From owner-freebsd-security-notifications@FreeBSD.ORG Thu Sep 28 13:13:55 2006 Return-Path: X-Original-To: freebsd-security-notifications@freebsd.org Delivered-To: freebsd-security-notifications@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F19A16A412; Thu, 28 Sep 2006 13:13:55 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5686D43D4C; Thu, 28 Sep 2006 13:13:54 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k8SDDsal040098; Thu, 28 Sep 2006 13:13:54 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k8SDDsgr040096; Thu, 28 Sep 2006 13:13:54 GMT (envelope-from security-advisories@freebsd.org) Date: Thu, 28 Sep 2006 13:13:54 GMT Message-Id: <200609281313.k8SDDsgr040096@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: FreeBSD Security Advisory FreeBSD-SA-06:23.openssl X-BeenThere: freebsd-security-notifications@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: security-advisories@freebsd.org List-Id: "Moderated Security Notifications \[moderated, low volume\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2006 13:13:55 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:23.openssl Security Advisory The FreeBSD Project Topic: Multiple problems in crypto(3) Category: contrib Module: openssl Announced: 2006-09-28 Credits: Dr S N Henson, Tavis Ormandy, Will Drewry Affects: All FreeBSD releases. Corrected: 2006-09-28 13:02:37 UTC (RELENG_6, 6.1-PRERELEASE) 2006-09-28 13:03:14 UTC (RELENG_6_1, 6.1-RELEASE-p8) 2006-09-28 13:03:41 UTC (RELENG_6_0, 6.0-RELEASE-p13) 2006-09-28 13:03:57 UTC (RELENG_5, 5.5-STABLE) 2006-09-28 13:04:16 UTC (RELENG_5_5, 5.5-RELEASE-p6) 2006-09-28 13:04:47 UTC (RELENG_5_4, 5.4-RELEASE-p20) 2006-09-28 13:05:08 UTC (RELENG_5_3, 5.3-RELEASE-p35) 2006-09-28 13:05:59 UTC (RELENG_4, 4.11-STABLE) 2006-09-28 13:06:23 UTC (RELENG_4_11, 4.11-RELEASE-p23) CVE Name: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4343 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. Problem Description Several problems have been found in OpenSSL: 1. During the parsing of certain invalid ASN1 structures an error condition is mishandled, possibly resulting in an infinite loop. [CVE-2006-2937] 2. A buffer overflow exists in the SSL_get_shared_ciphers function. [CVE-2006-3738] 3. A NULL pointer may be dereferenced in the SSL version 2 client code. [CVE-2006-4343] In addition, many applications using OpenSSL do not perform any validation of the lengths of public keys being used. [CVE-2006-2940] III. Impact Servers which parse ASN1 data from untrusted sources may be vulnerable to a denial of service attack. [CVE-2006-2937] An attacker accessing a server which uses SSL version 2 may be able to execute arbitrary code with the privileges of that server. [CVE-2006-3738] A malicious SSL server can cause clients connecting using SSL version 2 to crash. [CVE-2006-4343] Applications which perform public key operations using untrusted keys may be vulnerable to a denial of service attack. [CVE-2006-2940] IV. Workaround No workaround is available, but not all of the vulnerabilities mentioned affect all applications. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3, or RELENG_4_11 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.11, 5.3, 5.4, 5.5, 6.0, and 6.1 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-06:23/openssl.patch # fetch http://security.FreeBSD.org/patches/SA-06:23/openssl.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system as described in and reboot the system. NOTE: Any third-party applications, including those installed from the FreeBSD ports collection, which are statically linked to libcrypto(3) should be recompiled in order to use the corrected code. NOTE ALSO: The above patch reduces the functionality of libcrypto(3) by prohibiting the use of exceptionally large public keys. It is believed that no existing applications legitimately use such key lengths as would be affected by this change. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.1.2.4 src/crypto/openssl/crypto/dh/dh.h 1.1.1.1.2.8 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.1.2.7 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.1.2.11 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.1.2.8 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.1.2.7 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.1.2.11 src/crypto/openssl/crypto/rsa/rsa.h 1.2.2.14 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.16 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.1.2.7 src/crypto/openssl/ssl/s2_clnt.c 1.2.2.14 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.20 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.1.2.14 RELENG_4_11 src/UPDATING 1.73.2.91.2.24 src/sys/conf/newvers.sh 1.44.2.39.2.27 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.1.2.2.6.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.1.2.4.8.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.1.2.3.8.1 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.1.2.7.6.1 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.1.2.4.8.1 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.1.2.3.8.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.1.2.7.6.1 src/crypto/openssl/crypto/rsa/rsa.h 1.2.2.8.4.1 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.8.4.1 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.1.2.3.8.1 src/crypto/openssl/ssl/s2_clnt.c 1.2.2.8.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.9.4.1 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.1.2.8.4.1 RELENG_5 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.4.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.6.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.4.6.2 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.8.4.2 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.6.6.2 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.6.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.7.4.2 src/crypto/openssl/crypto/rsa/rsa.h 1.10.4.2 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.12.4.2 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.6.1 src/crypto/openssl/ssl/s2_clnt.c 1.12.2.2 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.13.2.2 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.2 RELENG_5_5 src/UPDATING 1.342.2.35.2.6 src/sys/conf/newvers.sh 1.62.2.21.2.8 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.16.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.18.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.4.6.1.4.1 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.8.4.1.4.1 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.6.6.1.4.1 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.18.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.7.4.1.4.1 src/crypto/openssl/crypto/rsa/rsa.h 1.10.4.1.4.1 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.12.4.1.4.1 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.18.1 src/crypto/openssl/ssl/s2_clnt.c 1.12.2.1.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.13.2.1.4.1 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.1.4.1 RELENG_5_4 src/UPDATING 1.342.2.24.2.29 src/sys/conf/newvers.sh 1.62.2.18.2.25 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.8.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.10.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.4.6.1.2.1 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.8.4.1.2.1 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.6.6.1.2.1 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.10.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.7.4.1.2.1 src/crypto/openssl/crypto/rsa/rsa.h 1.10.4.1.2.1 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.12.4.1.2.1 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.10.1 src/crypto/openssl/ssl/s2_clnt.c 1.12.2.1.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.13.2.1.2.1 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.1.2.1 RELENG_5_3 src/UPDATING 1.342.2.13.2.38 src/sys/conf/newvers.sh 1.62.2.15.2.40 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.6.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.8.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.4.8.1 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.8.6.1 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.6.8.1 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.8.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.7.6.1 src/crypto/openssl/crypto/rsa/rsa.h 1.10.6.1 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.12.6.1 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.8.1 src/crypto/openssl/ssl/s2_clnt.c 1.12.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.13.4.1 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.4.1 RELENG_6 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.10.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.12.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.5.2.1 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.9.2.1 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.7.2.1 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.12.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.8.2.1 src/crypto/openssl/crypto/rsa/rsa.h 1.11.2.1 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.13.2.1 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.12.1 src/crypto/openssl/ssl/s2_clnt.c 1.13.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.2.1 RELENG_6_1 src/UPDATING 1.416.2.22.2.10 src/sys/conf/newvers.sh 1.69.2.11.2.10 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.14.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.16.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.5.6.1 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.9.6.1 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.7.6.1 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.16.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.8.6.1 src/crypto/openssl/crypto/rsa/rsa.h 1.11.6.1 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.13.6.1 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.16.1 src/crypto/openssl/ssl/s2_clnt.c 1.13.6.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.6.1 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.6.1 RELENG_6_0 src/UPDATING 1.416.2.3.2.18 src/sys/conf/newvers.sh 1.69.2.8.2.14 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.12.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.14.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.5.4.1 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.9.4.1 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.7.4.1 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.14.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.8.4.1 src/crypto/openssl/crypto/rsa/rsa.h 1.11.4.1 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.13.4.1 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.14.1 src/crypto/openssl/ssl/s2_clnt.c 1.13.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.4.1 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.4.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-06:23.openssl.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFFG8l8FdaIBMps37IRAn0pAKCRuDXjFm2w7YtoZ9C6oVgM9UK0GgCdHdYu 7owfMI1ZVr22prZNmPTeM7k= =DguL -----END PGP SIGNATURE----- From owner-freebsd-security-notifications@FreeBSD.ORG Fri Sep 29 14:00:08 2006 Return-Path: X-Original-To: freebsd-security-notifications@freebsd.org Delivered-To: freebsd-security-notifications@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A0DF416A407; Fri, 29 Sep 2006 14:00:08 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9127243D6E; Fri, 29 Sep 2006 13:59:59 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k8TDxxuI088904; Fri, 29 Sep 2006 13:59:59 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k8TDxxgM088902; Fri, 29 Sep 2006 13:59:59 GMT (envelope-from security-advisories@freebsd.org) Date: Fri, 29 Sep 2006 13:59:59 GMT Message-Id: <200609291359.k8TDxxgM088902@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: FreeBSD Security Advisory FreeBSD-SA-06:23.openssl [REVISED] X-BeenThere: freebsd-security-notifications@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: security-advisories@freebsd.org List-Id: "Moderated Security Notifications \[moderated, low volume\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Sep 2006 14:00:08 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:23.openssl Security Advisory The FreeBSD Project Topic: Multiple problems in crypto(3) Category: contrib Module: openssl Announced: 2006-09-28 Credits: Dr S N Henson, Tavis Ormandy, Will Drewry Stephen Kiernan (Juniper SIRT) Affects: All FreeBSD releases. Corrected: 2006-09-29 13:44:03 UTC (RELENG_6, 6.2-PRERELEASE) 2006-09-29 13:44:31 UTC (RELENG_6_1, 6.1-RELEASE-p9) 2006-09-29 13:44:45 UTC (RELENG_6_0, 6.0-RELEASE-p14) 2006-09-29 13:45:01 UTC (RELENG_5, 5.5-STABLE) 2006-09-29 13:45:43 UTC (RELENG_5_5, 5.5-RELEASE-p7) 2006-09-29 13:45:59 UTC (RELENG_5_4, 5.4-RELEASE-p21) 2006-09-29 13:46:10 UTC (RELENG_5_3, 5.3-RELEASE-p36) 2006-09-29 13:46:23 UTC (RELENG_4, 4.11-STABLE) 2006-09-29 13:46:41 UTC (RELENG_4_11, 4.11-RELEASE-p24) CVE Name: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4343 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . 0. Revision History v1.0 2006-09-28 Initial release. v1.1 2006-09-29 Corrected patch. I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. Problem Description Several problems have been found in OpenSSL: 1. During the parsing of certain invalid ASN1 structures an error condition is mishandled, possibly resulting in an infinite loop. [CVE-2006-2937] 2. A buffer overflow exists in the SSL_get_shared_ciphers function. [CVE-2006-3738] 3. A NULL pointer may be dereferenced in the SSL version 2 client code. [CVE-2006-4343] In addition, many applications using OpenSSL do not perform any validation of the lengths of public keys being used. [CVE-2006-2940] III. Impact Servers which parse ASN1 data from untrusted sources may be vulnerable to a denial of service attack. [CVE-2006-2937] An attacker accessing a server which uses SSL version 2 may be able to execute arbitrary code with the privileges of that server. [CVE-2006-3738] A malicious SSL server can cause clients connecting using SSL version 2 to crash. [CVE-2006-4343] Applications which perform public key operations using untrusted keys may be vulnerable to a denial of service attack. [CVE-2006-2940] IV. Workaround No workaround is available, but not all of the vulnerabilities mentioned affect all applications. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3, or RELENG_4_11 security branch dated after the correction date. 2) To patch your present system: The following patch has been verified to apply to FreeBSD 4.11, 5.3, 5.4, 5.5, 6.0, and 6.1 systems. a) Download the patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-06:23/openssl.patch # fetch http://security.FreeBSD.org/patches/SA-06:23/openssl.patch.asc NOTE: The patch distributed at the time of the original advisory was incorrect. Systems to which the original patch was applied should be patched with the following corrective patch, which contains only the changes between the original and updated patch: # fetch http://security.FreeBSD.org/patches/SA-06:23/openssl-correction.patch # fetch http://security.FreeBSD.org/patches/SA-06:23/openssl-correction.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system as described in and reboot the system. NOTE: Any third-party applications, including those installed from the FreeBSD ports collection, which are statically linked to libcrypto(3) should be recompiled in order to use the corrected code. NOTE ALSO: The above patch reduces the functionality of libcrypto(3) by prohibiting the use of exceptionally large public keys. It is believed that no existing applications legitimately use such key lengths as would be affected by this change. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.1.2.3 src/crypto/openssl/crypto/dh/dh.h 1.1.1.1.2.5 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.1.2.4 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.1.2.9 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.1.2.5 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.1.2.4 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.1.2.8 src/crypto/openssl/crypto/rsa/rsa.h 1.2.2.9 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.9 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.1.2.4 src/crypto/openssl/ssl/s2_clnt.c 1.2.2.9 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.10 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.1.2.9 RELENG_4_11 src/UPDATING 1.73.2.91.2.25 src/sys/conf/newvers.sh 1.44.2.39.2.28 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.1.2.2.6.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.1.2.4.8.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.1.2.3.8.1 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.1.2.7.6.2 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.1.2.4.8.1 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.1.2.3.8.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.1.2.7.6.1 src/crypto/openssl/crypto/rsa/rsa.h 1.2.2.8.4.1 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.8.4.1 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.1.2.3.8.1 src/crypto/openssl/ssl/s2_clnt.c 1.2.2.8.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.9.4.1 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.1.2.8.4.1 RELENG_5 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.4.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.6.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.4.6.2 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.8.4.3 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.6.6.2 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.6.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.7.4.2 src/crypto/openssl/crypto/rsa/rsa.h 1.10.4.2 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.12.4.2 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.6.1 src/crypto/openssl/ssl/s2_clnt.c 1.12.2.2 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.13.2.2 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.2 RELENG_5_5 src/UPDATING 1.342.2.35.2.7 src/sys/conf/newvers.sh 1.62.2.21.2.9 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.16.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.18.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.4.6.1.4.1 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.8.4.1.4.2 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.6.6.1.4.1 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.18.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.7.4.1.4.1 src/crypto/openssl/crypto/rsa/rsa.h 1.10.4.1.4.1 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.12.4.1.4.1 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.18.1 src/crypto/openssl/ssl/s2_clnt.c 1.12.2.1.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.13.2.1.4.1 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.1.4.1 RELENG_5_4 src/UPDATING 1.342.2.24.2.30 src/sys/conf/newvers.sh 1.62.2.18.2.26 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.8.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.10.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.4.6.1.2.1 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.8.4.1.2.2 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.6.6.1.2.1 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.10.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.7.4.1.2.1 src/crypto/openssl/crypto/rsa/rsa.h 1.10.4.1.2.1 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.12.4.1.2.1 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.10.1 src/crypto/openssl/ssl/s2_clnt.c 1.12.2.1.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.13.2.1.2.1 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.1.2.1 RELENG_5_3 src/UPDATING 1.342.2.13.2.39 src/sys/conf/newvers.sh 1.62.2.15.2.41 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.6.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.8.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.4.8.1 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.8.6.2 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.6.8.1 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.8.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.7.6.1 src/crypto/openssl/crypto/rsa/rsa.h 1.10.6.1 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.12.6.1 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.8.1 src/crypto/openssl/ssl/s2_clnt.c 1.12.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.13.4.1 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.4.1 RELENG_6 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.10.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.12.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.5.2.1 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.9.2.2 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.7.2.1 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.12.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.8.2.1 src/crypto/openssl/crypto/rsa/rsa.h 1.11.2.1 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.13.2.1 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.12.1 src/crypto/openssl/ssl/s2_clnt.c 1.13.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.2.1 RELENG_6_1 src/UPDATING 1.416.2.22.2.11 src/sys/conf/newvers.sh 1.69.2.11.2.11 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.14.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.16.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.5.6.1 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.9.6.2 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.7.6.1 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.16.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.8.6.1 src/crypto/openssl/crypto/rsa/rsa.h 1.11.6.1 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.13.6.1 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.16.1 src/crypto/openssl/ssl/s2_clnt.c 1.13.6.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.6.1 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.6.1 RELENG_6_0 src/UPDATING 1.416.2.3.2.19 src/sys/conf/newvers.sh 1.69.2.8.2.15 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.12.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.14.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.5.4.1 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.9.4.2 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.7.4.1 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.14.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.8.4.1 src/crypto/openssl/crypto/rsa/rsa.h 1.11.4.1 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.13.4.1 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.14.1 src/crypto/openssl/ssl/s2_clnt.c 1.13.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.4.1 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.4.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-06:23.openssl.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFFHSVwFdaIBMps37IRApTZAJ9YY6pldJ52FwtYHbMxsW5363NUgwCgl4tb 3jFuSkTKR6xVJ6ui4POBjkI= =Bn+e -----END PGP SIGNATURE----- From owner-freebsd-security-notifications@FreeBSD.ORG Sat Sep 30 20:24:48 2006 Return-Path: X-Original-To: freebsd-security-notifications@freebsd.org Delivered-To: freebsd-security-notifications@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 51F2016A407; Sat, 30 Sep 2006 20:24:48 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0512343D58; Sat, 30 Sep 2006 20:24:46 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (simon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k8UKOjvw073335; Sat, 30 Sep 2006 20:24:45 GMT (envelope-from security-advisories@freebsd.org) Received: (from simon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k8UKOjqn073333; Sat, 30 Sep 2006 20:24:45 GMT (envelope-from security-advisories@freebsd.org) Date: Sat, 30 Sep 2006 20:24:45 GMT Message-Id: <200609302024.k8UKOjqn073333@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: simon set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh X-BeenThere: freebsd-security-notifications@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: freebsd-security@freebsd.org List-Id: "Moderated Security Notifications \[moderated, low volume\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Sep 2006 20:24:48 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:22.openssh Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in OpenSSH Category: contrib Module: openssh Announced: 2006-09-30 Credits: Tavis Ormandy, Mark Dowd Affects: All FreeBSD releases. Corrected: 2006-09-30 19:50:57 UTC (RELENG_6, 6.2-PRERELEASE) 2006-09-30 19:51:56 UTC (RELENG_6_1, 6.1-RELEASE-p10) 2006-09-30 19:53:21 UTC (RELENG_6_0, 6.0-RELEASE-p15) 2006-09-30 19:54:03 UTC (RELENG_5, 5.5-STABLE) 2006-09-30 19:54:58 UTC (RELENG_5_5, 5.5-RELEASE-p8) 2006-09-30 19:55:52 UTC (RELENG_5_4, 5.4-RELEASE-p22) 2006-09-30 19:56:38 UTC (RELENG_5_3, 5.3-RELEASE-p37) 2006-09-30 19:57:15 UTC (RELENG_4, 4.11-STABLE) 2006-09-30 19:58:07 UTC (RELENG_4_11, 4.11-RELEASE-p25) CVE Name: CVE-2006-4924, CVE-2006-5051 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background OpenSSH is an implementation of the SSH protocol suite, providing an encrypted, authenticated transport for a variety of services, including remote shell access. II. Problem Description The CRC compensation attack detector in the sshd(8) daemon, upon receipt of duplicate blocks, uses CPU time cubic in the number of duplicate blocks received. [CVE-2006-4924] A race condition exists in a signal handler used by the sshd(8) daemon to handle the LoginGraceTime option, which can potentially cause some cleanup routines to be executed multiple times. [CVE-2006-5051] III. Impact An attacker sending specially crafted packets to sshd(8) can cause a Denial of Service by using 100% of CPU time until a connection timeout occurs. Since this attack can be performed over multiple connections simultaneously, it is possible to cause up to MaxStartups (10 by default) sshd processes to use all the CPU time they can obtain. [CVE-2006-4924] The OpenSSH project believe that the race condition can lead to a Denial of Service or potentially remote code execution, but the FreeBSD Security Team has been unable to verify the exact impact. [CVE-2006-5051] IV. Workaround The attack against the CRC compensation attack detector can be avoided by disabling SSH Protocol version 1 support in sshd_config(5). There is no workaround for the second issue. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3, or RELENG_4_11 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.11, 5.3, 5.4, 5.5, 6.0, and 6.1 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 4.11] # fetch http://security.FreeBSD.org/patches/SA-06:22/openssh4x.patch # fetch http://security.FreeBSD.org/patches/SA-06:22/openssh4x.patch.asc [FreeBSD 5.x] # fetch http://security.FreeBSD.org/patches/SA-06:22/openssh5x.patch # fetch http://security.FreeBSD.org/patches/SA-06:22/openssh5x.patch.asc [FreeBSD 6.x] # fetch http://security.FreeBSD.org/patches/SA-06:22/openssh6x.patch # fetch http://security.FreeBSD.org/patches/SA-06:22/openssh6x.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/secure/lib/libssh # make obj && make depend && make && make install # cd /usr/src/secure/usr.sbin/sshd # make obj && make depend && make && make install c) Restart the SSH daemon. On FreeBSD 5.x and 6.x, this can be done via # /etc/rc.d/sshd restart VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/crypto/openssh/deattack.c 1.1.1.1.2.6 src/crypto/openssh/deattack.h 1.1.1.1.2.3 src/crypto/openssh/defines.h 1.1.1.2.2.3 src/crypto/openssh/log.c 1.1.1.1.2.6 src/crypto/openssh/log.h 1.1.1.1.2.4 src/crypto/openssh/packet.c 1.1.1.1.2.7 src/crypto/openssh/ssh_config 1.2.2.10 src/crypto/openssh/ssh_config.5 1.4.2.6 src/crypto/openssh/sshd.c 1.6.2.12 src/crypto/openssh/sshd_config 1.4.2.14 src/crypto/openssh/sshd_config.5 1.5.2.8 src/crypto/openssh/version.h 1.1.1.1.2.14 RELENG_4_11 src/UPDATING 1.73.2.91.2.26 src/sys/conf/newvers.sh 1.44.2.39.2.29 src/crypto/openssh/deattack.c 1.1.1.1.2.5.6.1 src/crypto/openssh/deattack.h 1.1.1.1.2.2.10.1 src/crypto/openssh/defines.h 1.1.1.2.2.2.8.1 src/crypto/openssh/log.c 1.1.1.1.2.5.8.1 src/crypto/openssh/log.h 1.1.1.1.2.3.8.1 src/crypto/openssh/packet.c 1.1.1.1.2.6.8.1 src/crypto/openssh/ssh_config 1.2.2.9.6.1 src/crypto/openssh/ssh_config.5 1.4.2.5.6.1 src/crypto/openssh/sshd.c 1.6.2.11.8.1 src/crypto/openssh/sshd_config 1.4.2.13.6.1 src/crypto/openssh/sshd_config.5 1.5.2.7.4.1 src/crypto/openssh/version.h 1.1.1.1.2.13.6.1 RELENG_5 src/crypto/openssh/auth.h 1.13.2.1 src/crypto/openssh/deattack.c 1.1.1.7.2.1 src/crypto/openssh/deattack.h 1.1.1.3.8.1 src/crypto/openssh/defines.h 1.1.1.7.2.1 src/crypto/openssh/log.c 1.1.1.10.2.1 src/crypto/openssh/log.h 1.5.2.1 src/crypto/openssh/packet.c 1.1.1.14.2.1 src/crypto/openssh/session.c 1.44.2.1 src/crypto/openssh/ssh_config 1.25.2.2 src/crypto/openssh/ssh_config.5 1.15.2.2 src/crypto/openssh/sshd.c 1.37.2.1 src/crypto/openssh/sshd_config 1.40.2.2 src/crypto/openssh/sshd_config.5 1.21.2.2 src/crypto/openssh/version.h 1.27.2.2 RELENG_5_5 src/UPDATING 1.342.2.35.2.8 src/sys/conf/newvers.sh 1.62.2.21.2.10 src/crypto/openssh/auth.h 1.13.8.1 src/crypto/openssh/deattack.c 1.1.1.7.14.1 src/crypto/openssh/deattack.h 1.1.1.3.20.1 src/crypto/openssh/defines.h 1.1.1.7.8.1 src/crypto/openssh/log.c 1.1.1.10.8.1 src/crypto/openssh/log.h 1.5.8.1 src/crypto/openssh/packet.c 1.1.1.14.8.1 src/crypto/openssh/session.c 1.44.8.1 src/crypto/openssh/ssh_config 1.25.2.1.2.1 src/crypto/openssh/ssh_config.5 1.15.2.1.2.1 src/crypto/openssh/sshd.c 1.37.8.1 src/crypto/openssh/sshd_config 1.40.2.1.2.1 src/crypto/openssh/sshd_config.5 1.21.2.1.2.1 src/crypto/openssh/version.h 1.27.2.1.2.1 RELENG_5_4 src/UPDATING 1.342.2.24.2.31 src/sys/conf/newvers.sh 1.62.2.18.2.27 src/crypto/openssh/auth.h 1.13.6.1 src/crypto/openssh/deattack.c 1.1.1.7.6.1 src/crypto/openssh/deattack.h 1.1.1.3.12.1 src/crypto/openssh/defines.h 1.1.1.7.6.1 src/crypto/openssh/log.c 1.1.1.10.6.1 src/crypto/openssh/log.h 1.5.6.1 src/crypto/openssh/packet.c 1.1.1.14.6.1 src/crypto/openssh/session.c 1.44.6.1 src/crypto/openssh/ssh_config 1.25.6.2 src/crypto/openssh/ssh_config.5 1.15.6.2 src/crypto/openssh/sshd.c 1.37.6.1 src/crypto/openssh/sshd_config 1.40.6.2 src/crypto/openssh/sshd_config.5 1.21.6.2 src/crypto/openssh/version.h 1.27.6.2 RELENG_5_3 src/UPDATING 1.342.2.13.2.40 src/sys/conf/newvers.sh 1.62.2.15.2.42 src/crypto/openssh/auth.h 1.13.4.1 src/crypto/openssh/deattack.c 1.1.1.7.4.1 src/crypto/openssh/deattack.h 1.1.1.3.10.1 src/crypto/openssh/defines.h 1.1.1.7.4.1 src/crypto/openssh/log.c 1.1.1.10.4.1 src/crypto/openssh/log.h 1.5.4.1 src/crypto/openssh/packet.c 1.1.1.14.4.1 src/crypto/openssh/session.c 1.44.4.1 src/crypto/openssh/ssh_config 1.25.4.2 src/crypto/openssh/ssh_config.5 1.15.4.2 src/crypto/openssh/sshd.c 1.37.4.1 src/crypto/openssh/sshd_config 1.40.4.2 src/crypto/openssh/sshd_config.5 1.21.4.2 src/crypto/openssh/version.h 1.27.4.2 RELENG_6 src/crypto/openssh/auth.h 1.15.2.2 src/crypto/openssh/deattack.c 1.1.1.7.8.1 src/crypto/openssh/deattack.h 1.1.1.3.14.1 src/crypto/openssh/defines.h 1.1.1.9.2.2 src/crypto/openssh/log.c 1.1.1.13.2.1 src/crypto/openssh/log.h 1.6.2.1 src/crypto/openssh/packet.c 1.1.1.16.2.2 src/crypto/openssh/session.c 1.46.2.2 src/crypto/openssh/ssh_config 1.27.2.2 src/crypto/openssh/ssh_config.5 1.17.2.2 src/crypto/openssh/sshd.c 1.39.2.2 src/crypto/openssh/sshd_config 1.42.2.2 src/crypto/openssh/sshd_config.5 1.23.2.2 src/crypto/openssh/version.h 1.30.2.2 RELENG_6_1 src/UPDATING 1.416.2.22.2.12 src/sys/conf/newvers.sh 1.69.2.11.2.12 src/crypto/openssh/auth.h 1.15.2.1.4.1 src/crypto/openssh/deattack.c 1.1.1.7.12.1 src/crypto/openssh/deattack.h 1.1.1.3.18.1 src/crypto/openssh/defines.h 1.1.1.9.2.1.4.1 src/crypto/openssh/log.c 1.1.1.13.6.1 src/crypto/openssh/log.h 1.6.6.1 src/crypto/openssh/packet.c 1.1.1.16.2.1.4.1 src/crypto/openssh/session.c 1.46.2.1.4.1 src/crypto/openssh/ssh_config 1.27.2.1.4.1 src/crypto/openssh/ssh_config.5 1.17.2.1.4.1 src/crypto/openssh/sshd.c 1.39.2.1.4.1 src/crypto/openssh/sshd_config 1.42.2.1.4.1 src/crypto/openssh/sshd_config.5 1.23.2.1.4.1 src/crypto/openssh/version.h 1.30.2.1.4.1 RELENG_6_0 src/UPDATING 1.416.2.3.2.20 src/sys/conf/newvers.sh 1.69.2.8.2.16 src/crypto/openssh/auth.h 1.15.2.1.2.1 src/crypto/openssh/deattack.c 1.1.1.7.10.1 src/crypto/openssh/deattack.h 1.1.1.3.16.1 src/crypto/openssh/defines.h 1.1.1.9.2.1.2.1 src/crypto/openssh/log.c 1.1.1.13.4.1 src/crypto/openssh/log.h 1.6.4.1 src/crypto/openssh/packet.c 1.1.1.16.2.1.2.1 src/crypto/openssh/session.c 1.46.2.1.2.1 src/crypto/openssh/ssh_config 1.27.2.1.2.1 src/crypto/openssh/ssh_config.5 1.17.2.1.2.1 src/crypto/openssh/sshd.c 1.39.2.1.2.1 src/crypto/openssh/sshd_config 1.42.2.1.2.1 src/crypto/openssh/sshd_config.5 1.23.2.1.2.1 src/crypto/openssh/version.h 1.30.2.1.2.1 - ------------------------------------------------------------------------- VII. References http://www.openssh.com/txt/release-4.4 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-06:22.openssh.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFHtD+FdaIBMps37IRAhw8AJ0dNrOCiYVEmqQqePByx/KUrdi+AACeNcB0 T5VfZGGXDv31Py3yxejjhlw= =f1ch -----END PGP SIGNATURE-----