Re: CVE Request for OpenSSH vulnerability - authentication limits bypass

[mancha <mancha1 () zoho com>]

Attached patch fixes.

--mancha

On Tue, Jul 21, 2015 at 11:16:35AM +0200, king cope wrote:
> Hello list, solar designer,
>
> Can you please add a CVE for the mentioned vulnerability in OpenSSH.
>
> The OpenSSH server normally wouldn't allow successive authentications
> that exceed the MaxAuthTries setting in sshd_config, with this
> vulnerability the allowed login retries can be extended limited only
> by the LoginGraceTime setting, that can be more than 10000 tries
> (depends on the network speed), and even more for local attacks.
> Technically this vulnerability affects OpenSSH. It can be found with
> FreeBSD installations because these use the keyboard-interactive
> authentication mechanism (that is the one affected) in combination
> with pam. I haven't tested skey/bsd auth.  To note that this
> vulnerability looks pretty old, a test against FreeBSD 6.2 (2007
> release date) showed it vulnerable.  Additionally there is no delay
> between the authentication retries, but this is another issue that
> makes this vulnerability more effective.
>
> CVE please!
>
> Thank you,
>
> KC
>
> Reference: http://seclists.org/fulldisclosure/2015/Jul/92

Attachment: openssl-6.9p1_kbd-interactive.diff
Description:

Attachment: _bin
Description: