openssh: CVE-2011-4327
A security flaw was found in the way ssh-keysign, a ssh helper program for host based authentication, attempted to retrieve enough entropy information on configurations that lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would be executed to retrieve the entropy from the system environment). A local attacker could use this flaw to obtain unauthorized access to host keys via ptrace(2) process trace attached to the 'ssh-rand-helper' program. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327 http://www.openssh.com/txt/portable-keysign-rand-helper.adv [YOCTO #3493] (From OE-Core rev: bdce08215396e5ab99ada5fa0f62c3b002a44582) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
8d1aed5dd2
commit
b629d94030
|
@ -0,0 +1,27 @@
|
|||
openssh-CVE-2011-4327
|
||||
|
||||
A security flaw was found in the way ssh-keysign,
|
||||
a ssh helper program for host based authentication,
|
||||
attempted to retrieve enough entropy information on configurations that
|
||||
lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would
|
||||
be executed to retrieve the entropy from the system environment).
|
||||
A local attacker could use this flaw to obtain unauthorized access to host keys
|
||||
via ptrace(2) process trace attached to the 'ssh-rand-helper' program.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327
|
||||
http://www.openssh.com/txt/portable-keysign-rand-helper.adv
|
||||
|
||||
Signed-off-by: Li Wang <li.wang@windriver.com>
|
||||
--- a/ssh-keysign.c
|
||||
+++ b/ssh-keysign.c
|
||||
@@ -170,6 +170,10 @@
|
||||
key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
|
||||
key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
|
||||
key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
|
||||
+ if (fcntl(key_fd[0], F_SETFD, FD_CLOEXEC) != 0 ||
|
||||
+ fcntl(key_fd[1], F_SETFD, FD_CLOEXEC) != 0 ||
|
||||
+ fcntl(key_fd[2], F_SETFD, FD_CLOEXEC) != 0)
|
||||
+ fatal("fcntl failed");
|
||||
|
||||
original_real_uid = getuid(); /* XXX readconf.c needs this */
|
||||
if ((pw = getpwuid(original_real_uid)) == NULL)
|
|
@ -7,7 +7,7 @@ SECTION = "console/network"
|
|||
LICENSE = "BSD"
|
||||
LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507"
|
||||
|
||||
PR = "r3"
|
||||
PR = "r4"
|
||||
|
||||
DEPENDS = "zlib openssl"
|
||||
DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
|
||||
|
@ -23,6 +23,7 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
|
|||
file://sshd_config \
|
||||
file://ssh_config \
|
||||
file://init \
|
||||
file://openssh-CVE-2011-4327.patch \
|
||||
${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
|
||||
|
||||
PAM_SRC_URI = "file://sshd"
|
||||
|
|
Loading…
Reference in New Issue