsa key pair.
   Enter file in which to save the key (/home/user/.ssh/id_rsa):
   Enter passphrase (empty for no passphrase):
   Enter same passphrase again:
   Your identification has been saved in /home/user/.ssh/id_rsa.
   Your public key has been saved in /home/user/.ssh/id_rsa.pub.
   The key fingerprint is:
   00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 user@host

5. Update authorized_keys files (if necessary)

   Once the user keys have been regenerated, the relevant public keys
   must be propagated to any authorized_keys files (and authorized_keys2
   files, if applicable) on remote systems.  Be sure to delete the lines
   containing old keys from those files..


In addition to countermeasures to mitigate the randomness vulnerability,
this OpenSSH update fixes several other vulnerabilities:

CVE-2008-1483:
   Timo Juhani Lindfors discovered that, when using X11 forwarding, the
   SSH client selects an X11 forwarding port without ensuring that it
   can be bound on all address families. If the system is configured
   with IPv6 (even if it does not have working IPv6 connectivity), this
   could allow a local attacker on the remote server to hijack X11
   forwarding.

CVE-2007-4752:
   Jan Pechanec discovered that ssh fails back to creating a trusted X11
   cookie if creating an untrusted cookie fails, potentially exposing
   the local display to a malicious remote server when using X11
   forwarding.

For the stable distribution (etch), these problems have been fixed in
version 4.3p2-9etch1.  Currently, only a subset of all supported
architectures have been built; further updates will be provided when
they become available.

For the unstable distribution (sid) and the testing distribution
(lenny), these problems have been fixed in version 4.7p1-9.

We recommend that you upgrade your openssh packages and take the
measures indicated above.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  
http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch1.diff.gz
    Size/MD5 checksum:   275168 920f559caa1c8c737b016c08df2bde05
  
http://security.debian.org/pool/updates/main/o/openssh-blacklist/openssh-blacklist_0.1.1.tar.gz
    Size/MD5 checksum:  3694141 05eec6b473990bff4fc70921b232794b
  
http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch1.dsc
    Size/MD5 checksum:     1074 89930d72e9aff6b344efd35a130e4faa
  
http://security.debian.org/pool/updates/main/o/openssh-blacklist/openssh-blacklist_0.1.1.dsc
    Size/MD5 checksum:      799 aeaa45e0bfbf7f966e3c7fca9181d99d
  
http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2.orig.tar.gz
    Size/MD5 checksum:   920186 239fc801443acaffd4c1f111948ee69c

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/o/openssh-blacklist/openssh-blacklist_0.1.1_all.deb
    Size/MD5 checksum:  2121928 fa1ba22d98f91f18b326ee1bfd31bcbb
  
http://security.debian.org/pool/updates/main/o/openssh/ssh_4.3p2-9etch1_all.deb
    Size/MD5 checksum:     1060 44ec3f52add1876d7b2c1bd3fa3cdbfd
  
http://security.debian.org/pool/updates/main/o/openssh/ssh-krb5_4.3p2-9etch1_all.deb
    Size/MD5 checksum:    92162 9ae37916a6dc269318aff1215b6638cf

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_alpha.udeb
    Size/MD5 checksum:   198496 69fe6fc4002ec592e1756cee28ffd85b
  
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_alpha.deb
    Size/MD5 checksum:   782120 e5746f3c12a52f72b75cffee8e1c3a6f
  
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_alpha.deb
    Size/MD5 checksum:   100402 fda20ac6b68a6882534384e6ce4e6efd
  
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_alpha.udeb
    Size/MD5 checksum:   213724 118390296bbf6d6d208d39a07895852e
  
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_alpha.deb
    Size/MD5 checksum:   266518 be53eb9497ea993e0ae7db6a0a4dcd3a

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_amd64.udeb
    Size/MD5 checksum:   183848 bd6c4123fe0e72f7565e455b25eb037c
  
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_amd64.deb
    Size/MD5 checksum:   244406 f70bf398d91eb4b8fe27cc5b03548b16
  
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_amd64.udeb
    Size/MD5 checksum:   171512 0b8afcf2b96ad97323152342e83dd3bf
  
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_amd64.deb
    Size/MD5 checksum:   709734 556332c58aeee82628d35ebf71d15ac1
  
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_amd64.deb
    Size/MD5 checksum:    99896 14d2f97314e7b4b6cb97540667d7f544

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_hppa.udeb
    Size/MD5 checksum:   189608 5267dec18e00f3e88bd53b3adfe23e62
  
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_hppa.deb
    Size/MD5 checksum:   100438 2ebd2edd75c440c062eaafab5a97b177
  
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_hppa.deb
    Size/MD5 checksum:   250556 1ca2aa080853748ab343381d9f9ffc6b
  
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_hppa.udeb
    Size/MD5 checksum:   198424 d99af9d81fe074f9b16928cae835ce56
  
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_hppa.deb
    Size/MD5 checksum:   733664 e6abc3231e7d274a5a73321ea3761974

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_i386.deb
    Size/MD5 checksum:   660432 16f0807e7871c23af0660e529837cb76
  
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_i386.deb
    Size/MD5 checksum:   224178 aaedc883a11ba7273e5ddeb496a3488a
  
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_i386.deb
    Size/MD5 checksum:   100000 fd41f726ff14b7f8ab0dfc1c6b43be2c
  
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_i386.udeb
    Size/MD5 checksum:   162630 f197dbdfe7a92bd4992d8c77c76b4488
  
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_i386.udeb
    Size/MD5 checksum:   154028 5df04dc7c5474b30e515047740bd0c38

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_ia64.udeb
    Size/MD5 checksum:   269868 1646034b7db5a862ea17d0d6928900ff
  
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_ia64.deb
    Size/MD5 checksum:   961594 394027253cbaeba863f07e7fee848dcb
  
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_ia64.deb
    Size/MD5 checksum:   101280 f3e421145857106615ce19cb05508a7a
  
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_ia64.udeb
    Size/MD5 checksum:   251840 24ba6fd53e10e754845fc4361257d0ff
  
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_ia64.deb
    Size/MD5 checksum:   338256 4ff1206f8f3c618f7bfd406f88b38841

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_powerpc.deb
    Size/MD5 checksum:   237040 b50b3e1ac8586eb55a5f06201dd3edf2
  
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_powerpc.udeb
    Size/MD5 checksum:   173322 f1fa458555b787a2b7fc786da7974b91
  
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_powerpc.deb
    Size/MD5 checksum:   700518 fd43ca106400be36545f31b955667e22
  
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_powerpc.deb
    Size/MD5 checksum:   101080 a5005e3e3447f8eb75d99746a2704b8d
  
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_powerpc.udeb
    Size/MD5 checksum:   168320 61848a42ed513d232fceea6eb335e315

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_sparc.deb
    Size/MD5 checksum:   218132 ce7a2f44e51c2fe6df31ec567ce65d28
  
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_sparc.deb
    Size/MD5 checksum:    99544 61cd81c98576feea92fb865856311b7d
  
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_sparc.deb
    Size/MD5 checksum:   639770 6085da0b96f1e9ee87abec7206eb7ef8
  
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_sparc.udeb
    Size/MD5 checksum:   166706 99368689bddbc70f98ef5f51aa19051a
  
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_sparc.udeb
    Size/MD5 checksum:   158360 07bf438d8e0d3fd02ff37371ff8645d6


  These files will probably be moved into the stable distribution on
  its next update.

- 
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBSCqu4797/wQC1SS+AQIvOgf9H/0Xn/paZyp8CCPPuQKBq162OpDhyaOg
ZFCaOCK2Yv2hNdbPas1EhA2IBGTbmotmKbJcGeyWI9YMwPKY0NxJM8nk/RZ4sL5R
KF+dALOZ+Vh+Dh333tp4ONvQUc50s78MZukCSoZ/z6i7Efr/dKzBN1rvsxcXs23D
rZNI1WYmhZBmCSa10Yv93TeN4D1pN2a1rKgZ+a23DlKmAVQJcWm0TWOiMr4HUbMr
usiEufXC/onF4O3dwVbsV2vOsPI6J4w9yTj1cAuevMDPTUo5ktZCx1PzVDS2wUQV
wUs+HJ25yNHfw39gfseDzkQUYzlMFipIA59+jr2RbUOItWF3mPDU4Q==
=m4ox
-----END PGP SIGNATURE-----