Re: CVE Request: two security issues in openSSH 6.9

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> The openSSH 6.9 release contains the following changes declared as
> security issues:

We don't know whether the upstream vendor uses:

   Security
   --------

exclusively to mean that they are announcing vulnerability fixes, or
sometimes instead to mean that a change is otherwise related to
security.

> https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1d

Use CVE-2015-5352 for the issue in which the refusal deadline was not
checked within the x11_open_helper function. (There's extra code to
make the x11_refuse_time value usable within two source-code files,
but adding that code doesn't seem to be related to any independent
problem.)


We didn't completely understand the rationale for moving "system(cmd)"
after the x11_refuse_time assignment, or whether this is addressing an
independent problem. It seems conceivable that there's a very slow
network connection to the X server, and an "xauth generate" may
therefore take a very long time. So, we think this might add a risk
that, by the time system(cmd) finishes, the refusal deadline has
already passed. If we're misunderstanding this or there's a
vulnerability fixed by moving the system(cmd) call, please let us
know.

> - if (x11_refuse_time != 0 && monotime() >= x11_refuse_time) {
> + if (x11_refuse_time != 0 && (u_int)monotime() >= x11_refuse_time) {

We're guessing that this isn't a vulnerability fix, and that the
author just somehow doesn't want x11_refuse_time to be a time_t.

> "fail open"
> behaviour in the X11 server when clients attempted connections with
> expired credentials.

The scope of CVE-2015-5352 does not include any fail-open
characteristics of an X server. There could possibly be a separate CVE
ID if there is an error that needs to be fixed in the X codebase.


>  * ssh-agent(1): fix weakness of agent locking (ssh-add -x) to
>    password guessing by implementing an increasing failure delay,
>    storing a salted hash of the password rather than the password
>    itself and using a timing-safe comparison function for verifying
>    unlock attempts.

Our current thought is that a CVE ID may not be needed because attacks
against ssh-agent locking don't cross a privilege boundary. In other
words, the changelog entry could be interpreted to mean addition of a
new security feature related to a threat model that wasn't in the
previous design goals (e.g., password guessing by malware running
under the same account).

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVlBB+AAoJEKllVAevmvms7U0IAJ/pkfdTyBGALMZ9cGuQ3drG
Y4k+4sD105NJ6skzjfGOrssX9fjgc0z/ZRo+E7oups8/FrZeKwAshVATh1kxkOPe
tCyFFSSIVohbNM1xIluSGLgtlXSTjM7useVL589YFyrO6sXrqYjh27fu616XDPPq
etQA+P07uj/AdPR+REWIyeX7Err9D9LEIB8kP42CYcHxblxZe5tfKixFeq6+q7bm
p/MDDckK374YoE7LXXPzF1e93CM2opAykI+W2J8W5IwL0I2C8vKO2eLUFZxkvVAH
IAV168RI5oAZnw7uwpI5evYuvM+VWwAJwWXtaPh+u054g4TuEWdw+Gi2tDb2j5o=
=kcq2
-----END PGP SIGNATURE-----