Vigil@nce - OpenSSH: information disclosure via Legacy Certificates
February 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When the administrator generated Legacy Certificates with OpenSSH
5.6/5.7, the Nonce field contains 32 bytes from the memory of the
ssh-keygen process.
Severity: 1/4
Creation date: 04/02/2011
IMPACTED PRODUCTS
– OpenSSH
DESCRIPTION OF THE VULNERABILITY
The ssh-keygen tool of OpenSSH generates certificates. Its "-t"
parameter indicates the type to generate:
- ssh-rsa-cert-v00@openssh.com : KEY_RSA_CERT_V00 (Legacy)
– ssh-dss-cert-v00@openssh.com : KEY_RSA_CERT_V00 (Legacy)
- ssh-rsa-cert-v01@openssh.com : KEY_RSA_CERT (current)
- ssh-dss-cert-v01@openssh.com : KEY_RSA_CERT (current)
Depending on the type (current/Legacy), the Nonce (random of 32
bytes) is located at the beginning/end of the message. However
when the Nonce has to be placed at the end of the message (Legacy
format), the key_certify() function of OpenSSH 5.6/5.7 does not
initialize it.
This error has to impacts:
- the Nonce contains data coming from the memory
- the Nonce may be predicted (low risk)
When the administrator generated Legacy Certificates with OpenSSH
5.6/5.7, the Nonce field therefore contains 32 bytes from the
memory of the ssh-keygen process.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OpenSSH-information-disclosure-via-Legacy-Certificates-10326