bugzilla-daemon at mindrot.org
2024-Jan-13 06:49 UTC
[Bug 3656] New: How to fix row hammer attacks?
https://bugzilla.mindrot.org/show_bug.cgi?id=3656
Bug ID: 3656
Summary: How to fix row hammer attacks?
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: rmsh1216 at 163.com
A new vulnerability (CVE-2023-51767) in openssh has been published, but
there seems to be no fix yet.
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51767
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Jan-16 07:32 UTC
[Bug 3656] How to fix row hammer attacks?
https://bugzilla.mindrot.org/show_bug.cgi?id=3656
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
This attack was not demonstrated against stock OpenSSH, but instead
against a modified sshd that had extra synchronisation added to make
the attack easier. AFAIK achieving the timing required to successfully
exploit is close to impossible in the real world. See section 9 of
their paper https://arxiv.org/pdf/2309.02545.pdf
They don't mention it, but any kind of ASLR would increase the
difficulty of attack by several orders of magnitude.
Nobody has demonstrated this attack against a configuration remotely
approximating real-world conditions. We consider rowhammer mitigation
to the job of the platform, not userspace software.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-May-06 02:42 UTC
[Bug 3656] How to fix row hammer attacks?
https://bugzilla.mindrot.org/show_bug.cgi?id=3656
renmingshuai <rmsh1216 at 163.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2024-May-14 18:23 UTC
[Bug 3656] How to fix row hammer attacks?
https://bugzilla.mindrot.org/show_bug.cgi?id=3656
Clint.Clayton at dell.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |Clint.Clayton at dell.com
--- Comment #2 from Clint.Clayton at dell.com ---
This bug was set to resolved / fixed.
Was there a fix committed to the git repository?
I couldn't find one in https://anongit.mindrot.org/openssh.git/log
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-May-14 23:16 UTC
[Bug 3656] How to fix row hammer attacks?
https://bugzilla.mindrot.org/show_bug.cgi?id=3656 --- Comment #3 from Damien Miller <djm at mindrot.org> --- No, see comment 1 here -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2024-May-15 01:57 UTC
[Bug 3656] How to fix row hammer attacks?
https://bugzilla.mindrot.org/show_bug.cgi?id=3656
renmingshuai <rmsh1216 at 163.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-May-15 01:58 UTC
[Bug 3656] How to fix row hammer attacks?
https://bugzilla.mindrot.org/show_bug.cgi?id=3656
renmingshuai <rmsh1216 at 163.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|FIXED |WONTFIX
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2024-Dec-02 01:24 UTC
[Bug 3656] How to fix row hammer attacks?
https://bugzilla.mindrot.org/show_bug.cgi?id=3656
bitianyuan <bty at mail.ustc.edu.cn> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bty at mail.ustc.edu.cn
--- Comment #4 from bitianyuan <bty at mail.ustc.edu.cn> ---
Hello, has this bug been fixed?
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Dec-02 07:46 UTC
[Bug 3656] How to fix row hammer attacks?
https://bugzilla.mindrot.org/show_bug.cgi?id=3656 --- Comment #5 from Damien Miller <djm at mindrot.org> --- See comment 1 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
Reasonably Related Threads
- [Bug 3768] New: Whether to add a switch to control whether to enable the hostkeys rotation mechanism.
- [Bug 3531] New: Ssh will not exit when it receives SIGTERM before calling poll in client_wait_until_can_do_something until some events happen.
- [Bug 3693] New: Is SFTP local command execution implemented based on an RFC protocol?
- [Bug 3526] New: Config option AddressFamily has no effect?
- [Bug 3587] New: Would OpenSSH consider adding a switch to hide the specific OpenSSH version number?