On Sat, Nov 20, 2004 at 01:51:55PM +1100, Darren Tucker wrote:
> No, it's not fixed in 3.9p1.
>
> The problem is not exactly the same, though. In this case, it's partly
> because the keyboard-interactive code doesn't call the kbdint driver at
> all in this case. The first attached patch ought to fix that.
>
> With that fixed, a change to the PAM code is required because it will
> complete for a real user with their real password if, eg they are listed
> in DenyUsers. This will result in the PAM code getting out of sync with
> the kbdint code, resulting in the authentication hanging. The second
> patch ought to fix that.
>
> I haven't done much testing of either patch, so please let me know how
> they go.
Thanks for this. I've backported these to 3.8.1p1, which didn't have PAM
PasswordAuthentication; the patch is attached. It seems to work for me.
After a bit more testing I'll upload this to unstable.
Message-ID: <email address hidden>
Date: Sat, 27 Nov 2004 17:26:50 +0000
From: Colin Watson <email address hidden>
To: Darren Tucker <email address hidden>
Cc: Joey Hess <email address hidden>, <email address hidden>
Subject: Re: Bug#281595: timing attack allows attacker to determine valid usernames
--SLDf9lqlvOQaIe6s Disposition: inline
Content-Type: text/plain; charset=us-ascii
Content-
On Sat, Nov 20, 2004 at 01:51:55PM +1100, Darren Tucker wrote: interactive code doesn't call the kbdint driver at
> No, it's not fixed in 3.9p1.
>
> The problem is not exactly the same, though. In this case, it's partly
> because the keyboard-
> all in this case. The first attached patch ought to fix that.
>
> With that fixed, a change to the PAM code is required because it will
> complete for a real user with their real password if, eg they are listed
> in DenyUsers. This will result in the PAM code getting out of sync with
> the kbdint code, resulting in the authentication hanging. The second
> patch ought to fix that.
>
> I haven't done much testing of either patch, so please let me know how
> they go.
Thanks for this. I've backported these to 3.8.1p1, which didn't have PAM ication; the patch is attached. It seems to work for me.
PasswordAuthent
After a bit more testing I'll upload this to unstable.
Cheers,
--
Colin Watson [<email address hidden>]
--SLDf9lqlvOQaIe6s Disposition: attachment; filename= "openssh- kbdint- authfix. patch"
Content-Type: text/plain; charset=us-ascii
Content-
Index: auth-pam.c ======= ======= ======= ======= ======= ======= ======= ======= ==== cvs/openssh/ openssh/ auth-pam. c,v cred_establishe d = 0; account_ status = -1; 177INCORRECT" ;
=======
RCS file: /home/cjwatson/
retrieving revision 1.10
diff -p -u -r1.10 auth-pam.c
--- auth-pam.c 10 Jul 2004 12:36:49 -0000 1.10
+++ auth-pam.c 27 Nov 2004 17:25:56 -0000
@@ -169,6 +169,7 @@ static int sshpam_
static int sshpam_
static char **sshpam_env = NULL;
static Authctxt *sshpam_authctxt = NULL;
+static char badpw[] = "\b\n\r\
/* Some PAM implementations don't implement this */ init(&buffer) ; put_cstring( &buffer, *resp); authctxt- >valid) put_cstring( &buffer, *resp); put_cstring( &buffer, badpw); send(ctxt- >pam_psock, PAM_AUTHTOK, &buffer) == -1) { free(&buffer) ; ======= ======= ======= ======= ======= ======= ======= ======= ==== cvs/openssh/ openssh/ auth2-chall. c,v info_response( int type, u check_eom( );
#ifndef HAVE_PAM_GETENVLIST
@@ -644,7 +645,10 @@ sshpam_respond(void *ctx, u_int num, cha
return (-1);
}
buffer_
- buffer_
+ if (sshpam_
+ buffer_
+ else
+ buffer_
if (ssh_msg_
buffer_
return (-1);
Index: auth2-chall.c
=======
RCS file: /home/cjwatson/
retrieving revision 1.1.1.3
diff -p -u -r1.1.1.3 auth2-chall.c
--- auth2-chall.c 17 Sep 2003 00:31:55 -0000 1.1.1.3
+++ auth2-chall.c 27 Nov 2004 17:25:57 -0000
@@ -275,12 +275,9 @@ input_userauth_
}
packet_
- if (authctxt->valid) { >device- >respond( kbdintctxt- >ctxt, >device- >respond( kbdintctxt- >ctxt, nresp, response);
- res = kbdintctxt-
- nresp, response);
- } else {
- res = -1;
- }
+ res = kbdintctxt-
+ if (!authctxt->valid)
+ res = 1; /* keep going if login invalid */
for (i = 0; i < nresp; i++) { response[ i], 'r', strlen( response[ i])); info_response( int type, u ======= ======= ======= ======= ======= ======= ======= ======= ==== cvs/openssh/ openssh/ debian/ changelog, v 1p1-8.sarge. 4) UNRELEASED; urgency=low interactive authentication (backported from a patch by 1p1-8.sarge. 3) unstable; urgency=low
memset(
@@ -292,7 +289,7 @@ input_userauth_
switch (res) {
case 0:
/* Success! */
- authenticated = 1;
+ authenticated = authctxt->valid ? 1 : 0;
break;
case 1:
/* Authentication needs further interaction */
Index: debian/changelog
=======
RCS file: /home/cjwatson/
retrieving revision 1.108
diff -p -u -r1.108 changelog
--- debian/changelog 12 Nov 2004 11:17:20 -0000 1.108
+++ debian/changelog 27 Nov 2004 17:25:57 -0000
@@ -1,3 +1,11 @@
+openssh (1:3.8.
+
+ * Fix timing information leak allowing discovery of invalid usernames in
+ PAM keyboard-
+ Darren Tucker; closes: #281595).
+
+ -- Colin Watson <email address hidden> Sat, 27 Nov 2004 16:19:21 +0000
+
openssh (1:3.8.
* Enable threading for PAM, on Sam Hartman's advice (closes: #278394).
--SLDf9lqlvOQaI e6s--