NetBSD Problem Report #59085
From www@netbsd.org Tue Feb 18 16:50:35 2025
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
client-signature RSA-PSS (2048 bits) client-digest SHA256)
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 355D61A923D
for <gnats-bugs@gnats.NetBSD.org>; Tue, 18 Feb 2025 16:50:35 +0000 (UTC)
Message-Id: <20250218165033.EA0121A923E@mollari.NetBSD.org>
Date: Tue, 18 Feb 2025 16:50:33 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: openssh: VerifyHostKeyDNS is busted
X-Send-Pr-Version: www-1.0
>Number: 59085
>Category: bin
>Synopsis: openssh: VerifyHostKeyDNS is busted
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: needs-pullups
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Feb 18 16:55:00 +0000 2025
>Closed-Date:
>Last-Modified: Tue Feb 18 18:41:36 +0000 2025
>Originator: Taylor R Campbell
>Release: current, 10, 9, ...
>Organization:
The NetBSshDnssec Foundahole
>Environment:
>Description:
The VerifyHostKeyDNS option in OpenSSH is spectacularly broken: https://www.openwall.com/lists/oss-security/2025/02/18/1
>How-To-Repeat:
MITM
>Fix:
1. We should remove the clause to enable this for *.netbsd.org hosts in /etc/ssh/ssh_config -- it's not very useful and it's not worth the risks.
2. We should update OpenSSH to fix the bug.
>Release-Note:
>Audit-Trail:
From: Christos Zoulas <christos@zoulas.com>
To: gnats-bugs@netbsd.org
Cc: gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org
Subject: Re: bin/59085: openssh: VerifyHostKeyDNS is busted
Date: Tue, 18 Feb 2025 12:56:26 -0500
--Apple-Mail=_6846F7D1-B19C-4FFC-A5C5-80100683F640
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii
Fixed on HEAD.
christos
--Apple-Mail=_6846F7D1-B19C-4FFC-A5C5-80100683F640
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iF0EARECAB0WIQS+BJlbqPkO0MDBdsRxESqxbLM7OgUCZ7TJygAKCRBxESqxbLM7
Or+QAJ0Wu6hnmPzxY/3VVnagX6t3lz1mTgCggDXNd5sIwgzK/9X2f2yuQAL/5RY=
=IZoP
-----END PGP SIGNATURE-----
--Apple-Mail=_6846F7D1-B19C-4FFC-A5C5-80100683F640--
State-Changed-From-To: open->needs-pullups
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Tue, 18 Feb 2025 18:41:36 +0000
State-Changed-Why:
Module Name: src
Committed By: christos
Date: Tue Feb 18 17:53:25 UTC 2025
Modified Files:
src/crypto/external/bsd/openssh/dist: gss-serv.c krl.c misc.c misc.h
packet.c readconf.c servconf.c ssh-agent.c ssh-sk-client.c
sshconnect2.c sshsig.c version.h
src/crypto/external/bsd/openssh/lib: shlib_version ssh.expsym
src/crypto/external/bsd/openssh/libexec: Makefile.inc
Log Message:
Bring in changes from OpenSSH-9.9p2:
Security
========
* Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
(inclusive) contained a logic error that allowed an on-path
attacker (a.k.a MITM) to impersonate any server when the
VerifyHostKeyDNS option is enabled. This option is off by default.
* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
(inclusive) is vulnerable to a memory/CPU denial-of-service related
to the handling of SSH2_MSG_PING packets. This condition may be
mitigated using the existing PerSourcePenalties feature.
Both vulnerabilities were discovered and demonstrated to be exploitable
by the Qualys Security Advisory team. We thank them for their detailed
review of OpenSSH.
For OpenBSD, fixes to these problems are available as errata; refer
to https://www.openbsd.org/errata.html
Bugfixes
========
* ssh(1), sshd(8): fix regression in Match directive that caused
failures when predicates and their arguments were separated by '='
characters instead of whitespace (bz3739).
* sshd(8): fix the "Match invalid-user" predicate, which was matching
incorrectly in the initial pass of config evaluation.
* ssh(1), sshd(8), ssh-keyscan(1): fix mlkem768x25519-sha256 key
exchange on big-endian systems.
* Fix a number of build problems on particular operating systems /
configurations.
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/gss-serv.c
cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssh/dist/krl.c
cvs rdiff -u -r1.37 -r1.38 src/crypto/external/bsd/openssh/dist/misc.c
cvs rdiff -u -r1.29 -r1.30 src/crypto/external/bsd/openssh/dist/misc.h
cvs rdiff -u -r1.52 -r1.53 src/crypto/external/bsd/openssh/dist/packet.c
cvs rdiff -u -r1.47 -r1.48 src/crypto/external/bsd/openssh/dist/readconf.c
cvs rdiff -u -r1.48 -r1.49 src/crypto/external/bsd/openssh/dist/servconf.c \
src/crypto/external/bsd/openssh/dist/version.h
cvs rdiff -u -r1.39 -r1.40 src/crypto/external/bsd/openssh/dist/ssh-agent.c
cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssh/dist/ssh-sk-client.c
cvs rdiff -u -r1.49 -r1.50 src/crypto/external/bsd/openssh/dist/sshconnect2.c
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/sshsig.c
cvs rdiff -u -r1.38 -r1.39 src/crypto/external/bsd/openssh/lib/shlib_version
cvs rdiff -u -r1.1 -r1.2 src/crypto/external/bsd/openssh/lib/ssh.expsym
cvs rdiff -u -r1.1 -r1.2 src/crypto/external/bsd/openssh/libexec/Makefile.inc
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2025
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home