From owner-freebsd-security@freebsd.org  Tue Apr 23 01:16:33 2019
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2B6E61588C28
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Tue, 23 Apr 2019 01:16:33 +0000 (UTC)
 (envelope-from brahma.gdb@gmail.com)
Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com
 [IPv6:2a00:1450:4864:20::12e])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 642C887D1C
 for <FreeBSD-security@freebsd.org>; Tue, 23 Apr 2019 01:16:28 +0000 (UTC)
 (envelope-from brahma.gdb@gmail.com)
Received: by mail-lf1-x12e.google.com with SMTP id j11so10359526lfm.0
 for <FreeBSD-security@freebsd.org>; Mon, 22 Apr 2019 18:16:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:from:date:message-id:subject:to;
 bh=7vX5DtXyANSu1LTZPRhXkHGYGrgOf/DTm6HJwLiWq6A=;
 b=s1SpPbMhs6OAIYteR+8/6I0qzTGDFCqlFoXbdSW61D7iGz6/pnQHTJT7iV/6LZY4sS
 Wl40JBuDCtlsNzLLtsGTdtEk5oVmbbiNxw94uR7G/lowWfrsKaKey/KcF8j99cECGtLe
 lNVFT1eSDlFEfvP96i0FWQtBC4IYspMv4ZWdiQ+mIetePRRm/OTjL396eXzvqxTnU805
 k/P31hLU3cY908PNkvO/v81wa2ewG1AgQmuTm7LEz87+G9VHNzsDSytDap6GiTS4ivX7
 blOkV378wG/InygZc0w99hoMt4O+setOrqSyo0/36OzCMK8/H9W5eo+DNKw/n65R99G/
 FDWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=7vX5DtXyANSu1LTZPRhXkHGYGrgOf/DTm6HJwLiWq6A=;
 b=MhlSHHgCVOb/VjJiH2h9l44/HuDeDnkTlVA8fP2CNwFkBhwgdNKslUmPU7I8pUAmGV
 ASqYpM5Iw/Cv1Nfhj4aLdZ54k0BLFvjvjsMKoyiz8vHJet55bph4DVfTQxI8F2zOEpvy
 8ogp2R/HqH+ln8JjGLKeNFRE35mNgtIybOb9LaONcpgy8/3ZAaEwWeYn8Fdf7QVUI9zT
 LUenw4R9R8NGXGEX2vibYHVPosD/mwoMcqmOKThbGTjeGtWsMzYHENNJE5JcJqbBe1S/
 n/W7KzsyUfnkZHxLCDvf+UdKGGvgqNwwypIRv65zml+Mv/jAHo5j+CYjvZ+qJ/BxsSae
 NvDw==
X-Gm-Message-State: APjAAAXjU2ChGsYhiTUrI7soKPvB5O2QV2dVycTN3TNIasnwZFoOKrD1
 J6uL+aJKtFXyYbn+aNgCoCuJbIR6+0KDOml2Va8+o39d
X-Google-Smtp-Source: APXvYqyNVZVNF2Hi7CTEAb0CkB8LGzBYIdYTAf+9TTev3/G1ZInwy8fZmJKt3cvV518qFaXpBf/SpJBQhKKBWffIO08=
X-Received: by 2002:a19:f243:: with SMTP id d3mr12675893lfk.13.1555982186966; 
 Mon, 22 Apr 2019 18:16:26 -0700 (PDT)
MIME-Version: 1.0
From: Brahmanand Reddy <brahma.gdb@gmail.com>
Date: Tue, 23 Apr 2019 06:46:15 +0530
Message-ID: <CAKsRH7mBLc3FTJ08uETkniG=wdwyaZrvpYYJAxYmj+pPRU4ibw@mail.gmail.com>
Subject: POC and patch for the CVE-2018-15473
To: openssh@openssh.com, FreeBSD-security@freebsd.org
X-Rspamd-Queue-Id: 642C887D1C
X-Spamd-Bar: ------
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=s1SpPbMh;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of brahmagdb@gmail.com designates
 2a00:1450:4864:20::12e as permitted sender) smtp.mailfrom=brahmagdb@gmail.com
X-Spamd-Result: default: False [-6.70 / 15.00];
 R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36];
 FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_NONE(0.00)[];
 DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com];
 NEURAL_HAM_SHORT(-0.88)[-0.882,0]; FROM_EQ_ENVFROM(0.00)[];
 RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+,1:+];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
 TAGGED_FROM(0.00)[];
 DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0];
 ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 NEURAL_HAM_LONG(-1.00)[-1.000,0];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 RCVD_IN_DNSWL_NONE(0.00)[e.2.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org
 : 127.0.5.0]; 
 IP_SCORE(-2.81)[ip: (-9.35), ipnet: 2a00:1450::/32(-2.37), asn: 15169(-2.25),
 country: US(-0.06)]; RCVD_COUNT_TWO(0.00)[2]
X-Mailman-Approved-At: Tue, 23 Apr 2019 10:27:58 +0000
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Apr 2019 01:16:33 -0000

Dear experts,

regarding the CVE-2018-15473 dint find find official patch from the openssh
on freebsd OS base.
 i found following relevant patch on openBsd based and applied on freeBsd.
https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0

Could you please confirm the this is the appropriate patch share the POC of
the same.


Thanks and regards,
Brahma