Re: FreeBSD Security Advisory FreeBSD-SA-25:01.openssh

Reply: Christos Chatzaras : "Re: FreeBSD Security Advisory FreeBSD-SA-25:01.openssh"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Konrad Heuer <kheuer.ox_at_ox.gwdg.de>
Date: Thu, 30 Jan 2025 10:25:14 UTC
Hello,

on our 13.4 systems, freebsd-update doesn't fetch any new files for
OpenSSH. Seems to be strange in my eyes ...

Best regards
Konrad

On Wed, 2025-01-29 at 21:31 +0000, FreeBSD Security Advisories wrote:
> =====================================================================
> ========
> FreeBSD-SA-25:01.openssh                                    Security
> Advisory
>                                                           The FreeBSD
> Project
> 
> Topic:          OpenSSH Keystroke Obfuscation Bypass
> 
> Category:       contrib
> Module:         openssh
> Announced:      2025-01-29
> Credits:        Philippos Giavridis
> Credits:        Jacky Wei En Kung, Daniel Hugenroth and
>                 Alastair Beresford (University of Cambridge)
> Affects:        FreeBSD 14.1
> Corrected:      2024-07-15 18:45:16 UTC (stable/14, 14.2-STABLE)
>                 2025-01-29 18:55:25 UTC (releng/14.1, 14.1-RELEASE-
> p7)
>                 2024-08-01 15:03:50 UTC (stable/13, 13.4-STABLE)
> CVE Name:       CVE-2024-39894
> 
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and
> the
> following sections, please visit <URL:https://security.FreeBSD.org/>;
> ;
> .
> 
> I.   Background
> 
> OpenSSH is an implementation of the SSH protocol suite, providing an
> encrypted and authenticated transport for a variety of services,
> including
> remote shell access.
> 
> OpenSSH version 9.5 introduced a mechanism to mitigate keystroke
> timing
> attacks by "sending interactive traffic at fixed intervals when there
> is
> only a small amount of data being sent."
> 
> II.  Problem Description
> 
> A logic error in the ssh(1) ObscureKeystrokeTiming feature (on by
> default)
> rendered this feature ineffective.
> 
> III. Impact
> 
> A passive observer could detect which network packets contain real
> keystrokes,
> and infer the specific characters being transmitted from packet
> timing.
> 
> IV.  Workaround
> 
> No workaround is available.  This bug does not affect connections
> when
> ObscureKeystrokeTiming was disabled or sessions where no TTY was
> requested.
> 
> V.   Solution
> 
> Upgrade your vulnerable system to a supported FreeBSD stable or
> release / security branch (releng) dated after the correction date.
> 
> Perform one of the following:
> 
> 1) To update your vulnerable system via a binary patch:
> 
> Systems running a RELEASE version of FreeBSD on the amd64 or arm64
> platforms,
> or the i386 platform on FreeBSD 13, can be updated via the freebsd-
> update(8)
> utility:
> 
> # freebsd-update fetch
> # freebsd-update install
> # shutdown -r +10min "Rebooting for a security update"
> 
> 2) To update your vulnerable system via a source code patch:
> 
> The following patches have been verified to apply to the applicable
> FreeBSD release branches.
> 
> a) Download the relevant patch from the location below, and verify
> the
> detached PGP signature using your PGP utility.
> 
> [FreeBSD 14.1]
> # fetch https://security.FreeBSD.org/patches/SA-25:01/openssh.patch
> # fetch 
> https://security.FreeBSD.org/patches/SA-25:01/openssh.patch.asc
> # gpg --verify openssh.patch.asc
> 
> b) Apply the patch.  Execute the following commands as root:
> 
> # cd /usr/src
> # patch < /path/to/patch
> 
> c) Recompile the operating system using buildworld and installworld
> as
> described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>;;.
> 
> VI.  Correction details
> 
> This issue is corrected as of the corresponding Git commit hash in
> the
> following stable and release branches:
> 
> Branch/path                             Hash                     Revi
> sion
> -------------------------------------------------------------------
> ------
> stable/14/                              bf9a275b24f6    stable/14-
> n268158
> releng/14.1/                            88d5d8108711  releng/14.1-
> n267735
> stable/13/                              79853e40abd8    stable/13-
> n258171
> -------------------------------------------------------------------
> ------
> 
> Run the following command to see which files were modified by a
> particular commit:
> 
> # git show --stat <commit hash>
> 
> Or visit the following URL, replacing NNNNNN with the hash:
> 
> <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
> 
> To determine the commit count in a working tree (for comparison
> against
> nNNNNNN in the table above), run:
> 
> # git rev-list --count --first-parent HEAD
> 
> VII. References
> 
> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39894>
> 
> The latest revision of this advisory is available at
> <URL:
> https://security.FreeBSD.org/advisories/FreeBSD-SA-25:01.openssh.asc>