Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <52E877AF.9030205@redhat.com>
Date: Tue, 28 Jan 2014 20:38:23 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: Open Source Security <oss-security@...ts.openwall.com>,
        Assign a CVE Identifier <cve-assign@...re.org>
Subject: OpenSSH J-PAKE vulnerability (no cause for panic! remain calm!)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/schnorr.c

Revision 1.10: download - view: text, markup, annotated - select for diffs
Wed Jan 29 00:21:41 2014 UTC (3 hours, 14 minutes ago) by djm
Branches: MAIN
CVS tags: HEAD
Diff to: previous 1.9: preferred, coloured
Changes since revision 1.9: +4 -1 lines
In the experimental, never-enabled JPAKE code: clear returned digest and
length in hash_buffer() for error cases; could lead to memory corruption
later if EVP_Digest* fails.  Pointed out by Mark Dowd

As I understand it this can be enabled via code edit/gcc command line
options, so not sure if this qualified for a CVE or not (vuln in code,
yes, is code reachable? not under any default setup, and even on
non-default you have to go pretty far off to enable it).

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJS6HevAAoJEBYNRVNeJnmTFcgP/3oYP20fflvJfWw4prATaws3
zZT3MFjmzEy6DJFrAsW9VXNYfUsTKxyf+vI4f1njKUUi7MdYb6HTIbeI/9zu8fP3
zqf3KDLKYZJsO/mC5zm/r+2lduFXNMg8zFkxNci3mNFSwkH0yr4YCaoTlNZlQITY
2dIZDnS0s+vfumd5Epv1+PRGhGxTOfJQIqSw/Li1YAVcIBPgOthN6Wpo2kiwLuJR
/AOkSNDOHTq8//xkQLsnaeOxQMqzo+s/NU5oNX7Me9QWmjnKDipEcUVYcbZ9SyhZ
DcXrxpm9J+iyWCuMgZX8LokscRhmJVi5sJWA4U9xVy/hi0zZYzIQrCXbhEfDM+g3
sKZWUvWrsoMC5mUhqwQyMGRP0o/qTtBN3qz1gNY0jy0zd0Bzi8Fi7++MGyN7H5pv
ymLrpiQvKGC3Pu7SPBPcYDi1jdK+VZ9ztFUTxTvkzn0+LjGxf7+GZuPfrn0CH2em
CeCi4o/CiFI4fKr0cMu10uwBfmGxKKSG+eWjSYySVkvO0xLs9I91Ksby69jTGjAp
6Ln8XtQgSRDJ6hKba6Wox5RxDiuNhitlUD2mcm+5s1SuV+EQzegaX6CTbaO8Zgy5
W7QwDU2M1RcY7VTTDrAg2Grscint106UZmZiiOLsT2R3/cbv7EOISgXTybEdPT3g
bClWQdKuzSxlPrjIp7AT
=dkva
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.