oss-sec mailing list archives
Re: OpenSSH Username Enumeration
From: Dariusz Tytko <dariusz.tytko () securitum pl>
Date: Thu, 23 Aug 2018 09:50:08 +0200
Hi, We have published our writeup https://sekurak.pl/openssh-users-enumeration-cve-2018-15473/, hope it helps to better understanding the problem. Best regards, Dariusz Tytko W dniu 17.08.2018 o 20:31, Salvatore Bonaccorso pisze:
Hi, On Wed, Aug 15, 2018 at 09:05:58AM -0700, Qualys Security Advisory wrote:Hi all, We sent the following email to openssh () openssh com and distros () vs openwall org about an hour ago, and it was decided that we should send it to oss-security () lists openwall com right away (as far as we know, no CVE has been assigned to this issue yet): ======================================================================== While reviewing the latest OpenSSH commits, we stumbled across: https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0 Date: Tue Jul 31 03:10:27 2018 +0000 delay bailout for invalid authenticating user until after the packet containing the request has been fully parsed. Reported by Dariusz Tytko and Michal Sajdak; ok deraadt We realized that without this patch, a remote attacker can easily test whether a certain user exists or not (username enumeration) on a target OpenSSH server: 87 static int 88 userauth_pubkey(struct ssh *ssh) 89 { ... 101 if (!authctxt->valid) { 102 debug2("%s: disabled because of invalid user", __func__); 103 return 0; 104 } 105 if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 || 106 (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 || 107 (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0) 108 fatal("%s: parse request failed: %s", __func__, ssh_err(r)); The attacker can try to authenticate a user with a malformed packet (for example, a truncated packet), and: - if the user is invalid (it does not exist), then userauth_pubkey() returns immediately, and the server sends an SSH2_MSG_USERAUTH_FAILURE to the attacker; - if the user is valid (it exists), then sshpkt_get_u8() fails, and the server calls fatal() and closes its connection to the attacker. We believe that this issue warrants a CVE; it affects all operating systems, all OpenSSH versions (we went back as far as OpenSSH 2.3.0, released in November 2000), and is easier to exploit than previous OpenSSH username enumerations (which were all timing attacks): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0190 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5229 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6210This new issue got assigned CVE-2018-15473 by MITRE. Regards, Salvatore
-- Dariusz Tytko securitum.pl - bezpieczeństwo systemów IT. sekurak.pl - piszemy o bezpieczeństwie.
Current thread:
- OpenSSH Username Enumeration Qualys Security Advisory (Aug 15)
- Re: OpenSSH Username Enumeration Matthew Daley (Aug 16)
- Re: OpenSSH Username Enumeration Salvatore Bonaccorso (Aug 17)
- Re: OpenSSH Username Enumeration Dariusz Tytko (Aug 17)
- Re: OpenSSH Username Enumeration Dariusz Tytko (Aug 23)
- Re: OpenSSH Username Enumeration Solar Designer (Aug 23)
- Re: OpenSSH Username Enumeration Qualys Security Advisory (Aug 23)