bugzilla-daemon at mindrot.org
2024-May-28 03:14 UTC
[Bug 3694] New: Which patch fixes the CanonicalizeHostname vulnerability?
https://bugzilla.mindrot.org/show_bug.cgi?id=3694
Bug ID: 3694
Summary: Which patch fixes the CanonicalizeHostname
vulnerability?
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: rmsh1216 at 163.com
As it is written in the
security(https://www.openssh.com/security.html):
February 2, 2023
ssh(1) in OpenSSH between and 6.5 and 9.1 (inclusive).
ssh(1) failed to check DNS names returned from libc for validity.
If the CanonicalizeHostname and CanonicalizePermittedCNAMEs options
were enabled, and the system/libc resolver did not check that names in
DNS responses were valid, then use of these options could allow an
attacker with control of DNS to include invalid characters (possibly
including wildcards) in names added to known_hosts files when they were
updated. These names would still have to match the
CanonicalizePermittedCNAMEs allow-list, so practical exploitation
appears unlikely.
This bug is corrected in OpenSSH 9.2.
But I do not find the fix patch, please let me know, thanks a lot.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-May-28 08:10 UTC
[Bug 3694] Which patch fixes the CanonicalizeHostname vulnerability?
https://bugzilla.mindrot.org/show_bug.cgi?id=3694
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
It's this one:
https://github.com/openssh/openssh-portable/commit/445363433ba20b8a3e655
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.