=========================================================== == Subject: Potential NULL dereference during rekeying == with algorithm guessing == == CVE ID#: CVE-2023-1667 == == Versions: (0.9.1 - 0.9.6) and (0.10.0 - 0.10.4) == == Summary: The server can crash when the client initiates == rekeying with `first_kex_packet_follows` flag == in KEXINIT message). =========================================================== =========== Description =========== Malicious client can initiate rekeying with algorithm guessing with `first_kex_packet_follows` flag in KEXINIT message (see Section 7.1 in RFC4253 [1]). This technique is used more with the initial key exchange, where it can save one round trip (if the client guess was right), but it is not widely implemented and used by SSH clients. Given that the guessing was implemented only partially and the state tracking the KEXINIT message was implemented only using presence of the methods fields, the client could trigger NULL dereference, causing the server crash causing DoS for the connection. If the server is implemented using threads, it might cause DoS for other connections. This is post-authentication exploit so the attacker needs to have valid authentication credentials on the server to successfully exploit this vulnerability. [1] https://www.rfc-editor.org/rfc/rfc4253#section-7.1 ================== Patch Availability ================== Patches addressing the issues have been posted to: https://www.libssh.org/security/ Additionally, libssh 0.10.5 and 0.9.7 have been issued as security releases to correct the defect. SSH administrators are advised to upgrade to these releases or apply the patch as soon as possible. ================== CVSSv3 calculation ================== CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L (4.3) ========== Workaround ========== Using fork()-based server will make this self-DoS with no effect on other users. For thread-based servers, no workaround is available. ======= Credits ======= Originally reported by Philip Turnbull from GitHub Security Lab (GHSL). Patches provided by Jakub Jelen of the libssh team. ========================================================== == The libssh team ==========================================================