Bug#606922: openssh: cve-2010-4478 jpake issue

To: Michael Gilbert <michael.s.gilbert@gmail.com>
Cc: 606922@bugs.debian.org
Subject: Bug#606922: openssh: cve-2010-4478 jpake issue
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 15 Dec 2010 17:58:36 +0100
Message-id: <[🔎] 20101215165836.GA10854@inutil.org>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 606922@bugs.debian.org
In-reply-to: <[🔎] AANLkTimwHC8cVM7VTUuKx2dBVzdWnpp9vEV6h_0Qsvpn@mail.gmail.com>
References: <[🔎] AANLkTimwHC8cVM7VTUuKx2dBVzdWnpp9vEV6h_0Qsvpn@mail.gmail.com>

> CVE-2010-4478[0]:
> | OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly
> | validate the public parameters in the J-PAKE protocol, which allows
> | remote attackers to bypass the need for knowledge of the shared
> | secret, and successfully authenticate, by sending crafted values in
> | each round of the protocol, a related issue to CVE-2010-4252.
> 
> It does look like jpake is build for openssh.  I've checked the version
> in squeeze and it has the vulnerable code.

Quoting from
http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf :

| This issue affects the implementations of J-PAKE [1] in OpenSSL [2]
| and OpenSSH [3]. These implementations referred as experimental [4, 5] 
                                                     ^^^^^^^^^^^^
| and work-in-progress
      ^^^^^^^^^^^^^^^^
      
As such, we should simply disable J-PAKE for now. It wasn't in Lenny,
so it's not a regression, either.

Cheers,
        Moritz

Reply to:

References:
- Bug#606922: openssh: cve-2010-4478 jpake issue
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Prev by Date: Bug#73611: Reminder about your invitation from Think - Grow
Next by Date: Bug#607238: openssh-server: Unsupported option KerberosGetAFSToken
Previous by thread: Bug#606922: openssh: cve-2010-4478 jpake issue
Next by thread: Bug#606922: marked as done (openssh: cve-2010-4478 jpake issue)
Index(es):
- Date
- Thread