From f248bab6fd271211b3cadd22b90fba3fb313052c4c38fe6b8ca89a693092044c Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 13 Sep 2007 16:53:57 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=10 --- ...-4.6p1-untrusted-cookie-CVE-2007-4752.diff | 45 +++++++++++++++++++ openssh-askpass-gnome.spec | 2 +- openssh.changes | 5 +++ openssh.spec | 6 ++- 4 files changed, 56 insertions(+), 2 deletions(-) create mode 100644 openssh-4.6p1-untrusted-cookie-CVE-2007-4752.diff diff --git a/openssh-4.6p1-untrusted-cookie-CVE-2007-4752.diff b/openssh-4.6p1-untrusted-cookie-CVE-2007-4752.diff new file mode 100644 index 0000000..3bf391b --- /dev/null +++ b/openssh-4.6p1-untrusted-cookie-CVE-2007-4752.diff @@ -0,0 +1,45 @@ +--- clientloop.c ++++ clientloop.c +@@ -290,19 +290,29 @@ + generated = 1; + } + } +- snprintf(cmd, sizeof(cmd), +- "%s %s%s list %s 2>" _PATH_DEVNULL, +- xauth_path, +- generated ? "-f " : "" , +- generated ? xauthfile : "", +- display); +- debug2("x11_get_proto: %s", cmd); +- f = popen(cmd, "r"); +- if (f && fgets(line, sizeof(line), f) && +- sscanf(line, "%*s %511s %511s", proto, data) == 2) +- got_data = 1; +- if (f) +- pclose(f); ++ ++ /* ++ * When in untrusted mode, we read the cookie only if it was ++ * successfully generated as an untrusted one in the step ++ * above. ++ */ ++ if (trusted || generated) { ++ snprintf(cmd, sizeof(cmd), ++ "%s %s%s list %s 2>" _PATH_DEVNULL, ++ xauth_path, ++ generated ? "-f " : "" , ++ generated ? xauthfile : "", ++ display); ++ debug2("x11_get_proto: %s", cmd); ++ f = popen(cmd, "r"); ++ if (f && fgets(line, sizeof(line), f) && ++ sscanf(line, "%*s %511s %511s", proto, data) == 2) ++ got_data = 1; ++ if (f) ++ pclose(f); ++ } else ++ error("Warning: untrusted X11 forwarding setup failed: " ++ "xauth key data not generated"); + } + + if (do_unlink) { diff --git a/openssh-askpass-gnome.spec b/openssh-askpass-gnome.spec index 3aa7b65..4962c03 100644 --- a/openssh-askpass-gnome.spec +++ b/openssh-askpass-gnome.spec @@ -15,7 +15,7 @@ BuildRequires: gtk2-devel krb5-devel opensc-devel openssh openssl-devel pam-dev License: BSD 3-Clause Group: Productivity/Networking/SSH Version: 4.6p1 -Release: 53 +Release: 60 Requires: openssh = %{version} openssh-askpass = %{version} Autoreqprov: on Summary: A GNOME-Based Passphrase Dialog for OpenSSH diff --git a/openssh.changes b/openssh.changes index 8121236..d76f5a6 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Sep 13 15:50:39 CEST 2007 - nadvornik@suse.cz + +- fixed checking of an untrusted cookie, CVE-2007-4752 [#308521] + ------------------------------------------------------------------- Tue Aug 28 18:25:57 CEST 2007 - anicka@suse.cz diff --git a/openssh.spec b/openssh.spec index a6cc80e..1a11d39 100644 --- a/openssh.spec +++ b/openssh.spec @@ -29,7 +29,7 @@ PreReq: /usr/sbin/groupadd /usr/sbin/useradd %insserv_prereq %fillup_pr Conflicts: nonfreessh Autoreqprov: on Version: 4.6p1 -Release: 47 +Release: 53 %define xversion 1.2.4.1 Summary: Secure Shell Client and Server (Remote Login Program) URL: http://www.openssh.com/ @@ -64,6 +64,7 @@ Patch42: %{name}-gssapi_krb5-fix.patch Patch43: %{name}-%{version}-default-protocol.diff Patch44: %{name}-%{version}-audit.patch Patch45: %{name}-%{version}-challenge.patch +Patch46: %{name}-%{version}-untrusted-cookie-CVE-2007-4752.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %package askpass Summary: A passphrase dialog for OpenSSH and the X Window System @@ -155,6 +156,7 @@ Authors: %patch43 %patch44 -p1 %patch45 +%patch46 cp -v %{SOURCE4} . cp -v %{SOURCE6} . cd ../x11-ssh-askpass-%{xversion} @@ -298,6 +300,8 @@ rm -rf $RPM_BUILD_ROOT %config %_appdefdir/SshAskpass %changelog +* Thu Sep 13 2007 - nadvornik@suse.cz +- fixed checking of an untrusted cookie, CVE-2007-4752 [#308521] * Tue Aug 28 2007 - anicka@suse.cz - fix blocksigalrm patch to set old signal mask after writing the log in every case [#304819]