summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorLi Wang <li.wang@windriver.com>2012-11-27 14:13:21 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2012-11-28 07:41:26 +0000
commitb629d940304ec65c2d799e0aa44d03562a784bd6 (patch)
tree2832168b5944ceb31705266a585841283ff6e57f /meta
parent8d1aed5dd236a82da9caae6c486c5165cd877d85 (diff)
downloadpoky-b629d940304ec65c2d799e0aa44d03562a784bd6.tar.gz
openssh: CVE-2011-4327
A security flaw was found in the way ssh-keysign, a ssh helper program for host based authentication, attempted to retrieve enough entropy information on configurations that lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would be executed to retrieve the entropy from the system environment). A local attacker could use this flaw to obtain unauthorized access to host keys via ptrace(2) process trace attached to the 'ssh-rand-helper' program. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327 http://www.openssh.com/txt/portable-keysign-rand-helper.adv [YOCTO #3493] (From OE-Core rev: bdce08215396e5ab99ada5fa0f62c3b002a44582) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch27
-rw-r--r--meta/recipes-connectivity/openssh/openssh_6.0p1.bb3
2 files changed, 29 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch b/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch
new file mode 100644
index 0000000000..8489edcc82
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch
@@ -0,0 +1,27 @@
1openssh-CVE-2011-4327
2
3A security flaw was found in the way ssh-keysign,
4a ssh helper program for host based authentication,
5attempted to retrieve enough entropy information on configurations that
6lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would
7be executed to retrieve the entropy from the system environment).
8A local attacker could use this flaw to obtain unauthorized access to host keys
9via ptrace(2) process trace attached to the 'ssh-rand-helper' program.
10
11https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327
12http://www.openssh.com/txt/portable-keysign-rand-helper.adv
13
14Signed-off-by: Li Wang <li.wang@windriver.com>
15--- a/ssh-keysign.c
16+++ b/ssh-keysign.c
17@@ -170,6 +170,10 @@
18 key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
19 key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
20 key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
21+ if (fcntl(key_fd[0], F_SETFD, FD_CLOEXEC) != 0 ||
22+ fcntl(key_fd[1], F_SETFD, FD_CLOEXEC) != 0 ||
23+ fcntl(key_fd[2], F_SETFD, FD_CLOEXEC) != 0)
24+ fatal("fcntl failed");
25
26 original_real_uid = getuid(); /* XXX readconf.c needs this */
27 if ((pw = getpwuid(original_real_uid)) == NULL)
diff --git a/meta/recipes-connectivity/openssh/openssh_6.0p1.bb b/meta/recipes-connectivity/openssh/openssh_6.0p1.bb
index 31202d4284..df77040099 100644
--- a/meta/recipes-connectivity/openssh/openssh_6.0p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_6.0p1.bb
@@ -7,7 +7,7 @@ SECTION = "console/network"
7LICENSE = "BSD" 7LICENSE = "BSD"
8LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507" 8LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507"
9 9
10PR = "r3" 10PR = "r4"
11 11
12DEPENDS = "zlib openssl" 12DEPENDS = "zlib openssl"
13DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" 13DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
@@ -23,6 +23,7 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
23 file://sshd_config \ 23 file://sshd_config \
24 file://ssh_config \ 24 file://ssh_config \
25 file://init \ 25 file://init \
26 file://openssh-CVE-2011-4327.patch \
26 ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}" 27 ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
27 28
28PAM_SRC_URI = "file://sshd" 29PAM_SRC_URI = "file://sshd"