Re: OpenSSH Username Enumeration

[Dariusz Tytko <dariusz.tytko () securitum pl>]

Hi,

We have published our writeup
https://sekurak.pl/openssh-users-enumeration-cve-2018-15473/, hope it
helps to better understanding the problem.

Best regards,
Dariusz Tytko


W dniu 17.08.2018 o 20:31, Salvatore Bonaccorso pisze:
> Hi,
>
> On Wed, Aug 15, 2018 at 09:05:58AM -0700, Qualys Security Advisory wrote:
> > Hi all,
> >
> > We sent the following email to openssh () openssh com and
> > distros () vs openwall org about an hour ago, and it was decided that we
> > should send it to oss-security () lists openwall com right away (as far as
> > we know, no CVE has been assigned to this issue yet):
> >
> > ========================================================================
> >
> > While reviewing the latest OpenSSH commits, we stumbled across:
> >
> > https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
> >
> > Date:   Tue Jul 31 03:10:27 2018 +0000
> >     delay bailout for invalid authenticating user until after the packet
> >     containing the request has been fully parsed. Reported by Dariusz Tytko
> >     and Michal Sajdak; ok deraadt
> >
> > We realized that without this patch, a remote attacker can easily test
> > whether a certain user exists or not (username enumeration) on a target
> > OpenSSH server:
> >
> >   87 static int
> >   88 userauth_pubkey(struct ssh *ssh)
> >   89 {
> >  ...
> >  101         if (!authctxt->valid) {
> >  102                 debug2("%s: disabled because of invalid user", __func__);
> >  103                 return 0;
> >  104         }
> >  105         if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 ||
> >  106             (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
> >  107             (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
> >  108                 fatal("%s: parse request failed: %s", __func__, ssh_err(r));
> >
> > The attacker can try to authenticate a user with a malformed packet (for
> > example, a truncated packet), and:
> >
> > - if the user is invalid (it does not exist), then userauth_pubkey()
> >   returns immediately, and the server sends an SSH2_MSG_USERAUTH_FAILURE
> >   to the attacker;
> >
> > - if the user is valid (it exists), then sshpkt_get_u8() fails, and the
> >   server calls fatal() and closes its connection to the attacker.
> >
> > We believe that this issue warrants a CVE; it affects all operating
> > systems, all OpenSSH versions (we went back as far as OpenSSH 2.3.0,
> > released in November 2000), and is easier to exploit than previous
> > OpenSSH username enumerations (which were all timing attacks):
> >
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0190
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5229
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6210
> This new issue got assigned CVE-2018-15473 by MITRE.
>
> Regards,
> Salvatore

-- 
Dariusz Tytko

securitum.pl - bezpieczeństwo systemów IT.
sekurak.pl   - piszemy o bezpieczeństwie.