From owner-freebsd-security@freebsd.org Thu Aug 10 07:28:26 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D8C39DC7E40 for ; Thu, 10 Aug 2017 07:28:26 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BB44573BDD; Thu, 10 Aug 2017 07:28:26 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1035) id 7A2021B5C4; Thu, 10 Aug 2017 07:28:25 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-17:06.openssh Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20170810072825.7A2021B5C4@freefall.freebsd.org> Date: Thu, 10 Aug 2017 07:28:25 +0000 (UTC) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Aug 2017 07:28:27 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:06.openssh Security Advisory The FreeBSD Project Topic: OpenSSH Denial of Service vulnerability Category: contrib Module: OpenSSH Announced: 2017-08-10 Affects: All supported versions of FreeBSD. Corrected: 2017-08-10 06:36:37 UTC (stable/11, 11.1-STABLE) 2017-08-10 06:59:07 UTC (releng/11.1, 11.1-RELEASE-p1) 2017-08-10 06:59:26 UTC (releng/11.0, 11.0-RELEASE-p12) 2017-08-10 06:36:37 UTC (stable/10, 10.3-STABLE) 2017-08-10 06:59:43 UTC (releng/10.3, 10.3-RELEASE-p21) CVE Name: CVE-2016-6515 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background OpenSSH is an implementation of the SSH protocol suite, providing an encrypted and authenticated transport for a variety of services, including remote shell access. OpenSSH supports a built-in password authentication method, which is enabled with PasswordAuthentication. This option is disabled by default on FreeBSD. II. Problem Description There is no limit on the password length. III. Impact A remote attacker may be able to cause an affected SSH server to use excessive amount of CPU by sending very long passwords, when PasswordAuthentication is enabled by the system administrator. IV. Workaround Disable PasswordAuthentication in /etc/ssh/sshd_config and restart sshd. This is the default FreeBSD configuration. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Restart SSH service. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Restart SSH service. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-17:06/openssh.patch # fetch https://security.FreeBSD.org/patches/SA-17:06/openssh.patch.asc # gpg --verify openssh.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart the SSH daemon, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r322341 releng/10.3/ r322344 stable/11/ r322341 releng/11.0/ r322343 releng/11.1/ r322342 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.21 (FreeBSD) iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlmMBgIACgkQ7Wfs1l3P aucJdxAA08okYfV547zvlAnX0t2lzVY7k0EDpXJChmmOjTwcvWODXMCyfTzP0EQb E7QjGushlfGU8tgCrbcFf46r2NgDRlqf5/+QK/fIohcQNwfKwJV0J5oeICzTwwOY rAjgeg03T785nSiF/WyX3NsdWv/uVvJqalAqfohj4O1YUEkZPezDUdcys+ESvqAW ujEQId1sD3wlHcwZweFmN60hzHuqR2o6+/3G8aT9ZZG3v46nM6moZiUyF5vh1hEl 16y86kyAIrTb0cCpsUL3M6ajQ15y/EQEzQBCqMedGdWlJzOFZyxgsCikcCw+07pr u0NCrzq37E+8hQGFQk5ZoZxQb/8xaReQACi+RZeJAevWX0vOni6dCSWPMy6WqXOf D8CzEcZiT+fYB4/zev/xPxlF5onEw4gbTkgbu1KLvBD9AgSKu7MdPoxkpyOwolMs nAC084kl+yYJuxHAr7W58VdGPFDOHsvG6YYWQ4nwKjJqKGi24eOGQkOPUtBuJRYA Q8ISdE0VXiMmND0vhLNDh0Gjbupz3nBNoawGAGy9OsNqRhQ6ioYIte67Ku+ev7nz ydS8P72ExWuYQHsyVIoJviAAFnSPA2H15/tCES5Di8SkeLik7tQrI3SHOH0qd328 dl0l2VGnnWYsAgGa68Xksn/DZd07cdpp5q1GitqvMPeDBb8/Iaw= =FxJQ -----END PGP SIGNATURE-----