Contributed by jose on from the portable-security dept.
Note that this is a release to address issues in the portable version only. The items mentioned below do not affect the OpenBSD version.
Security Changes
Portable OpenSSH version 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the new PAM authentication code. At least one of these bugs is remotely exploitable (under a non-standard configuration, with privsep disabled).
OpenSSH 3.7.1p2 fixes these bugs. Please note that these bugs do not exist in OpenBSD's releases of OpenSSH.
Changes since OpenSSH 3.7.1p1
- This release disables PAM by default. To enable it, set "UsePAM yes" in sshd_config. Due to complexity, inconsistencies in the specification and differences between vendors' PAM implementations we recommend that PAM be left disabled in sshd_config unless there is a need for its use. Sites using only public key or simple password authentication usually have little need to enable PAM support.
- This release now requires zlib 1.1.4 to build correctly. Previous versions have security problems.
- Fix compilation for versions of OpenSSL before 0.9.6. Some cipher modes are not supported for older OpenSSL versions.
- Fix compilation problems on systems with a missing or lacking inet_ntoa() function.
- Workaround problems related to unimplemented or broken setresuid/setreuid functions on several platforms.
- Fix compilation on older OpenBSD systems.
- Fix handling of password-less authentication (PermitEmptyPasswords=yes) that has not worked since the 3.7p1 release.
MD5 (openssh-3.7.1p2.tar.gz) = 61cf5b059938718308836d00f6764a94
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller, Ben Lindstrom, Darren Tucker and Tim Rice.
(Comments are closed)
By gwyllion () on
By Anonymous Coward () on
I think it is time to prepare for some quick update to this on OS X without waiting for apple's software testing.
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Darwin 6.8
% man pam
By gwyllion () on
This bugs were introduced with the new PAM code from FreeBSD (only 3.7 and 3.7.1 have this new code).
By Sacha () on
By Anonymous Coward () on
Trying to do the same thing on a Mandrake 9.0 box (with all updates) refused to let me log in. The sshd config files were the same, as was the means of installation. I have gone back to using PAM with this new version and it works fine. What would cause authentication without PAM to work on some systems and not others?
Comments
By Anonymous Coward () on
Comments
By djm () on
By Anonymous Coward () on
For hobbiests or home users, hardware costs matter a lot, but for business users, the damage (cost) of a security breach far exceeds their total hardware budgets. How much would it "cost" Yahoo to be compromised? Spending some more money to use safer tools, like Java, is a bargain for a business user.
I'm convinced at this point that ALL network services, from ping to ssh, should be written in languages which have the following characteristics:
1. No direct access to memory.
2. Program integrity checks before executing (like the bytecode verifier).
3. A virtual machine runtime environment.
4. Designed from the beginning for containment and isolation.
The only language that I know meets these needs is Java. That said, I know nothing about Ruby or Python and probably others that may also meet these requirements.
When I have time to devote to this I'm going to start my 100% Java network server suite, going from small (ping) all the way to higher-level protocols like ssh or nfs. Fortunately some of the work (such as http and dns) has already been done.
Comments?
Comments
By Mike S () on www.nedyah.org
I would like to hear an explanation as to why all this stuff is written in c. I am sure the people doing it have their reasons, though.
I would think that c++ could do the job a little better. If you encapsulate your strings and buffers in safe classes, you trade a little speed for having a common string class that you know will not overflow.
But my impression is that when the chips are down, you really don't have the luxury of trading that much speed (and efficiency when its done right) for security.
So I'm curious to hear what people think.
Comments
By Anonymous Coward () on
It is a portable high-level assembler
"I would think that c++ could do the job a little better."
as they say, it is easy to shoot yourself in the foot in C
with C++ you can blow your whole leg off
"encapsulate your strings and buffers in safe classes"
you mean like the safe string C libs for most OSs based on OpenBSD's ???
By Sacha () on
Allthough allsorts of solutions are available, the OpenSSH team will prolly have their reasons to write their code in C.
Rewriting the code would take up more time (of learning a new language and) starting from scratch.
But in the end, nothing is holding you back to chroot sshd ;-)
By Nate () on
~Nate
By Anonymous Coward () on
By tedu () on
second question: how many (and which) platforms do you intend to support?
Comments
By MotleyFool () motelydawg@dung.org on mailto:motelydawg@dung.org
By djm () on
It is annoying to see armchair experts making recommendations to completely rewrite every network app we have used without putting the work in to do it themselves. Nevermind the fact that one can make errors just as easily in any language (though some are easier to audit) and nevermind the long history of magical languages and programming ideologies which promise to solve all software problems.
http://www-inst.eecs.berkeley.edu/~maratb/readings/NoSilverBullet.html
By Anonymous Coward () on
Why? This is _the_ performance killer.
I believe a virtual machine system is a dead-end
for deploying real apps. A "naive" native code
generator is not really any harder to write, and
native code from a naive code generator will beat
a sophisticated VM any day. Especially on modern
processors where jumps are expensive. A VM
implementation spends most of its time jumping
around inside the interpreter. JIT? Yes, but
then you might as well write a native back-end,
and the resulting whole is likely to be simpler
and more reliable.
You CAN implement a safe language with a
native code compiler. Done decades ago, for example
in the "Wirth languages" (Pascal, Modula-2, Oberon).
With the native back-end, you can have all kinds
of run-time checks always activated, and the
compiler can then omit most of the unnecessary ones
(detected using dataflow analysis) during code
generation. I think an IBM researcher published a
paper on this already some 25 years ago - ours is
the industry that never learns from the past... :-(
By Michael () on
--Michael
By Me () what? get another virus@work on mailto:what? get another virus@work
By grey () on
Comments
By Kurt () on http://www.openbsd.org/cgi-bin/cvsweb/ports/devel/
native (green threads, nojit)
devel/jdk/1.2
linux emulation (green threads, nojit)
devel/jdk/1.2-blackdown
devel/jdk/1.3-linux
However more work is needed to get native threads and jit working. Also, I believe Niklas@ has a port of native 1.3 completed or nearly so.
There is a low volume mailing list for those interested in Java on OpenBSD:
http://codemonkey.net/mailman/listinfo/openbsd-java