Uninitialized struct field in the fix for CVE-2015-5600 causes random auth failures
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| openssh (Ubuntu) |
Undecided
|
Marc Deslauriers | ||
| Precise |
Undecided
|
Marc Deslauriers | ||
| Trusty |
Undecided
|
Marc Deslauriers | ||
| Vivid |
Undecided
|
Marc Deslauriers | ||
| Wily |
Undecided
|
Marc Deslauriers |
Bug Description
In Ubuntu 12.04, the fix for CVE-2015-5600[1] just hit upstream in package openssh-
Reproducing:
Install openssh-
Add an authentication mechanism that uses the keyboard-
Attempt to log in via the above mechanism. Instead of consistently prompting the user for input, it will sometimes fall straight through to password auth because the devices_done bit field is initialized with garbage data.
Downgrading to openssh-
[1]: http://
CVE References
Benn Sundsrud (benn-sundsrud) wrote : | #1 |
Changed in openssh (Ubuntu Precise): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in openssh (Ubuntu Trusty): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in openssh (Ubuntu Vivid): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in openssh (Ubuntu Wily): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in openssh (Ubuntu Precise): | |
status: | New → Confirmed |
Changed in openssh (Ubuntu Trusty): | |
status: | New → Confirmed |
Changed in openssh (Ubuntu Vivid): | |
status: | New → Confirmed |
Changed in openssh (Ubuntu Wily): | |
status: | New → Confirmed |
Marc Deslauriers (mdeslaur) wrote : | #3 |
I have uploaded updated packages to fix this issue to the following PPA:
https:/
Please test and see if they fix the issue in your environment. If they do, and they pass QA, I will publish them as security updates tomorrow.
Thanks.
Launchpad Janitor (janitor) wrote : | #4 |
This bug was fixed in the package openssh - 1:6.7p1-6ubuntu2
---------------
openssh (1:6.7p1-6ubuntu2) wily; urgency=medium
* SECURITY REGRESSION: random auth failures because of uninitialized
struct field (LP: #1485719)
- debian/
auth2-
-- Marc Deslauriers <email address hidden> Mon, 17 Aug 2015 22:13:25 -0400
Changed in openssh (Ubuntu Wily): | |
status: | Confirmed → Fix Released |
Benn Sundsrud (benn-sundsrud) wrote : | #5 |
That package works on my test box. Thanks Marc!
Launchpad Janitor (janitor) wrote : | #6 |
This bug was fixed in the package openssh - 1:5.9p1-5ubuntu1.7
---------------
openssh (1:5.9p1-
* SECURITY REGRESSION: random auth failures because of uninitialized
struct field (LP: #1485719)
- debian/
-- Marc Deslauriers <email address hidden> Mon, 17 Aug 2015 21:53:19 -0400
Changed in openssh (Ubuntu Precise): | |
status: | Confirmed → Fix Released |
Launchpad Janitor (janitor) wrote : | #7 |
This bug was fixed in the package openssh - 1:6.6p1-2ubuntu2.3
---------------
openssh (1:6.6p1-
* SECURITY REGRESSION: random auth failures because of uninitialized
struct field (LP: #1485719)
- debian/
-- Marc Deslauriers <email address hidden> Mon, 17 Aug 2015 21:52:52 -0400
Changed in openssh (Ubuntu Trusty): | |
status: | Confirmed → Fix Released |
Launchpad Janitor (janitor) wrote : | #8 |
This bug was fixed in the package openssh - 1:6.7p1-5ubuntu1.3
---------------
openssh (1:6.7p1-
* SECURITY REGRESSION: random auth failures because of uninitialized
struct field (LP: #1485719)
- debian/
-- Marc Deslauriers <email address hidden> Mon, 17 Aug 2015 21:49:49 -0400
Changed in openssh (Ubuntu Vivid): | |
status: | Confirmed → Fix Released |
Colin Watson (cjwatson) wrote : | #9 |
This patch is unnecessary with OpenSSH 6.5p1 and newer, because kbdint_alloc now uses xcalloc rather than xmalloc and thus zeroes the entire structure. The regression fix was thus only needed for precise and not for later releases; I'll drop it from wily shortly when resyncing with unstable, in the cause of keeping a smaller delta against upstream.
The attachment "CVE-2015- 5600_initialize _struct. patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]