Current Description
Secure shell (SSH) server, for secure access from remote machines. This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group. Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. This was broken in OpenSSH 7.6 during the removal of SSHv1 support. Bz#2810. ssh(1): Warn when the agent returns a ssh-rsa (SHA1) signature when a rsa-sha2-256/512 signature was requested. This condition is possible when an old or non-OpenSSH agent is in use. 7.6 P1.: Vulnerability Statistics. You can generate a custom RSS feed or an embedable vulnerability list widget or a json API call url. Selected vulnerability types are OR'ed. If you don't select any criteria 'all' CVE entries will be returned. SSH (Secure Shell) is a protocol which facilitates secure communications between two systems using a client-server architecture and allows users to log in to server host systems remotely. Unlike other remote communication protocols, such as FTP or Telnet, SSH encrypts the login session, rendering the connection difficult for intruders to collect unencrypted passwords.
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or 'oracle') as a vulnerability.'
Analysis Description
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or 'oracle') as a vulnerability.'
Severity
CVSS 3.x Severity and Metrics:
Openssh 7.6p1 Ubuntu 4ubuntu0.3
Weakness Enumeration
| CWE-ID | CWE Name | Source |
|---|---|---|
| CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | NIST |
Known Affected Software Configurations Switch to CPE 2.2
Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.
Change History
4 change records found show changesFor those using ssh over rsync or just scp to move files around on a LAN, be aware that a number of version 2 ciphers have been disabled in the 6.7p1-1 release of openssh (see release notes) including the following:
3des-cbc
blowfish-cbc
cast128-cbc
arcfour
arcfour128
arcfour256
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
That leaves the following available:
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
If you have defined any of these ciphers in ~/.ssh/config you should switch to one of the supported ones. Also make the change in any shell script you might be using. The significance of this particularly for older hardware could be much slower transfer speeds. See this thread for a comparison of all version 2 ciphers moving 500 MB files around. The conclusion from this older experiment was that any of the arcfour ciphers provided the fastest transfers on LANs where security was not a concern.
Using a similar script I shared in the linked thread, I tested these supported ciphers an 1100 MB file this time (with 6 replicates) and found that all are more or less the same within error of the experiment on the Ivy or Haswell hardware tested (with the exception of the chacha20-poly1305 cipher that was a tiny bit slower on each). The older Yorkfield (Xeon version of the Q9550) had a harder time keeping up and slightly preferred the aes256-gcm cipher. YMMV.
None of these were CPU-limited using my hardware (sending machine was a Haswell i7-4790k and receiving machines are as indicated in the headers on the plots.
You can benchmark your own hardware with the script below:
Script: https://gist.github.com/graysky2/0e265604bfd4856a2596
Openssh 7.6p1 Exploit
Last edited by graysky (2015-11-22 22:16:24)