Bug#314645: /usr/sbin/sshd: time delay of password check proves account existence to attackers
Package: ssh
Version: 1:3.8.1p1-8.sarge.4
Severity: critical
File: /usr/sbin/sshd
Tags: security
Justification: root security hole
Due to the delay that is caused by password checking, once ssh
determines that the login attempt is for a valid account, attackers can
statistically prove the existence of accounts on a ssh-accessible server
remotely. This cuts down greatly on the difficulty of a brute-force
password-guessing attack. Since user accounts often use worse patterns
than (hopefully) root does, it doesn't take much to pick user accounts
that are other than standard accounts and attempt to break in.
I'd strongly suggest either a randomized delay on responses for login
attempts on non-existent accounts, or a consistent delay between
existing and non-existent accounts, or some other method of hiding this
information.
This attack is already in the wild, as shown in logs:
Jun 16 08:30:14 localhost sshd[30986]: Illegal user jacob from
211.196.3.60
Jun 16 08:30:16 localhost sshd[30988]: Illegal user michael from
211.196.3.60
Jun 16 08:30:18 localhost sshd[30990]: Illegal user joshua from
211.196.3.60
Jun 16 08:30:20 localhost sshd[30992]: Illegal user matthew from
211.196.3.60
Jun 16 08:30:22 localhost sshd[30994]: Illegal user andrew from
211.196.3.60
Jun 16 08:30:22 localhost sshd[30996]: Illegal user jacob from
211.196.3.60
Jun 16 08:30:24 localhost sshd[30998]: Illegal user joseph from
211.196.3.60
Jun 16 08:30:24 localhost sshd[31000]: Illegal user michael from
211.196.3.60
Jun 16 08:30:26 localhost sshd[31002]: Illegal user ethan from
211.196.3.60
Jun 16 08:30:26 localhost sshd[31004]: Illegal user joshua from
211.196.3.60
Jun 16 08:30:28 localhost sshd[31006]: Illegal user daniel from
211.196.3.60
Jun 16 08:30:28 localhost sshd[31008]: Illegal user matthew from
211.196.3.60
Jun 16 08:30:30 localhost sshd[31010]: Illegal user christopher from
211.196.3.60
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (650, 'testing'), (600, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.4.27-20041103
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages ssh depends on:
ii adduser 3.63 Add and remove users and groups
ii debconf 1.4.51 Debian configuration management sy
ii dpkg 1.10.28 Package maintenance system for Deb
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libpam-modules 0.76-22 Pluggable Authentication Modules f
ii libpam-runtime 0.76-22 Runtime support for the PAM librar
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii libssl0.9.7 0.9.7g-1 SSL shared libraries
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra
ii zlib1g 1:1.2.2-4 compression library - runtime
-- debconf information:
ssh/insecure_rshd:
ssh/privsep_ask: true
ssh/user_environment_tell:
* ssh/forward_warning:
* ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
ssh/SUID_client: true
ssh/disable_cr_auth: false
* ssh/privsep_tell:
ssh/ssh2_keys_merged:
ssh/protocol2_only: true
ssh/encrypted_host_key_but_no_keygen:
ssh/run_sshd: true
Reply to: