From nobody Tue Dec 19 21:33:59 2023 X-Original-To: freebsd-security-notifications@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Svqh80qpkz5509b for ; Tue, 19 Dec 2023 21:34:00 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Svqh76SkMz3Lvx; Tue, 19 Dec 2023 21:33:59 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1703021639; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=lDSqMFce4RNbcVljKn9SBDhrdpnIZFgfQ8hB/J13wZ4=; b=mFNZ4F0XVVT3C10jC7xq22Xh59JHzS3Ow3XjyB1U6TF+MZLePuiLMmLLi62KlzTGcSUiKP G1K8tkpXsQ0fJBfBclFxG+5PFfSDZunyCtYueqM5nvYjZaHpkfbl/XiHOXZnfIxpImap+7 VBseFaGZWu/cx/mmqTqMwCt2Pj6nkY9FTSQU+TABMlpeN1AeOu7NhNq0ivA4zVnlDgbK7R 4oSFcNKYa4BJ5iQOamXYpmt2TuADtEj+8Fb+kIxXqslCsHt5eXSh3pRiLA/CYbzJxf2nKc aEL60ucQvTKq4iG15f3wYPc/h9J0ESpV6ITZ0KH2nh21eTnZmldgRcd2w5ATiQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1703021639; a=rsa-sha256; cv=none; b=gXtwyGzRYV6wfXMrqLiXuhvKLg6SpvA2Qjn9zqsvt5rETQ2hmREys7qT8nwGeGLzdJw/ig H/ekSRMCRtzyK9Z9RXCuiSJCj3xCIEQSOjwTWS1ErVMsiq2zVPGuZwQunjsr4/DeV7jHrg 8NtvF/Jesj0n8vbrGsPJ9BI4dhZbDS7zug2QFslwDj7yKOJJAWSFIcZUsx5VAkgIkTeZIu 7098kyHOEZnWvj3NFJ55II2VNHnuMtuvToJ/B2RBkEUM73R9DAb7U4Fb9L0mVP75ECcybC 1IevD0/wj3M8i12IujJEjK5Hw7hLrOnj0aVBT1SftU+Vfvz3HRG62CE3y2lxOA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1703021639; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=lDSqMFce4RNbcVljKn9SBDhrdpnIZFgfQ8hB/J13wZ4=; b=cnWJtdeIEaR52hCBJ4zr4C+YqFPcxyEKAnVwafzPD7nN0fMDWSP5jRTP7x38bY9Y9rLErA U2icCk2Juq1Ff4IkLYeelIFkWiJF0swe7rP0T1+bgV0Tm053ie2zB1mSHPM9uuCoD6Reyx bEXvUYK6S+xjy4m4GChx68kY54tTHe6rMEqz7iQd6kRmVrBUyBoT7fBLaebeTibKGclZnP 3CYkheUbVkRbOXMCuBGAw+H0PqS3pzVE4RAMXVG7+YEpShG5rurxUpcM5nJ56yqzAXDZj4 hZdUuz/4RBiOn/2ZdPkS8h+R9EimX/VmppYVCxu2LXaec2hYRZoQAX1ZgOPaaQ== Received: by freefall.freebsd.org (Postfix, from userid 945) id 7DF53BF79; Tue, 19 Dec 2023 21:33:59 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-23:19.openssh Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20231219213359.7DF53BF79@freefall.freebsd.org> Date: Tue, 19 Dec 2023 21:33:59 +0000 (UTC) List-Id: Moderated Security Notifications [moderated, low volume] List-Archive: https://lists.freebsd.org/archives/freebsd-security-notifications List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security-notifications@freebsd.org X-BeenThere: freebsd-security-notifications@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:19.openssh Security Advisory The FreeBSD Project Topic: Prefix Truncation Attack in the SSH protocol Category: contrib Module: openssh Announced: 2023-12-19 Credits: Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk Affects: All supported versions of FreeBSD. Corrected: 2023-12-18 16:54:31 UTC (stable/14, 14.0-STABLE) 2023-12-19 20:19:48 UTC (releng/14.0, 14.0-RELEASE-p4) 2023-12-18 17:10:15 UTC (stable/13, 13.2-STABLE) 2023-12-19 20:19:57 UTC (releng/13.2, 13.2-RELEASE-p9) CVE Name: CVE-2023-48795 Note: While this issue does affect 12.4-STABLE and 12.4-RELEASE, the version of OpenSSH in 12.4 is old enough the vendor provided patch does not cleanly apply. As 12.4 goes out of support at the end of December and in order to quickly get fixes out for 14.0 and 13.2, the FreeBSD Security Team is issuing this advisory now while feasibility of a 12.4 backport is investigated. Users with 12.4 are encouraged to either implement the documented workaround or leverage an up to date version of OpenSSH from the ports/pkg collection. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background OpenSSH is an implementation of the SSH protocol suite, providing an encrypted and authenticated transport for a variety of services, including remote shell access. II. Problem Description The SSH protocol executes an initial handshake between the server and the client. This protocol handshake includes the possibility of several extensions allowing different options to be selected. Validation of the packets in the handshake is done through sequence numbers. III. Impact A man in the middle attacker can silently manipulate handshake messages to truncate extension negotiation messages potentially leading to less secure client authentication algorithms or deactivating keystroke timing attack countermeasures. IV. Workaround Add the following lines to /etc/ssh_config and /etc/sshd_config: Ciphers -chacha20-poly1305@openssh.com MACs -*etm@openssh.com V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platfrom on FreeBSD 13 and earlier, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-23:19/openssh.patch # fetch https://security.FreeBSD.org/patches/SA-23:19/openssh.patch.asc # gpg --verify openssh.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart the applicable daemons, or reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/14/ 673d1ead65c9 stable/14-n266020 releng/14.0/ b9856d61e99d releng/14.0-n265399 stable/13/ 3bafcb9744c9 stable/13-n256910 releng/13.2/ 69bd68ba30c0 releng/13.2-n254651 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmWB/ZIACgkQbljekB8A Gu8exRAA5OqnHpTSa3cPpnfBJNyJsWqD1bry8M8fxt6OpD3b8l/pVnH6HMaUSdQ/ K4SebhwVJgq4sIfTILWey5X3EKOsp2CpRZb6K+h7iKtrGdDVbXWQj7Dbi5/cCTy6 hdCSWqFwGJq/FpX15osAa2eEhv9DizE6jmYJ6YwnAfqLvvDSCVbtjeWs6wBJHeH3 q5jlvdiAT64fhWBpC51MeLShLDG95hJEHAfloVaN0asAs0jYj73XFzcoPv+1Cf8J qURC5d6KlGYTyaF2ltiQTtssB8I+vhb+GQOyk01t4oyUPnU3myTiooW873xE0321 as1UeXmzTjuaD/V/5QFawIWbnKOKoVP745llvDyJsF0dLf2Se45vndRH3fP7CdVK SPy3/u1ohkwNlm11RmeKSm2LbCa4RUwGZ3CqnEQ+dgYa6HBTATP68rWsaL4kIR/b N30AGeW8xMbhTSFsHYNn3rQ+2RnHCzlSN7eKGfdd9yBVwsRls0ckVVgldmyR26lQ 7eYCbFMAdSCL45qKgYNww8PWSB1ge7AxnlC1MHPAct+kr6TrBwG4b6SAlI7GiDRP zzqOG2o6k2pEetvn3suLmoMYmmBVZYwzITHUFvyEF1UwF00QCa68xoUW0s2haWnJ riv7Wewt8m/vUXQ2ad2noElL31hdoRusaKCKVIVOKsCCvwAB/WI= =RQjY -----END PGP SIGNATURE-----