Rivoreo Source Code Repositories
src.rivoreo.one / security / openssh-library / 9286875a73b2de7736b5e50692739d314cd8d9dc
commit9286875a73b2de7736b5e50692739d314cd8d9dc[log] [download]
authorDarren Tucker <dtucker@zip.com.au>Fri Jul 15 13:32:45 2016 +1000
committerDarren Tucker <dtucker@zip.com.au>Fri Jul 15 13:45:42 2016 +1000
treeda8bbecb3d639077b3ca94d31f0e94253009b061
parenta162dd5e58ca5b224d7500abe35e1ef32b5de071 [diff]
Determine appropriate salt for invalid users.

When sshd is processing a non-PAM login for a non-existent user it uses
the string from the fakepw structure as the salt for crypt(3)ing the
password supplied by the client.  That string has a Blowfish prefix, so on
systems that don't understand that crypt will fail fast due to an invalid
salt, and even on those that do it may have significantly different timing
from the hash methods used for real accounts (eg sha512).  This allows
user enumeration by, eg, sending large password strings.  This was noted
by EddieEzra.Harari at verint.com (CVE-2016-6210).

To mitigate, use the same hash algorithm that root uses for hashing
passwords for users that do not exist on the system.  ok djm@
2 files changed
tree: da8bbecb3d639077b3ca94d31f0e94253009b061
  1. .skipped-commit-ids
  2. CREDITS
  3. INSTALL
  4. LICENCE
  5. Makefile.in
  6. OVERVIEW
  7. PROTOCOL
  8. PROTOCOL.agent
  9. PROTOCOL.certkeys
  10. PROTOCOL.chacha20poly1305
  11. PROTOCOL.key
  12. PROTOCOL.krl
  13. PROTOCOL.mux
  14. README
  15. README.dns
  16. README.platform
  17. README.privsep
  18. README.tun
  19. TODO
  20. aclocal.m4
  21. addrmatch.c
  22. atomicio.c
  23. atomicio.h
  24. audit-bsm.c
  25. audit-linux.c
  26. audit.c
  27. audit.h
  28. auth-bsdauth.c
  29. auth-chall.c
  30. auth-krb5.c
  31. auth-options.c
  32. auth-options.h
  33. auth-pam.c
  34. auth-pam.h
  35. auth-passwd.c
  36. auth-rh-rsa.c
  37. auth-rhosts.c
  38. auth-rsa.c
  39. auth-shadow.c
  40. auth-sia.c
  41. auth-sia.h
  42. auth-skey.c
  43. auth.c
  44. auth.h
  45. auth1.c
  46. auth2-chall.c
  47. auth2-gss.c
  48. auth2-hostbased.c
  49. auth2-kbdint.c
  50. auth2-none.c
  51. auth2-passwd.c
  52. auth2-pubkey.c
  53. auth2.c
  54. authfd.c
  55. authfd.h
  56. authfile.c
  57. authfile.h
  58. bitmap.c
  59. bitmap.h
  60. blocks.c
  61. bufaux.c
  62. bufbn.c
  63. bufec.c
  64. buffer.c
  65. buffer.h
  66. buildpkg.sh.in
  67. canohost.c
  68. canohost.h
  69. chacha.c
  70. chacha.h
  71. channels.c
  72. channels.h
  73. cipher-3des1.c
  74. cipher-aes.c
  75. cipher-aesctr.c
  76. cipher-aesctr.h
  77. cipher-bf1.c
  78. cipher-chachapoly.c
  79. cipher-chachapoly.h
  80. cipher-ctr.c
  81. cipher.c
  82. cipher.h
  83. cleanup.c
  84. clientloop.c
  85. clientloop.h
  86. compat.c
  87. compat.h
  88. config.guess
  89. config.sub
  90. configure.ac
  91. contrib/
  92. crc32.c
  93. crc32.h
  94. crypto_api.h
  95. deattack.c
  96. deattack.h
  97. defines.h
  98. dh.c
  99. dh.h
  100. digest-libc.c
  101. digest-openssl.c
  102. digest.h
  103. dispatch.c
  104. dispatch.h
  105. dns.c
  106. dns.h
  107. ed25519.c
  108. entropy.c
  109. entropy.h
  110. fatal.c
  111. fe25519.c
  112. fe25519.h
  113. fixalgorithms
  114. fixpaths
  115. fixprogs
  116. ge25519.c
  117. ge25519.h
  118. ge25519_base.data
  119. groupaccess.c
  120. groupaccess.h
  121. gss-genr.c
  122. gss-serv-krb5.c
  123. gss-serv.c
  124. hash.c
  125. hmac.c
  126. hmac.h
  127. hostfile.c
  128. hostfile.h
  129. includes.h
  130. install-sh
  131. kex.c
  132. kex.h
  133. kexc25519.c
  134. kexc25519c.c
  135. kexc25519s.c
  136. kexdh.c
  137. kexdhc.c
  138. kexdhs.c
  139. kexecdh.c
  140. kexecdhc.c
  141. kexecdhs.c
  142. kexgex.c
  143. kexgexc.c
  144. kexgexs.c
  145. key.c
  146. key.h
  147. krl.c
  148. krl.h
  149. log.c
  150. log.h
  151. loginrec.c
  152. loginrec.h
  153. logintest.c
  154. mac.c
  155. mac.h
  156. match.c
  157. match.h
  158. md-sha256.c
  159. md5crypt.c
  160. md5crypt.h
  161. mdoc2man.awk
  162. misc.c
  163. misc.h
  164. mkinstalldirs
  165. moduli
  166. moduli.5
  167. moduli.c
  168. monitor.c
  169. monitor.h
  170. monitor_fdpass.c
  171. monitor_fdpass.h
  172. monitor_mm.c
  173. monitor_mm.h
  174. monitor_wrap.c
  175. monitor_wrap.h
  176. msg.c
  177. msg.h
  178. mux.c
  179. myproposal.h
  180. nchan.c
  181. nchan.ms
  182. nchan2.ms
  183. opacket.c
  184. opacket.h
  185. openbsd-compat/
  186. openssh.xml.in
  187. opensshd.init.in
  188. packet.c
  189. packet.h
  190. pathnames.h
  191. pkcs11.h
  192. platform-pledge.c
  193. platform-tracing.c
  194. platform.c
  195. platform.h
  196. poly1305.c
  197. poly1305.h
  198. progressmeter.c
  199. progressmeter.h
  200. readconf.c
  201. readconf.h
  202. readpass.c
  203. regress/
  204. rijndael.c
  205. rijndael.h
  206. rsa.c
  207. rsa.h
  208. sandbox-capsicum.c
  209. sandbox-darwin.c
  210. sandbox-null.c
  211. sandbox-pledge.c
  212. sandbox-rlimit.c
  213. sandbox-seccomp-filter.c
  214. sandbox-solaris.c
  215. sandbox-systrace.c
  216. sc25519.c
  217. sc25519.h
  218. scp.1
  219. scp.c
  220. servconf.c
  221. servconf.h
  222. serverloop.c
  223. serverloop.h
  224. session.c
  225. session.h
  226. sftp-client.c
  227. sftp-client.h
  228. sftp-common.c
  229. sftp-common.h
  230. sftp-glob.c
  231. sftp-server-main.c
  232. sftp-server.8
  233. sftp-server.c
  234. sftp.1
  235. sftp.c
  236. sftp.h
  237. smult_curve25519_ref.c
  238. ssh-add.1
  239. ssh-add.c
  240. ssh-agent.1
  241. ssh-agent.c
  242. ssh-dss.c
  243. ssh-ecdsa.c
  244. ssh-ed25519.c
  245. ssh-gss.h
  246. ssh-keygen.1
  247. ssh-keygen.c
  248. ssh-keyscan.1
  249. ssh-keyscan.c
  250. ssh-keysign.8
  251. ssh-keysign.c
  252. ssh-pkcs11-client.c
  253. ssh-pkcs11-helper.8
  254. ssh-pkcs11-helper.c
  255. ssh-pkcs11.c
  256. ssh-pkcs11.h
  257. ssh-rsa.c
  258. ssh-sandbox.h
  259. ssh.1
  260. ssh.c
  261. ssh.h
  262. ssh1.h
  263. ssh2.h
  264. ssh_api.c
  265. ssh_api.h
  266. ssh_config
  267. ssh_config.5
  268. sshbuf-getput-basic.c
  269. sshbuf-getput-crypto.c
  270. sshbuf-misc.c
  271. sshbuf.c
  272. sshbuf.h
  273. sshconnect.c
  274. sshconnect.h
  275. sshconnect1.c
  276. sshconnect2.c
  277. sshd.8
  278. sshd.c
  279. sshd_config
  280. sshd_config.5
  281. ssherr.c
  282. ssherr.h
  283. sshkey.c
  284. sshkey.h
  285. sshlogin.c
  286. sshlogin.h
  287. sshpty.c
  288. sshpty.h
  289. sshtty.c
  290. survey.sh.in
  291. ttymodes.c
  292. ttymodes.h
  293. uidswap.c
  294. uidswap.h
  295. umac.c
  296. umac.h
  297. utf8.c
  298. utf8.h
  299. uuencode.c
  300. uuencode.h
  301. verify.c
  302. version.h
  303. xmalloc.c
  304. xmalloc.h