summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--deattack.c26
-rw-r--r--deattack.h1
-rw-r--r--debian/changelog9
-rw-r--r--packet.c13
4 files changed, 43 insertions, 6 deletions
diff --git a/deattack.c b/deattack.c
index 8b55d6686..d174abc76 100644
--- a/deattack.c
+++ b/deattack.c
@@ -27,6 +27,24 @@ RCSID("$OpenBSD: deattack.c,v 1.19 2003/09/18 08:49:45 markus Exp $");
27#include "xmalloc.h" 27#include "xmalloc.h"
28#include "deattack.h" 28#include "deattack.h"
29 29
30/*
31 * CRC attack detection has a worst-case behaviour that is O(N^3) over
32 * the number of identical blocks in a packet. This behaviour can be
33 * exploited to create a limited denial of service attack.
34 *
35 * However, because we are dealing with encrypted data, identical
36 * blocks should only occur every 2^35 maximally-sized packets or so.
37 * Consequently, we can detect this DoS by looking for identical blocks
38 * in a packet.
39 *
40 * The parameter below determines how many identical blocks we will
41 * accept in a single packet, trading off between attack detection and
42 * likelihood of terminating a legitimate connection. A value of 32
43 * corresponds to an average of 2^40 messages before an attack is
44 * misdetected
45 */
46#define MAX_IDENTICAL 32
47
30/* SSH Constants */ 48/* SSH Constants */
31#define SSH_MAXBLOCKS (32 * 1024) 49#define SSH_MAXBLOCKS (32 * 1024)
32#define SSH_BLOCKSIZE (8) 50#define SSH_BLOCKSIZE (8)
@@ -87,7 +105,7 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV)
87 static u_int16_t *h = (u_int16_t *) NULL; 105 static u_int16_t *h = (u_int16_t *) NULL;
88 static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE; 106 static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
89 u_int32_t i, j; 107 u_int32_t i, j;
90 u_int32_t l; 108 u_int32_t l, same;
91 u_char *c; 109 u_char *c;
92 u_char *d; 110 u_char *d;
93 111
@@ -133,17 +151,21 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV)
133 if (IV) 151 if (IV)
134 h[HASH(IV) & (n - 1)] = HASH_IV; 152 h[HASH(IV) & (n - 1)] = HASH_IV;
135 153
136 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) { 154 for (c = buf, same = j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
137 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED; 155 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
138 i = (i + 1) & (n - 1)) { 156 i = (i + 1) & (n - 1)) {
139 if (h[i] == HASH_IV) { 157 if (h[i] == HASH_IV) {
140 if (!CMP(c, IV)) { 158 if (!CMP(c, IV)) {
159 if (++same > MAX_IDENTICAL)
160 return (DEATTACK_DOS_DETECTED);
141 if (check_crc(c, buf, len, IV)) 161 if (check_crc(c, buf, len, IV))
142 return (DEATTACK_DETECTED); 162 return (DEATTACK_DETECTED);
143 else 163 else
144 break; 164 break;
145 } 165 }
146 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) { 166 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
167 if (++same > MAX_IDENTICAL)
168 return (DEATTACK_DOS_DETECTED);
147 if (check_crc(c, buf, len, IV)) 169 if (check_crc(c, buf, len, IV))
148 return (DEATTACK_DETECTED); 170 return (DEATTACK_DETECTED);
149 else 171 else
diff --git a/deattack.h b/deattack.h
index ddccdea50..cd3d7aa3b 100644
--- a/deattack.h
+++ b/deattack.h
@@ -25,6 +25,7 @@
25/* Return codes */ 25/* Return codes */
26#define DEATTACK_OK 0 26#define DEATTACK_OK 0
27#define DEATTACK_DETECTED 1 27#define DEATTACK_DETECTED 1
28#define DEATTACK_DOS_DETECTED 2
28 29
29int detect_attack(u_char *, u_int32_t, u_char[8]); 30int detect_attack(u_char *, u_int32_t, u_char[8]);
30#endif 31#endif
diff --git a/debian/changelog b/debian/changelog
index 5e321f09b..705a61580 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,16 @@
1openssh (1:4.3p2-4) UNRELEASED; urgency=low 1openssh (1:4.3p2-4) UNRELEASED; urgency=high
2
3 * Backport from 4.4p1 (since I don't have an updated version of the GSSAPI
4 patch yet):
5 - CVE-2006-4924: Fix a pre-authentication denial of service found by
6 Tavis Ormandy, that would cause sshd(8) to spin until the login grace
7 time expired (closes: #389995).
2 8
3 * Read /etc/default/locale as well as /etc/environment (thanks, Raphaël 9 * Read /etc/default/locale as well as /etc/environment (thanks, Raphaël
4 Hertzog; closes: #369395). 10 Hertzog; closes: #369395).
5 * Remove no-longer-used ssh/insecure_rshd debconf template. 11 * Remove no-longer-used ssh/insecure_rshd debconf template.
6 * Make ssh/insecure_telnetd Type: error (closes: #388946). 12 * Make ssh/insecure_telnetd Type: error (closes: #388946).
13
7 * debconf template translations: 14 * debconf template translations:
8 - Update Portuguese (thanks, Rui Branco; closes: #381942). 15 - Update Portuguese (thanks, Rui Branco; closes: #381942).
9 - Update Spanish (thanks, Javier Fernández-Sanguino Peña; 16 - Update Spanish (thanks, Javier Fernández-Sanguino Peña;
diff --git a/packet.c b/packet.c
index 3208383e8..827ae16b3 100644
--- a/packet.c
+++ b/packet.c
@@ -992,9 +992,16 @@ packet_read_poll1(void)
992 * (C)1998 CORE-SDI, Buenos Aires Argentina 992 * (C)1998 CORE-SDI, Buenos Aires Argentina
993 * Ariel Futoransky(futo@core-sdi.com) 993 * Ariel Futoransky(futo@core-sdi.com)
994 */ 994 */
995 if (!receive_context.plaintext && 995 if (!receive_context.plaintext) {
996 detect_attack(buffer_ptr(&input), padded_len, NULL) == DEATTACK_DETECTED) 996 switch (detect_attack(buffer_ptr(&input), padded_len, NULL)) {
997 packet_disconnect("crc32 compensation attack: network attack detected"); 997 case DEATTACK_DETECTED:
998 packet_disconnect("crc32 compensation attack: "
999 "network attack detected");
1000 case DEATTACK_DOS_DETECTED:
1001 packet_disconnect("deattack denial of "
1002 "service detected");
1003 }
1004 }
998 1005
999 /* Decrypt data to incoming_packet. */ 1006 /* Decrypt data to incoming_packet. */
1000 buffer_clear(&incoming_packet); 1007 buffer_clear(&incoming_packet);