crash when in FIPS mode
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pam-ssh-agent-auth (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Impish |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[impact]
when in FIPS mode, MD5 is not allowed; however in pamsshagentauth
In addition, OpenSSH has defaulted to SHA256 fingerprints by default since 6.8, which is before xenial came out. This makes it more difficult to compare fingerprints listed as MD5 in log files with fingerprints printed as SHA256 by OpenSSH. The upstream pam-ssh-auth-agent codebase is poorly maintained and has not kept up with OpenSSH changes.
[test case]
set up a system in FIPS mode with FIPS openssl, install pam-ssh-agent-auth and configure per:
https:/
Then ssh to the system, making sure to use -A to pass the local ssh-agent along, and also ssh to an account that does not have NOPASSWD sudo enabled. Then run 'sudo -i', which will segfault.
In the log file, an MD5 fingerprint that would show up like so:
pam_ssh_agent_auth: Found matching RSA key: c9:20:ff:
would now show up like so after the update:
pam_ssh_agent_auth: Found matching RSA key: SHA256:
and would match the output of ssh-keygen -lf ~/.ssh/id_rsa.pub
[regression potential]
The fingerprint is only used when logging, so there is no impact on functionality. If the patch is broken, pam authentication would fail, or the message logged would be incorrect.
[scope]
the use of MD5 fingerprint is still in upstream code, so this may need to be fixed there and in all releases. alternately, a FIPS-compliant package could be created.
[other info]
the openssl FIPS addition that causes this is:
#ifdef OPENSSL_FIPS
if (FIPS_mode()) {
if (!(type->flags & EVP_MD_FLAG_FIPS)
&& !(ctx->flags & EVP_MD_
}
}
#endif
so pam-ssh-agent-auth could set either flag to force openssl to allow this use of MD5; however the pam-ssh-agent-auth code that calls into openssl doesn't know what the md5 is going to be used for, so it may be more complex, and probably is much simpler just to stop using MD5 for the logged fingerprint.
Changed in pam-ssh-agent-auth (Ubuntu Jammy): | |
status: | Fix Released → Fix Committed |
Changed in pam-ssh-agent-auth (Ubuntu Jammy): | |
status: | Fix Committed → Fix Released |
description: | updated |
description: | updated |
@ubuntu-security team, as this only affects FIPS, could you take a look at this and determine if you should create a FIPS-specific version of this package?