From owner-freebsd-security@freebsd.org  Tue Apr 23 01:16:33 2019
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2B6E61588C28
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Tue, 23 Apr 2019 01:16:33 +0000 (UTC)
 (envelope-from brahma.gdb@gmail.com)
Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com
 [IPv6:2a00:1450:4864:20::12e])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 642C887D1C
 for <FreeBSD-security@freebsd.org>; Tue, 23 Apr 2019 01:16:28 +0000 (UTC)
 (envelope-from brahma.gdb@gmail.com)
Received: by mail-lf1-x12e.google.com with SMTP id j11so10359526lfm.0
 for <FreeBSD-security@freebsd.org>; Mon, 22 Apr 2019 18:16:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:from:date:message-id:subject:to;
 bh=7vX5DtXyANSu1LTZPRhXkHGYGrgOf/DTm6HJwLiWq6A=;
 b=s1SpPbMhs6OAIYteR+8/6I0qzTGDFCqlFoXbdSW61D7iGz6/pnQHTJT7iV/6LZY4sS
 Wl40JBuDCtlsNzLLtsGTdtEk5oVmbbiNxw94uR7G/lowWfrsKaKey/KcF8j99cECGtLe
 lNVFT1eSDlFEfvP96i0FWQtBC4IYspMv4ZWdiQ+mIetePRRm/OTjL396eXzvqxTnU805
 k/P31hLU3cY908PNkvO/v81wa2ewG1AgQmuTm7LEz87+G9VHNzsDSytDap6GiTS4ivX7
 blOkV378wG/InygZc0w99hoMt4O+setOrqSyo0/36OzCMK8/H9W5eo+DNKw/n65R99G/
 FDWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=7vX5DtXyANSu1LTZPRhXkHGYGrgOf/DTm6HJwLiWq6A=;
 b=MhlSHHgCVOb/VjJiH2h9l44/HuDeDnkTlVA8fP2CNwFkBhwgdNKslUmPU7I8pUAmGV
 ASqYpM5Iw/Cv1Nfhj4aLdZ54k0BLFvjvjsMKoyiz8vHJet55bph4DVfTQxI8F2zOEpvy
 8ogp2R/HqH+ln8JjGLKeNFRE35mNgtIybOb9LaONcpgy8/3ZAaEwWeYn8Fdf7QVUI9zT
 LUenw4R9R8NGXGEX2vibYHVPosD/mwoMcqmOKThbGTjeGtWsMzYHENNJE5JcJqbBe1S/
 n/W7KzsyUfnkZHxLCDvf+UdKGGvgqNwwypIRv65zml+Mv/jAHo5j+CYjvZ+qJ/BxsSae
 NvDw==
X-Gm-Message-State: APjAAAXjU2ChGsYhiTUrI7soKPvB5O2QV2dVycTN3TNIasnwZFoOKrD1
 J6uL+aJKtFXyYbn+aNgCoCuJbIR6+0KDOml2Va8+o39d
X-Google-Smtp-Source: APXvYqyNVZVNF2Hi7CTEAb0CkB8LGzBYIdYTAf+9TTev3/G1ZInwy8fZmJKt3cvV518qFaXpBf/SpJBQhKKBWffIO08=
X-Received: by 2002:a19:f243:: with SMTP id d3mr12675893lfk.13.1555982186966; 
 Mon, 22 Apr 2019 18:16:26 -0700 (PDT)
MIME-Version: 1.0
From: Brahmanand Reddy <brahma.gdb@gmail.com>
Date: Tue, 23 Apr 2019 06:46:15 +0530
Message-ID: <CAKsRH7mBLc3FTJ08uETkniG=wdwyaZrvpYYJAxYmj+pPRU4ibw@mail.gmail.com>
Subject: POC and patch for the CVE-2018-15473
To: openssh@openssh.com, FreeBSD-security@freebsd.org
X-Rspamd-Queue-Id: 642C887D1C
X-Spamd-Bar: ------
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=s1SpPbMh;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of brahmagdb@gmail.com designates
 2a00:1450:4864:20::12e as permitted sender) smtp.mailfrom=brahmagdb@gmail.com
X-Spamd-Result: default: False [-6.70 / 15.00];
 R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36];
 FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_NONE(0.00)[];
 DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com];
 NEURAL_HAM_SHORT(-0.88)[-0.882,0]; FROM_EQ_ENVFROM(0.00)[];
 RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+,1:+];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
 TAGGED_FROM(0.00)[];
 DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0];
 ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 NEURAL_HAM_LONG(-1.00)[-1.000,0];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 RCVD_IN_DNSWL_NONE(0.00)[e.2.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org
 : 127.0.5.0]; 
 IP_SCORE(-2.81)[ip: (-9.35), ipnet: 2a00:1450::/32(-2.37), asn: 15169(-2.25),
 country: US(-0.06)]; RCVD_COUNT_TWO(0.00)[2]
X-Mailman-Approved-At: Tue, 23 Apr 2019 10:27:58 +0000
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Apr 2019 01:16:33 -0000

Dear experts,

regarding the CVE-2018-15473 dint find find official patch from the openssh
on freebsd OS base.
 i found following relevant patch on openBsd based and applied on freeBsd.
https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0

Could you please confirm the this is the appropriate patch share the POC of
the same.


Thanks and regards,
Brahma

From owner-freebsd-security@freebsd.org  Wed Apr 24 10:24:03 2019
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3D11D159446C
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Wed, 24 Apr 2019 10:24:03 +0000 (UTC) (envelope-from des@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org
 [IPv6:2610:1c1:1:606c::24b:4])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "smtp.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id D689186493;
 Wed, 24 Apr 2019 10:24:02 +0000 (UTC) (envelope-from des@freebsd.org)
Received: from next.des.no (cm-84.215.56.209.getinternet.no [84.215.56.209])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate) (Authenticated sender: des)
 by smtp.freebsd.org (Postfix) with ESMTPSA id 853CA2A50D;
 Wed, 24 Apr 2019 10:24:02 +0000 (UTC) (envelope-from des@freebsd.org)
Received: by next.des.no (Postfix, from userid 1001)
 id EF15985A1; Wed, 24 Apr 2019 12:24:00 +0200 (CEST)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@FreeBSD.org>
To: Brahmanand Reddy <brahma.gdb@gmail.com>
Cc: openssh@openssh.com,  FreeBSD-security@freebsd.org
Subject: Re: POC and patch for the CVE-2018-15473
In-Reply-To: <CAKsRH7mBLc3FTJ08uETkniG=wdwyaZrvpYYJAxYmj+pPRU4ibw@mail.gmail.com>
 (Brahmanand Reddy's message of "Tue, 23 Apr 2019 06:46:15 +0530")
References: <CAKsRH7mBLc3FTJ08uETkniG=wdwyaZrvpYYJAxYmj+pPRU4ibw@mail.gmail.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (berkeley-unix)
Date: Wed, 24 Apr 2019 12:24:00 +0200
Message-ID: <86mukfhfb3.fsf@next.des.no>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: D689186493
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.98 / 15.00];
 local_wl_from(0.00)[freebsd.org];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; TAGGED_RCPT(0.00)[];
 NEURAL_HAM_SHORT(-0.98)[-0.981,0];
 ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]
X-Mailman-Approved-At: Wed, 24 Apr 2019 10:29:59 +0000
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Apr 2019 10:24:03 -0000

Brahmanand Reddy <brahma.gdb@gmail.com> writes:
> regarding the CVE-2018-15473 dint find find official patch from the opens=
sh
> on freebsd OS base.

CVE-2018-15473 is a user existence oracle bug which does not meet our
criteria for security advisories.

FreeBSD 12 has OpenSSH 7.8, which is patched.  FreeBSD 11 has OpenSSH
7.5, which is not.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@FreeBSD.org

From owner-freebsd-security@freebsd.org  Wed Apr 24 11:27:52 2019
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4163B159597B
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Wed, 24 Apr 2019 11:27:52 +0000 (UTC)
 (envelope-from brahma.gdb@gmail.com)
Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com
 [IPv6:2a00:1450:4864:20::22a])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id C3EA18867C;
 Wed, 24 Apr 2019 11:27:50 +0000 (UTC)
 (envelope-from brahma.gdb@gmail.com)
Received: by mail-lj1-x22a.google.com with SMTP id y6so16477959ljd.12;
 Wed, 24 Apr 2019 04:27:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=QwvMqqeecgY9b87WIebbRaRs0OJjIV80kP/cQU552tI=;
 b=iyXL4F6rniA7NcQrMnPlVwGjd6Pu4Oddx28ncQlma08E5JENKSmFTRBuUIH1iVCcNN
 ZRakFrmJjM+3sGpckrbOqdW8ibN6ZAP3C3U0RlJlbosRerhDdf9cOgd1MqFxIyYHHJyj
 UnH0sSk9UAHnCmko3macDkojoAvQa3G6syjee/05kASSRCxppQwysLPp3P9d3aTbhWgA
 SLihHJ/pb72e6R9yKFMbGYXbVhO301s8O5o58Sm4dh/t4eXNii/Z9pgU6g2BVKE8D9U4
 M1YdTrC/QIitR6NFHf66mu9Je1/zX1MPq1UQqQQlsEIWHmy0TTT1gzBxoRz9UY8Y1gAi
 uYnA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=QwvMqqeecgY9b87WIebbRaRs0OJjIV80kP/cQU552tI=;
 b=crSa8+Zf3BZdCtgsoCuQcvPUbX0Ew+jg42t6dR0jnDH9Kj+yxuaq7nzDUGCou5Aw8s
 sXbAiTdDy9LI4P/hitR/5OmlNhyiG9/EGTIBUUa8wApAHLgTV3IPijIZjC42zJUOgAQ3
 TxaK5e/7SmJnOFUO0Bgcg33bw2+bXV0S6Mg2smLBnn8L8PKKb1BqaD4xvrOvNtu/lAtf
 DCgsPuwwoxj6nrxFj8C/04K+JQXxBrdhZrzoBTlHMUf1Oa/pmGPrJ/7ccevkjWcybiTv
 q4lqkhTrqFF/54DOaPFfinFpYgo/U+25FrjuiTS/M0zHgjiEDz27KSvMWGRkmE4eSetO
 I/8A==
X-Gm-Message-State: APjAAAWc1ygRtaDQyAaczody7nGbH0NtdXdqSY5kJGUB7E2bP0coiOH+
 7TJ3Hv3sv1txvd0ezSNVD8hCwuYgMes7OSPwG/Vxqfe1
X-Google-Smtp-Source: APXvYqwtO936pFkWDR+y2BKAj05n7jbPqVbM8k6hH9Wvylyh0mxTjfcupc7CzCju7z/OxLhDjXOnw5EOPwLPdFb46nc=
X-Received: by 2002:a2e:b016:: with SMTP id y22mr17039282ljk.133.1556105268564; 
 Wed, 24 Apr 2019 04:27:48 -0700 (PDT)
MIME-Version: 1.0
References: <CAKsRH7mBLc3FTJ08uETkniG=wdwyaZrvpYYJAxYmj+pPRU4ibw@mail.gmail.com>
 <86mukfhfb3.fsf@next.des.no>
In-Reply-To: <86mukfhfb3.fsf@next.des.no>
From: Brahmanand Reddy <brahma.gdb@gmail.com>
Date: Wed, 24 Apr 2019 16:57:37 +0530
Message-ID: <CAKsRH7njoE9VD+gxg6ZrZ4vPT_4b9-Hnz+1b8fVeQVcjse91mQ@mail.gmail.com>
Subject: Re: POC and patch for the CVE-2018-15473
To: =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= <des@freebsd.org>
Cc: openssh@openssh.com, FreeBSD-security@freebsd.org
X-Rspamd-Queue-Id: C3EA18867C
X-Spamd-Bar: ------
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=iyXL4F6r;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of brahmagdb@gmail.com designates
 2a00:1450:4864:20::22a as permitted sender) smtp.mailfrom=brahmagdb@gmail.com
X-Spamd-Result: default: False [-6.70 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 RCPT_COUNT_THREE(0.00)[3];
 R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36];
 FREEMAIL_FROM(0.00)[gmail.com];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 RCVD_TLS_LAST(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 TO_DN_SOME(0.00)[];
 DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 RCVD_IN_DNSWL_NONE(0.00)[a.2.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org
 : 127.0.5.0]; 
 MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com];
 IP_SCORE(-2.76)[ip: (-9.08), ipnet: 2a00:1450::/32(-2.37), asn: 15169(-2.27),
 country: US(-0.06)]; NEURAL_HAM_SHORT(-0.93)[-0.933,0];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
 TAGGED_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2]
X-Mailman-Approved-At: Wed, 24 Apr 2019 12:01:58 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Apr 2019 11:27:52 -0000

Thank you!

CVE-2018-15473 is a "user existence oracle bug which does not meet our
criteria for security advisories".

You mean this vulnerability which will impact/affects only for Oracle base?
. kindly  confirm.

On Wed, Apr 24, 2019 at 3:54 PM Dag-Erling Sm=C3=B8rgrav <des@freebsd.org> =
wrote:

> Brahmanand Reddy <brahma.gdb@gmail.com> writes:
> > regarding the CVE-2018-15473 dint find find official patch from the
> openssh
> > on freebsd OS base.
>
> CVE-2018-15473 is a user existence oracle bug which does not meet our
> criteria for security advisories.
>
> FreeBSD 12 has OpenSSH 7.8, which is patched.  FreeBSD 11 has OpenSSH
> 7.5, which is not.
>
> DES
> --
> Dag-Erling Sm=C3=B8rgrav - des@FreeBSD.org
>

From owner-freebsd-security@freebsd.org  Wed Apr 24 13:49:26 2019
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 50BAB1599443
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Wed, 24 Apr 2019 13:49:26 +0000 (UTC) (envelope-from cameron@ctc.com)
Received: from pm4.ctc.com (pm4.ctc.com [147.160.99.24])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "pm4.ctc.com", Issuer "RapidSSL RSA CA 2018" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 44E7D8D4A0
 for <FreeBSD-security@freebsd.org>; Wed, 24 Apr 2019 13:49:22 +0000 (UTC)
 (envelope-from cameron@ctc.com)
Received: from pps.filterd (pm4.ctc.com [127.0.0.1])
 by pm4.ctc.com (8.16.0.27/8.16.0.27) with SMTP id x3ODElve019925;
 Wed, 24 Apr 2019 09:20:20 -0400
Received: from server3a.ctc.com ([10.160.17.12])
 by pm4.ctc.com with ESMTP id 2s2a64s4m6-1
 (version=TLSv1 cipher=AES256-SHA bits=256 verify=NO);
 Wed, 24 Apr 2019 09:20:20 -0400
Received: from linux18.ctc.com (linux18.ctc.com [147.160.10.18])
 by server3a.ctc.com (8.14.4/8.14.4) with ESMTP id x3ODKLdZ029452;
 Wed, 24 Apr 2019 09:20:21 -0400
Received: (from cameron@localhost)
 by linux18.ctc.com (8.14.4/8.14.4/Submit) id x3ODKKIi002963;
 Wed, 24 Apr 2019 09:20:20 -0400
Date: Wed, 24 Apr 2019 09:20:20 -0400
From: "Cameron, Frank J" <cameron@ctc.com>
To: Brahmanand Reddy <brahma.gdb@gmail.com>
Cc: FreeBSD-security@freebsd.org, openssh@openssh.com
Subject: Re: POC and patch for the CVE-2018-15473
Message-ID: <20190424132020.GX32299@linux18.ctc.com>
References: <CAKsRH7mBLc3FTJ08uETkniG=wdwyaZrvpYYJAxYmj+pPRU4ibw@mail.gmail.com>
 <86mukfhfb3.fsf@next.des.no>
 <CAKsRH7njoE9VD+gxg6ZrZ4vPT_4b9-Hnz+1b8fVeQVcjse91mQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAKsRH7njoE9VD+gxg6ZrZ4vPT_4b9-Hnz+1b8fVeQVcjse91mQ@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Rspamd-Queue-Id: 44E7D8D4A0
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 spf=pass (mx1.freebsd.org: domain of cameron@ctc.com designates 147.160.99.24
 as permitted sender) smtp.mailfrom=cameron@ctc.com
X-Spamd-Result: default: False [-2.19 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-0.99)[-0.986,0]; RCVD_COUNT_FIVE(0.00)[5];
 FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3];
 R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-0.99)[-0.990,0];
 TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain];
 DMARC_NA(0.00)[ctc.com]; TO_DN_SOME(0.00)[];
 NEURAL_SPAM_SHORT(0.10)[0.104,0];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 MX_GOOD(-0.01)[pm4.ctc.com,pm5.ctc.com];
 RCVD_IN_DNSWL_NONE(0.00)[24.99.160.147.list.dnswl.org : 127.0.10.0];
 IP_SCORE(-0.01)[country: US(-0.06)];
 FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:7816, ipnet:147.160.99.0/24, country:US];
 RCVD_TLS_LAST(0.00)[]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Apr 2019 13:49:26 -0000

Brahmanand Reddy wrote:
> CVE-2018-15473 is a "user existence oracle bug which does not meet our
> criteria for security advisories".
> 
> You mean this vulnerability which will impact/affects only for Oracle
> base?  kindly confirm.

"Oracle" in the ancient Greek sense of a person through whom a deity
speaks and/or reveals hidden knowledge[1].

Quoting Damien Miller[2]:
"I and the other OpenSSH developers don't consider this class of bug a
significant vulnerability... this isn't "user enumeration" because it
doesn't yield the ability to enumerate or list accounts. It's an oracle;
allowing an attacker to make brute-force guesses of account names and
verify whether they exist on the target system."

[1] https://www.merriam-webster.com/dictionary/oracle
[2] https://www.openwall.com/lists/oss-security/2018/08/24/1

-----------------------------------------------------------------
This message and any files transmitted within are intended
solely for the addressee or its representative and may contain
company proprietary information.  If you are not the intended
recipient, notify the sender immediately and delete this
message.  Publication, reproduction, forwarding, or content
disclosure is prohibited without the consent of the original
sender and may be unlawful.

Concurrent Technologies Corporation and its Affiliates.
www.ctc.com  1-800-282-4392
-----------------------------------------------------------------

From owner-freebsd-security@freebsd.org  Thu Apr 25 09:46:37 2019
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 86F421591F01
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Thu, 25 Apr 2019 09:46:37 +0000 (UTC) (envelope-from des@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org
 [IPv6:2610:1c1:1:606c::24b:4])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "smtp.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id DA386732AA;
 Thu, 25 Apr 2019 09:46:36 +0000 (UTC) (envelope-from des@freebsd.org)
Received: from next.des.no (cm-84.215.56.209.getinternet.no [84.215.56.209])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate) (Authenticated sender: des)
 by smtp.freebsd.org (Postfix) with ESMTPSA id 930554423;
 Thu, 25 Apr 2019 09:46:36 +0000 (UTC) (envelope-from des@freebsd.org)
Received: by next.des.no (Postfix, from userid 1001)
 id 7BFB2866C; Thu, 25 Apr 2019 11:46:34 +0200 (CEST)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@FreeBSD.org>
To: Brahmanand Reddy <brahma.gdb@gmail.com>
Cc: openssh@openssh.com,  FreeBSD-security@freebsd.org
Subject: Re: POC and patch for the CVE-2018-15473
In-Reply-To: <CAKsRH7njoE9VD+gxg6ZrZ4vPT_4b9-Hnz+1b8fVeQVcjse91mQ@mail.gmail.com>
 (Brahmanand Reddy's message of "Wed, 24 Apr 2019 16:57:37 +0530")
References: <CAKsRH7mBLc3FTJ08uETkniG=wdwyaZrvpYYJAxYmj+pPRU4ibw@mail.gmail.com>
 <86mukfhfb3.fsf@next.des.no>
 <CAKsRH7njoE9VD+gxg6ZrZ4vPT_4b9-Hnz+1b8fVeQVcjse91mQ@mail.gmail.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (berkeley-unix)
Date: Thu, 25 Apr 2019 11:46:34 +0200
Message-ID: <86ftq6to1x.fsf@next.des.no>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: DA386732AA
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.98 / 15.00]; TAGGED_RCPT(0.00)[];
 local_wl_from(0.00)[freebsd.org];
 NEURAL_HAM_SHORT(-0.98)[-0.976,0];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]
X-Mailman-Approved-At: Thu, 25 Apr 2019 11:23:11 +0000
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Apr 2019 09:46:37 -0000

Brahmanand Reddy <brahma.gdb@gmail.com> writes:
> CVE-2018-15473 is a "user existence oracle bug which does not meet our
> criteria for security advisories".
>
> You mean this vulnerability which will impact/affects only for Oracle
> base? . kindly=C2=A0 confirm.

An oracle vulnerability is a type of information disclosure bug which
does not directly expose information but can be used to confirm guesses.
In this case, the bug allows you to confirm the existence of an account
by attempting to log into it with a random password.  It does not
actually give you a list of existing accounts, as =E2=80=9Caccount enumerat=
ion=E2=80=9D
would suggest.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@FreeBSD.org