openssh bugs - Jan 2025 - [Bug 3771] New: Will future versions of openssh provide DDoS attack defense for the DH algorithm?:CVE-2024-41996

https://bugzilla.mindrot.org/show_bug.cgi?id=3771

            Bug ID: 3771
           Summary: Will future versions of openssh provide DDoS attack
                    defense for the DH algorithm?:CVE-2024-41996
           Product: Portable OpenSSH
           Version: 9.9p1
          Hardware: Other
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: bty at mail.ustc.edu.cn

CVE-2024-41996:
Validating the order of the public keys in the Diffie-Hellman Key
Agreement Protocol, when an approved safe prime is used, allows remote
attackers (from the client side) to trigger unnecessarily expensive
server-side DHE modular-exponentiation calculations. The client may
cause asymmetric resource consumption. The basic attack scenario is
that the client must claim that it can only communicate with DHE, and
the server must be configured to allow DHE and validate the order of
the public key.

Historically, there have also been some implementation flaws can
seriously affect the effectiveness of the D(HE)at attack, such as
CVE-2002-20001,CVE-2022-40735.

What will openssh do to avoid dheater?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3771

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net

--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
The "noauth" penalty class in PerSourcePenalties should cover this
class of behaviour:
https://man.openbsd.org/sshd_config.5#PerSourcePenalties

The default penalty is 1 second, but you can increase it as desired.

PerSourcePenalties was introduced in OpenSSH 9.8.

Note that the Diffie-Helman algorithms have also been removed from the
default algorithm set in the development tree:
https://github.com/openssh/openssh-portable/commit/0051381a8c33740a77a1eca6859efa1c78887d80

This change has not yet made it into a released version, but will be in
the next major (ie 10.0) release.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.