diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-13:14.openssh.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-13:14.openssh.asc | 144 |
1 files changed, 0 insertions, 144 deletions
diff --git a/share/security/advisories/FreeBSD-SA-13:14.openssh.asc b/share/security/advisories/FreeBSD-SA-13:14.openssh.asc deleted file mode 100644 index 562a7e0866..0000000000 --- a/share/security/advisories/FreeBSD-SA-13:14.openssh.asc +++ /dev/null @@ -1,144 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -============================================================================= -FreeBSD-SA-13:14.openssh Security Advisory - The FreeBSD Project - -Topic: OpenSSH AES-GCM memory corruption vulnerability - -Category: contrib -Module: openssh -Announced: 2013-11-19 -Revised: 2013-11-28 -Affects: FreeBSD 10.0-BETA -Corrected: 2013-11-19 09:35:20 UTC (stable/10, 10.0-STABLE) - 2013-11-19 09:35:20 UTC (stable/10, 10.0-BETA3-p1) - 2013-11-19 09:35:20 UTC (stable/10, 10.0-BETA2-p1) - 2013-11-19 09:35:20 UTC (stable/10, 10.0-BETA1-p2) -CVE Name: CVE-2013-4548 - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit <URL:http://security.FreeBSD.org/>. - -0. Revision History - -v1.0 2013-11-19 Initial release. -v1.1 2013-11-28 Corrected path to sshd_config. - -I. Background - -OpenSSH is an implementation of the SSH protocol suite, providing an -encrypted and authenticated transport for a variety of services, -including remote shell access. - -AES-GCM (Galois/Counter Mode) is a mode of operation for AES block -cipher that combines the counter mode of encryption with the Galois -mode of authentication which can offer throughput rates for state of -the art, high speed communication channels. - -OpenSSH supports the AES-GCM algorithm as specified in RFC 5647. - -II. Problem Description - -A memory corruption vulnerability exists in the post-authentication sshd -process when an AES-GCM cipher (aes128-gcm@openssh.com or -aes256-gcm@openssh.com) is selected during key exchange. - -III. Impact - -If exploited, this vulnerability might permit code execution with the -privileges of the authenticated user, thereby allowing a malicious -user with valid credentials to bypass shell or command restrictions -placed on their account. - -IV. Workaround - -Disable AES-GCM in the server configuration. This can be accomplished by -adding the following /etc/ssh/sshd_config option, which will disable -AES-GCM while leaving other ciphers active: - -Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc - -Systems not running the OpenSSH server daemon (sshd) are not affected. - -V. Solution - -Perform one of the following: - -1) Upgrade your vulnerable system to a supported FreeBSD stable or -release / security branch (releng) dated after the correction date. - -2) To update your vulnerable system via a source code patch: - -The following patches have been verified to apply to the applicable -FreeBSD release branches. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -# fetch http://security.FreeBSD.org/patches/SA-13:14/openssh.patch -# fetch http://security.FreeBSD.org/patches/SA-13:14/openssh.patch.asc -# gpg --verify openssh.patch.asc - -b) Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch - -Recompile the operating system using buildworld and installworld as -described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>. - -Restart the sshd daemon, or reboot the system. - -3) To update your vulnerable system via a binary patch: - -Systems running a RELEASE version of FreeBSD on the i386 or amd64 -platforms can be updated via the freebsd-update(8) utility: - -# freebsd-update fetch -# freebsd-update install - -VI. Correction details - -The following list contains the correction revision numbers for each -affected branch. - -Branch/path Revision -- ------------------------------------------------------------------------- -stable/10/ r258335 -- ------------------------------------------------------------------------- - -To see which files were modified by a particular revision, run the -following command, replacing NNNNNN with the revision number, on a -machine with Subversion installed: - -# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base - -Or visit the following URL, replacing NNNNNN with the revision number: - -<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> - -VII. References - -<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4548> - -The latest revision of this advisory is available at -<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-13:14.openssh.asc> ------BEGIN PGP SIGNATURE----- - -iQIcBAEBCgAGBQJSl+hmAAoJEO1n7NZdz2rnHMYP/3yEQldDKONpQ1zS5YfDyVwO -wRBTgxMST7ozg/y7/xBA9FIpdRB8fJOgijKKVQv02MCN5xM5mXexxZAu1X3gcWls -v8Tf1YogR0IzLKzFDYYqZ/gWg/5vK1ALzPbHRSmDYivUSOyJftvDNFzPZnFp4DsI -U30OGxBfLSOvvX5XNGSixmILzv5DLxe7ThGa36oIZCKUAXSrNm79NfGiI0EvXK2Y -R3nTjdd5r5F5/K5S59BMmAmKCGIqsTJ/jeICKe49VUK+YyD+Wmr0gohhU6bmENWM -aXAD9em+uKGZnlqBUr5YC4vv8NHWuhOTWfl1CTDH4QhFOP+hiJt2w4EvGYORL1R/ -2VDmFtiiPeebi7ECSTOSudx/xGvycpnUspw4T/b+H+kGar1ZvHpwqRYDC/Wla5Vq -Uzi7uIWTdJieLQXRERTln8mtehYmfHurlu1Mltb0v35vkSyUV5V6RjtxRAi0sWbj -w1A0lpDga1lom1FI5JTsiGtwV8A3MbmFKLuK7EUQf8I8lS80SptJNMMTkzYeW/Zy -jVqSj63Ns3WaDeHMURYfxf2ppb3meBX+Tw0glTBFJlE46c/sZ01zmcM0q1jQk5Vn -nHZgnGTKsCqR1VlnARdDicfa3VVhcPxeUkGEALZv1m31jA0AYG7BeAX9pvoQoOGK -1Oeu9j2MeszutBto6gqh -=6vNc ------END PGP SIGNATURE----- |