Re: Fix for CVE-2015-5600 can erroneously prevent logging in sometimes

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Mon, 17 Aug 2015, Ethan Rahn wrote:

> Hello,
> 
> When testing a fix for CVE-2015-5600 based on the Ubuntu patch in
> openssh-5.9 (
> https://launchpadlibrarian.net/214490716/openssh_1%3A5.9p1-5ubuntu1.4_1%3A5.9p1-5ubuntu1.6.diff.gz
> ), I noticed that there was an issue with getting permission denied when
> trying to log in lots of times with what should be valid credentials.
> 
> The symptom was when logging in with the command and sshd_config below I
> would get permission denied sometimes and permission granted other times.
> Upon investigating the reason for permission being denied was sshd
> erroneously thinking "pam" had already been used as a login method on the
> first attempt to use it. This appeared to be related to the kbdinit_alloc
> function in auth2_chall.c not initializing devices_done. Once I made the
> following patch the issue went away:
> 
> @@ -130,6 +131,7 @@ kbdint_alloc(const char *devs)
>         kbdintctxt->ctxt = NULL;
>         kbdintctxt->device = NULL;
>         kbdintctxt->nreq = 0;
> +       kbdintctxt->devices_done = 0;
> 
>         return kbdintctxt;
>  }

Your patch is needed for openssh <= 6.3. Newer versions have used calloc
to allocate kbdintctxt. Whoever backported the patch for 7.0 should have
checked to begin with.

-d

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux