diff options
author | Ed Maste <emaste@FreeBSD.org> | 2023-07-19 17:02:33 +0000 |
---|---|---|
committer | Ed Maste <emaste@FreeBSD.org> | 2023-07-21 14:46:53 +0000 |
commit | abf778208f101f57ecf402230c69222641f0a032 (patch) | |
tree | 30330234917c888b0fb65878b7fa332e5742cce8 | |
parent | 99544e13eec1586552470bd9d5f3b24038891401 (diff) | |
download | src-abf778208f101f57ecf402230c69222641f0a032.tar.gz src-abf778208f101f57ecf402230c69222641f0a032.zip |
ssh: Apply CVE-2023-38408 fix from OpenSSH 9.3p2
OpenSSH 9.3p2 provides a fix CVE-2023-38408 - a condition where specific
libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to
achieve remote code execution via a forwarded agent socket if the
following conditions are met:
* Exploitation requires the presence of specific libraries on
the victim system.
* Remote exploitation requires that the agent was forwarded
to an attacker-controlled system.
This commit is the primary part of the fix in 9.3p2, applied to the
OpenSSH version in FreeBSD 12.x.
Security: CVE-2023-38408
Sponsored by: The FreeBSD Foundation
-rw-r--r-- | crypto/openssh/ssh-pkcs11.c | 6 | ||||
-rw-r--r-- | crypto/openssh/sshd_config | 2 | ||||
-rw-r--r-- | crypto/openssh/sshd_config.5 | 2 | ||||
-rw-r--r-- | crypto/openssh/version.h | 2 |
4 files changed, 5 insertions, 7 deletions
diff --git a/crypto/openssh/ssh-pkcs11.c b/crypto/openssh/ssh-pkcs11.c index b2e2b32a5078..9e48c134e411 100644 --- a/crypto/openssh/ssh-pkcs11.c +++ b/crypto/openssh/ssh-pkcs11.c @@ -1537,10 +1537,8 @@ pkcs11_register_provider(char *provider_id, char *pin, error("dlopen %s failed: %s", provider_id, dlerror()); goto fail; } - if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) { - error("dlsym(C_GetFunctionList) failed: %s", dlerror()); - goto fail; - } + if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) + fatal("dlsym(C_GetFunctionList) failed: %s", dlerror()); p = xcalloc(1, sizeof(*p)); p->name = xstrdup(provider_id); p->handle = handle; diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index 33c6e9a3b130..14a58ef4ddbb 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -106,7 +106,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PermitTunnel no #ChrootDirectory none #UseBlacklist no -#VersionAddendum FreeBSD-20221019 +#VersionAddendum FreeBSD-20230719 # no default banner path #Banner none diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 34dc3648ed26..dd8623d9b4dd 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -1822,7 +1822,7 @@ The default is Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. The default is -.Qq FreeBSD-20221019 . +.Qq FreeBSD-20230719 . The value .Cm none may be used to disable this. diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 30539ed442ca..3f7069aba20f 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -6,4 +6,4 @@ #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -#define SSH_VERSION_FREEBSD "FreeBSD-20221019" +#define SSH_VERSION_FREEBSD "FreeBSD-20230719" |