Thought I'd pass along this minor bug and fix, for everyone rushing to upgrade their OpenSSH (see Bugtraq report below). Platform: Solaris 8 [Ultra80], SUNWspro C/C++ 5.0, patch 107357-09 installed. I got the following compilation error with OpenSSH 2.9.9p2 (both release version and latest snapshot). This may be due to more strict type-checking by the Sun Workshop 5.0 compiler. cc -g -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -I. -I. -I/usr/local/lib -I/us r/local/include -DETCDIR=\"/etc/openssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" - D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/u sr/libexec/sftp-server\" -D_PATH_SSH_PIDDIR=\"/var/run\" -DHAVE_CONFIG_H -c sess ion.c "session.c", line 628: identifier redeclared: do_pre_login current : static function(pointer to struct Session {int used, int self, pointer to struct passwd {..} pw, pointer to struct Authctxt ... previous: function() returning int : "session.c", line 581 cc: acomp failed for session.c make: *** [session.o] Error 2 I added a function definition to ./session.c and this fixed the problem: static void session_close(Session *); static int session_pty_req(Session *); /* Added DSFoster 9-27-01 */ static void do_pre_login(Session *s); /* import */ extern ServerOptions options; Dave Foster Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Date: Wed, 26 Sep 2001 23:18:23 +0200 From: Markus Friedl <markus@openbsd.org> To: openssh-unix-announce@mindrot.org, openssh-unix-dev@mindrot.org, security-announce@openbsd.org Cc: bugtraq@securityfocus.com Subject: OpenSSH Security Advisory (adv.option) Mime-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.2.5i Weakness in OpenSSH's source IP based access control for SSH protocol v2 public key authentication. 1. Systems affected: Versions of OpenSSH between 2.5.x and 2.9.x using the 'from=' key file option in combination with both RSA and DSA keys in ~/.ssh/authorized_keys2. 2. Description: Depending on the order of the user keys in ~/.ssh/authorized_keys2 sshd might fail to apply the source IP based access control restriction (e.g. from="10.0.0.1") to the correct key: If a source IP restricted key (e.g. DSA key) is immediately followed by a key of a different type (e.g. RSA key), then key options for the second key are applied to both keys, which includes 'from='. 3. Impact: Users can circumvent the system policy and login from disallowed source IP addresses. 4. Solution: Apply the following patch. This bug is fixed in OpenSSH 2.9.9 5. Credits: None. Appendix: Index: key.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/key.c,v retrieving revision 1.31 retrieving revision 1.32 diff -u -p -IRCSID -r1.31 -r1.32 --- key.c 2001/09/17 20:50:22 1.31 +++ key.c 2001/09/19 13:23:29 1.32 @@ -358,7 +358,7 @@ write_bignum(FILE *f, BIGNUM *num) return 1; } -/* returns 1 ok, -1 error, 0 type mismatch */ +/* returns 1 ok, -1 error */ int key_read(Key *ret, char **cpp) { @@ -413,7 +413,7 @@ key_read(Key *ret, char **cpp) } else if (ret->type != type) { /* is a key, but different type */ debug3("key_read: type mismatch"); - return 0; + return -1; } len = 2*strlen(cp); blob = xmalloc(len); << All opinions expressed are mine, not the University's >> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= David Foster National Center for Microscopy and Imaging Research Programmer/Analyst University of California, San Diego dfoster@ucsd.edu Department of Neuroscience, Mail 0608 (858) 534-7968 http://ncmir.ucsd.edu/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= "The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore, all progress depends on the unreasonable." -- George Bernard Shaw _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Thu Sep 27 14:08:48 2001
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:26 EST