Package: release.debian.org Severity: normal Tags: buster User: release.debian.org@packages.debian.org Usertags: pu [ Reason ] CVE-2019-12953: Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames. This is a different issue than CVE-2018-15599. The Security Team decided it didn't warrant a DSA and suggested an upload via -pu instead. [ Impact ] When password authentication is enabled on the SSH daemon (the default behavior) an attacker could determine whether a given username exists by trying to authenticate with a very long password and measure response time. [ Tests ] I manually checked that password authentication still works, and that password of length >100 bytes are rejected without processing. [ Risks ] The fix is trivial and is cherry-picked from upstream's 2019.77: https://hg.ucc.asn.au/dropbear/rev/228b086794b7 . While this is a regression for legitimate passwords >100 bytes long, that same fix is in Bullseye since July 2019 and as far as I know no one has filed a bug for legitimate use of extra long passwords, so it probably makes sense to backport the fix to Buster as well. [ Checklist ] [*] *all* changes are documented in the d/changelog [*] I reviewed all changes and I approve them [*] attach debdiff against the package in oldstable [*] the issue is verified as fixed in unstable [ Changes ] * Cherry-pick upstream's https://hg.ucc.asn.au/dropbear/rev/228b086794b7 in order to reject password of length >100 bytes outright as an attempt to defeat timing attacks. * Set ‘debian-branch = debian/buster’ in debian/gbp.conf. -- Guilhem.
diffstat for dropbear-2018.76 dropbear-2018.76
changelog | 10 ++++++++
gbp.conf | 1
patches/CVE-2019-12953.patch | 48 +++++++++++++++++++++++++++++++++++++++++++
patches/series | 1
4 files changed, 60 insertions(+)
diff -Nru dropbear-2018.76/debian/changelog dropbear-2018.76/debian/changelog
--- dropbear-2018.76/debian/changelog 2019-02-12 13:06:15.000000000 +0100
+++ dropbear-2018.76/debian/changelog 2022-04-06 20:54:24.000000000 +0200
@@ -1,3 +1,13 @@
+dropbear (2018.76-5+deb10u1) buster; urgency=medium
+
+ * Backport security fix for CVE-2019-12953: Inconsistent failure delay that
+ may lead to revealing valid usernames. The fix limits password length to
+ 100 bytes. (Closes: #1009062.)
+ Cherry-picked from https://hg.ucc.asn.au/dropbear/rev/228b086794b7 .
+ * d/gbp.conf: Set debian-branch = debian/buster.
+
+ -- Guilhem Moulin <guilhem@debian.org> Wed, 06 Apr 2022 20:54:24 +0200
+
dropbear (2018.76-5) unstable; urgency=medium
* Put custom options, such as SFTPSERVER_PATH, in localoptions.h not in
diff -Nru dropbear-2018.76/debian/gbp.conf dropbear-2018.76/debian/gbp.conf
--- dropbear-2018.76/debian/gbp.conf 2019-02-12 13:06:15.000000000 +0100
+++ dropbear-2018.76/debian/gbp.conf 2022-04-06 20:54:24.000000000 +0200
@@ -1,4 +1,5 @@
[DEFAULT]
+debian-branch = debian/buster
pristine-tar = False
compression = bzip2
diff -Nru dropbear-2018.76/debian/patches/CVE-2019-12953.patch dropbear-2018.76/debian/patches/CVE-2019-12953.patch
--- dropbear-2018.76/debian/patches/CVE-2019-12953.patch 1970-01-01 01:00:00.000000000 +0100
+++ dropbear-2018.76/debian/patches/CVE-2019-12953.patch 2022-04-06 20:54:24.000000000 +0200
@@ -0,0 +1,48 @@
+commit 8b4f60a7a113f4e9ae801dea88606f2663728f03
+Author: Matt Johnston <matt@ucc.asn.au>
+Date: Thu Mar 21 00:09:07 2019 +0800
+
+ limit password length to 100
+
+diff --git a/svr-authpasswd.c b/svr-authpasswd.c
+index 69c7d8a..a4f3202 100644
+--- a/svr-authpasswd.c
++++ b/svr-authpasswd.c
+@@ -65,7 +65,7 @@ void svr_auth_password(int valid_user) {
+ }
+
+ password = buf_getstring(ses.payload, &passwordlen);
+- if (valid_user) {
++ if (valid_user && passwordlen <= DROPBEAR_MAX_PASSWORD_LEN) {
+ /* the first bytes of passwdcrypt are the salt */
+ passwdcrypt = ses.authstate.pw_passwd;
+ testcrypt = crypt(password, passwdcrypt);
+@@ -80,6 +80,15 @@ void svr_auth_password(int valid_user) {
+ return;
+ }
+
++ if (passwordlen > DROPBEAR_MAX_PASSWORD_LEN) {
++ dropbear_log(LOG_WARNING,
++ "Too-long password attempt for '%s' from %s",
++ ses.authstate.pw_name,
++ svr_ses.addrstring);
++ send_msg_userauth_failure(0, 1);
++ return;
++ }
++
+ if (testcrypt == NULL) {
+ /* crypt() with an invalid salt like "!!" */
+ dropbear_log(LOG_WARNING, "User account '%s' is locked",
+diff --git a/sysoptions.h b/sysoptions.h
+index 5bdb3e3..8648c4e 100644
+--- a/sysoptions.h
++++ b/sysoptions.h
+@@ -86,6 +86,8 @@
+ /* Required for pubkey auth */
+ #define DROPBEAR_SIGNKEY_VERIFY ((DROPBEAR_SVR_PUBKEY_AUTH) || (DROPBEAR_CLIENT))
+
++#define DROPBEAR_MAX_PASSWORD_LEN 100
++
+ #define SHA1_HASH_SIZE 20
+ #define MD5_HASH_SIZE 16
+ #define MAX_HASH_SIZE 64 /* sha512 */
diff -Nru dropbear-2018.76/debian/patches/series dropbear-2018.76/debian/patches/series
--- dropbear-2018.76/debian/patches/series 2019-02-12 13:06:15.000000000 +0100
+++ dropbear-2018.76/debian/patches/series 2022-04-06 20:54:24.000000000 +0200
@@ -1,2 +1,3 @@
local-options.patch
CVE-2018-15599.patch
+CVE-2019-12953.patch
Attachment:
signature.asc
Description: PGP signature