Package: release.debian.org Severity: normal Tags: buster User: release.debian.org@packages.debian.org Usertags: pu [ Reason ] CVE-2019-12953: Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames. This is a different issue than CVE-2018-15599. The Security Team decided it didn't warrant a DSA and suggested an upload via -pu instead. [ Impact ] When password authentication is enabled on the SSH daemon (the default behavior) an attacker could determine whether a given username exists by trying to authenticate with a very long password and measure response time. [ Tests ] I manually checked that password authentication still works, and that password of length >100 bytes are rejected without processing. [ Risks ] The fix is trivial and is cherry-picked from upstream's 2019.77: https://hg.ucc.asn.au/dropbear/rev/228b086794b7 . While this is a regression for legitimate passwords >100 bytes long, that same fix is in Bullseye since July 2019 and as far as I know no one has filed a bug for legitimate use of extra long passwords, so it probably makes sense to backport the fix to Buster as well. [ Checklist ] [*] *all* changes are documented in the d/changelog [*] I reviewed all changes and I approve them [*] attach debdiff against the package in oldstable [*] the issue is verified as fixed in unstable [ Changes ] * Cherry-pick upstream's https://hg.ucc.asn.au/dropbear/rev/228b086794b7 in order to reject password of length >100 bytes outright as an attempt to defeat timing attacks. * Set ‘debian-branch = debian/buster’ in debian/gbp.conf. -- Guilhem.
diffstat for dropbear-2018.76 dropbear-2018.76 changelog | 10 ++++++++ gbp.conf | 1 patches/CVE-2019-12953.patch | 48 +++++++++++++++++++++++++++++++++++++++++++ patches/series | 1 4 files changed, 60 insertions(+) diff -Nru dropbear-2018.76/debian/changelog dropbear-2018.76/debian/changelog --- dropbear-2018.76/debian/changelog 2019-02-12 13:06:15.000000000 +0100 +++ dropbear-2018.76/debian/changelog 2022-04-06 20:54:24.000000000 +0200 @@ -1,3 +1,13 @@ +dropbear (2018.76-5+deb10u1) buster; urgency=medium + + * Backport security fix for CVE-2019-12953: Inconsistent failure delay that + may lead to revealing valid usernames. The fix limits password length to + 100 bytes. (Closes: #1009062.) + Cherry-picked from https://hg.ucc.asn.au/dropbear/rev/228b086794b7 . + * d/gbp.conf: Set debian-branch = debian/buster. + + -- Guilhem Moulin <guilhem@debian.org> Wed, 06 Apr 2022 20:54:24 +0200 + dropbear (2018.76-5) unstable; urgency=medium * Put custom options, such as SFTPSERVER_PATH, in localoptions.h not in diff -Nru dropbear-2018.76/debian/gbp.conf dropbear-2018.76/debian/gbp.conf --- dropbear-2018.76/debian/gbp.conf 2019-02-12 13:06:15.000000000 +0100 +++ dropbear-2018.76/debian/gbp.conf 2022-04-06 20:54:24.000000000 +0200 @@ -1,4 +1,5 @@ [DEFAULT] +debian-branch = debian/buster pristine-tar = False compression = bzip2 diff -Nru dropbear-2018.76/debian/patches/CVE-2019-12953.patch dropbear-2018.76/debian/patches/CVE-2019-12953.patch --- dropbear-2018.76/debian/patches/CVE-2019-12953.patch 1970-01-01 01:00:00.000000000 +0100 +++ dropbear-2018.76/debian/patches/CVE-2019-12953.patch 2022-04-06 20:54:24.000000000 +0200 @@ -0,0 +1,48 @@ +commit 8b4f60a7a113f4e9ae801dea88606f2663728f03 +Author: Matt Johnston <matt@ucc.asn.au> +Date: Thu Mar 21 00:09:07 2019 +0800 + + limit password length to 100 + +diff --git a/svr-authpasswd.c b/svr-authpasswd.c +index 69c7d8a..a4f3202 100644 +--- a/svr-authpasswd.c ++++ b/svr-authpasswd.c +@@ -65,7 +65,7 @@ void svr_auth_password(int valid_user) { + } + + password = buf_getstring(ses.payload, &passwordlen); +- if (valid_user) { ++ if (valid_user && passwordlen <= DROPBEAR_MAX_PASSWORD_LEN) { + /* the first bytes of passwdcrypt are the salt */ + passwdcrypt = ses.authstate.pw_passwd; + testcrypt = crypt(password, passwdcrypt); +@@ -80,6 +80,15 @@ void svr_auth_password(int valid_user) { + return; + } + ++ if (passwordlen > DROPBEAR_MAX_PASSWORD_LEN) { ++ dropbear_log(LOG_WARNING, ++ "Too-long password attempt for '%s' from %s", ++ ses.authstate.pw_name, ++ svr_ses.addrstring); ++ send_msg_userauth_failure(0, 1); ++ return; ++ } ++ + if (testcrypt == NULL) { + /* crypt() with an invalid salt like "!!" */ + dropbear_log(LOG_WARNING, "User account '%s' is locked", +diff --git a/sysoptions.h b/sysoptions.h +index 5bdb3e3..8648c4e 100644 +--- a/sysoptions.h ++++ b/sysoptions.h +@@ -86,6 +86,8 @@ + /* Required for pubkey auth */ + #define DROPBEAR_SIGNKEY_VERIFY ((DROPBEAR_SVR_PUBKEY_AUTH) || (DROPBEAR_CLIENT)) + ++#define DROPBEAR_MAX_PASSWORD_LEN 100 ++ + #define SHA1_HASH_SIZE 20 + #define MD5_HASH_SIZE 16 + #define MAX_HASH_SIZE 64 /* sha512 */ diff -Nru dropbear-2018.76/debian/patches/series dropbear-2018.76/debian/patches/series --- dropbear-2018.76/debian/patches/series 2019-02-12 13:06:15.000000000 +0100 +++ dropbear-2018.76/debian/patches/series 2022-04-06 20:54:24.000000000 +0200 @@ -1,2 +1,3 @@ local-options.patch CVE-2018-15599.patch +CVE-2019-12953.patch
Attachment:
signature.asc
Description: PGP signature