weak preferred kex in 16.04 LTS

Bug #1728607 reported by Fabien Tassin on 2017-10-30
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
paramiko (Ubuntu)
Medium
Unassigned

Bug Description

Paramiko 1.* uses diffie-hellman-group1-sha1 as its most preferred kex, but this kex is now considered weak. OpenSSH 7 dropped it from its defaults in 2015. Some devices start to complain or even to reject connections because of that (I'm experiencing it with routers and firewalls)

This has been fixed upstream in paramiko 2.3.1:
https://github.com/paramiko/paramiko/commit/c1233679c448b445ec991710d259eec0a9f64b61

It would be nice to land that in the lastest LTS, probably as a security update.
It shouldn't have any impact, as long as diffie-hellman-group1-sha1 remains in this list.

(maybe https://github.com/paramiko/paramiko/commit/b395444062e82953d417a4da9157667c2e05d758 should be considered too)

Thoughts?

CVE References

Fabien Tassin (fta) wrote :

..maybe it's worth mentioning that there is no way to change this preferred kex list from the outside (in a client app) before it's being used. Hence the requirement for the patch.

Leonidas S. Barbosa (leosilvab) wrote :

Hi Fabien,

Can we make this public?

Fabien Tassin (fta) wrote :

sure, done

information type: Private Security → Public
Fabien Tassin (fta) wrote :

any follow-up? anyone? I can probably prepare a debdiff but I can no longer sign it, my packager gpg key expired a long time ago.

Fabien Tassin (fta) wrote :

The attachment "debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Fabien Tassin (fta) wrote :

Could someone please have a look at this debdiff and maybe sponsor it? Thanks

Mathew Hodson (mhodson) on 2018-03-05
information type: Public → Public Security
Changed in paramiko (Ubuntu):
importance: Undecided → Medium
Seth Arnold (seth-arnold) wrote :

I'm not sure if this should be an SRU or a security sponsored update; it feels like a good idea either way, though.

Thanks

Steve Beattie (sbeattie) wrote :

Hi Fabian,

I'm okay with these re-orderings, except for the change to prefer ecdsa-sha2-nistp256 over ssh-rsa (and ssh-dss). openssh in 16.04 and 18.04 prefers the ssh-* algorithms over the ecdsa-sha2-nistp* algorithms (as reported by 'ssh -Q key').

Thanks.

Steve Beattie (sbeattie) wrote :

I've now pushed packages to the https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages for xenial and artful that include the changes mentioned along with a fixe for CVE-2018-7750. Any feedback on these would be appreciated.

Thanks!

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package paramiko - 2.0.0-1ubuntu0.1

---------------
paramiko (2.0.0-1ubuntu0.1) artful-security; urgency=medium

  [Steve Beattie]
  * SECURITY UPDATE: customized clients can skip auth
    - 0004-Fixes-CVE-2018-7750-1175.patch: send message failure if not
      authenticated and message type is a service request
    - 0002-Allow-overriding-test-client-connect-kwargs-in-Trans.patch,
      0003-Initial-tests-proving-CVE-2018-7750-1175.patch:
      add testcases plus prereq
    - CVE-2018-7750

  [ Fabien Tassin ]
  * SECURITY UPDATE: weak diffie-hellman-group1-sha1 kex always preferred (LP: #1728607)
    - 0010-git-c1233679c44-change-order-of-preferred-kex-and-hmac-algorithms.patch
    - 0011-git-b395444062e-Reorder-cipher-and-key-preferences-to-make-more-sense.patch
    Backport of the upstream changes from 2.3.1, matching the OpenSSH 7
    deprecation of diffie-hellman-group1-sha1 (http://www.openssh.com/legacy.html).
    This patch doesn't remove the support of diffie-hellman-group1-sha1 but
    makes it the least preferred kex for backward compatibility

 -- Steve Beattie <email address hidden> Fri, 16 Mar 2018 15:44:26 -0700

Changed in paramiko (Ubuntu):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package paramiko - 1.16.0-1ubuntu0.1

---------------
paramiko (1.16.0-1ubuntu0.1) xenial-security; urgency=medium

  [Steve Beattie]
  * SECURITY UPDATE: customized clients can skip auth
    - 0004-Fixes-CVE-2018-7750-1175.patch: send message failure if not
      authenticated and message type is a service request
    - 0002-Allow-overriding-test-client-connect-kwargs-in-Trans.patch,
      0003-Initial-tests-proving-CVE-2018-7750-1175.patch:
      add testcases plus prereq
    - CVE-2018-7750

  [ Fabien Tassin ]
  * SECURITY UPDATE: weak diffie-hellman-group1-sha1 kex always preferred (LP: #1728607)
    - 0010-git-c1233679c44-change-order-of-preferred-kex-and-hmac-algorithms.patch
    - 0011-git-b395444062e-Reorder-cipher-and-key-preferences-to-make-more-sense.patch
    Backport of the upstream changes from 2.3.1, matching the OpenSSH 7
    deprecation of diffie-hellman-group1-sha1 (http://www.openssh.com/legacy.html).
    This patch doesn't remove the support of diffie-hellman-group1-sha1 but
    makes it the least preferred kex for backward compatibility

 -- Steve Beattie <email address hidden> Thu, 15 Mar 2018 14:23:22 -0700

Changed in paramiko (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Patches