oss-sec mailing list archives
Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise
From: Andres Freund <andres () anarazel de>
Date: Sat, 30 Mar 2024 15:01:31 -0700
Hi, On 2024-03-30 22:46:17 +0100, Axel Beckert wrote:
On Sat, Mar 30, 2024 at 12:48:50PM -0700, Andres Freund wrote:FWIW, RSA_public_decrypt is reachable, regardless of server configuration, when using certificate based authentication.^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Wait, do you really mean SSH keys verified by certificates issued by a (usually internal, SSH-specific) certificate authority (CA) for a key? See e.g. https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Certificate-based_Authentication what certificate-based authentication in SSH actually means. From my experience certificate-based SSH authentication (i.e. those algorithms with *-cert-* in their names) is rather rare, while simple public key authentication (where you just put your according pubkey into .ssh/authorized_keys) is very common. Can you clarify if you really meant that solely certificate based authentication (with certificates issued by a CA) triggers that code path or if you actually meant all sorts of public key based authentication in general?
I meant CA based auth - but note that, from what I can tell, you don't need to have it set up on the server side or anything. You might not even be able to disable it. If the client sends a signed key, the signature is loaded and verified before approved algorithms are checked. This seems suboptimal regardless of the backdoor issue, so I opened an enhancement request for openssh: https://bugzilla.mindrot.org/show_bug.cgi?id=3675 I might be misreading the code around some of the details, but I did experimentally verify that an rsa signature is verified without CA auth being configured. Greetings, Andres Freund
Current thread:
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise, (continued)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Rein Fernhout (Levitating) (Mar 30)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jonathan Schleifer (Mar 30)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Rein Fernhout (Levitating) (Mar 30)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Fay Stegerman (Mar 30)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Rein Fernhout (Levitating) (Mar 30)
- RE: backdoor in upstream xz/liblzma leading to ssh server compromise Thomas Ward (Mar 30)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Axel Beckert (Mar 30)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 31)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jeffrey Walton (Mar 31)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Rein Fernhout (Levitating) (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 31)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Dominique Martinet (Mar 31)