From: Saul Wold <sgw@linux.intel.com>
To: Li Wang <li.wang@windriver.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [PATCH] openssh: CVE-2011-4327
Date: Thu, 29 Nov 2012 09:47:29 -0800 [thread overview]
Message-ID: <50B79FB1.30705@linux.intel.com> (raw)
In-Reply-To: <1353996801-28402-1-git-send-email-li.wang@windriver.com>
On 11/26/2012 10:13 PM, Li Wang wrote:
> A security flaw was found in the way ssh-keysign,
> a ssh helper program for host based authentication,
> attempted to retrieve enough entropy information on configurations that
> lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would
> be executed to retrieve the entropy from the system environment).
> A local attacker could use this flaw to obtain unauthorized access to host keys
> via ptrace(2) process trace attached to the 'ssh-rand-helper' program.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327
> http://www.openssh.com/txt/portable-keysign-rand-helper.adv
>
> [YOCTO #3493]
>
> Signed-off-by: Li Wang <li.wang@windriver.com>
> ---
> .../openssh-6.0p1/openssh-CVE-2011-4327.patch | 27 ++++++++++++++++++++++
> meta/recipes-connectivity/openssh/openssh_6.0p1.bb | 3 ++-
> 2 files changed, 29 insertions(+), 1 deletion(-)
> create mode 100644 meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch
>
> diff --git a/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch b/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch
> new file mode 100644
> index 0000000..8489edc
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch
This has already been merged, but can you please send a patch to add the
Upstream-Status
Thanks
Sau!
> @@ -0,0 +1,27 @@
> +openssh-CVE-2011-4327
> +
> +A security flaw was found in the way ssh-keysign,
> +a ssh helper program for host based authentication,
> +attempted to retrieve enough entropy information on configurations that
> +lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would
> +be executed to retrieve the entropy from the system environment).
> +A local attacker could use this flaw to obtain unauthorized access to host keys
> +via ptrace(2) process trace attached to the 'ssh-rand-helper' program.
> +
> +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327
> +http://www.openssh.com/txt/portable-keysign-rand-helper.adv
> +
> +Signed-off-by: Li Wang <li.wang@windriver.com>
> +--- a/ssh-keysign.c
> ++++ b/ssh-keysign.c
> +@@ -170,6 +170,10 @@
> + key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
> + key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
> + key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
> ++ if (fcntl(key_fd[0], F_SETFD, FD_CLOEXEC) != 0 ||
> ++ fcntl(key_fd[1], F_SETFD, FD_CLOEXEC) != 0 ||
> ++ fcntl(key_fd[2], F_SETFD, FD_CLOEXEC) != 0)
> ++ fatal("fcntl failed");
> +
> + original_real_uid = getuid(); /* XXX readconf.c needs this */
> + if ((pw = getpwuid(original_real_uid)) == NULL)
> diff --git a/meta/recipes-connectivity/openssh/openssh_6.0p1.bb b/meta/recipes-connectivity/openssh/openssh_6.0p1.bb
> index 31202d4..df77040 100644
> --- a/meta/recipes-connectivity/openssh/openssh_6.0p1.bb
> +++ b/meta/recipes-connectivity/openssh/openssh_6.0p1.bb
> @@ -7,7 +7,7 @@ SECTION = "console/network"
> LICENSE = "BSD"
> LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507"
>
> -PR = "r3"
> +PR = "r4"
>
> DEPENDS = "zlib openssl"
> DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
> @@ -23,6 +23,7 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
> file://sshd_config \
> file://ssh_config \
> file://init \
> + file://openssh-CVE-2011-4327.patch \
> ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
>
> PAM_SRC_URI = "file://sshd"
>
next prev parent reply other threads:[~2012-11-29 18:01 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-27 6:13 [PATCH] openssh: CVE-2011-4327 Li Wang
2012-11-29 17:47 ` Saul Wold [this message]
2012-11-30 22:41 ` Scott Garman
2012-12-03 14:13 ` Burton, Ross
2012-12-04 1:28 ` Li.Wang
-- strict thread matches above, loose matches on Subject: below --
2012-11-27 5:53 Li Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50B79FB1.30705@linux.intel.com \
--to=sgw@linux.intel.com \
--cc=li.wang@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox