Re: ssh-1.2.27 remote buffer overflow - exploitable (VD#7)

[jtb () THEO2 PHYSIK UNI-STUTTGART DE (Jochen Bauer)]

On Tue, Nov 16, 1999 at 11:30:16AM +0100, Oystein Viggen wrote:
> Blue Boar wrote:
>
> > <SNIP>
> > Debian is immune for the (somewhat messy) reasons that they do not link
> > ssh to rsaref, last time that I checked.
> > <SNIP>
>
> Does the fact that the international version of ssh from replay.com uses
> "internal rsaref" instead of the "external rsaref" in the US version make
> it immune to this attack too?
>
> The version is at least not as far as I can see externally linked to any
> rsaref library:
[...]

As the buffer overflow is not located in the rsaref library itself, one
cannot say that a particular version of sshd is vulnerable or not just
because of the libraries it has been linked with. 

The start of all trouble is in rsaglue.c, where a pointer to the fixed
length buffer input_data[MAX_RSA_MODULUS_LEN] in the function
rsa_private_decrypt is passed to gmp_to_rsaref. However, this piece of
code is only compiled in when "RSAREF" is defined during compilation time
(preprocessing time, to be precise), as it first deals with the conversion
of the encrypted session key from multiple precision integer format to 
some kind of format expected by the rsaref library functions before calling 
the actual decryption routine. The overflow then occurs in mpaux.c in the 
function "mp_linearize_msb_first".

If "RSAREF" is not defined because the rsaref library functions are not
used, the function "rsa_private_decrypt" compiled in in this case does not
make use of such a fixed length buffer.   

So, in summary one may say that if a binary is linked with a RSA 
implematation that uses the same interface as rsaref, the 
"rsa_private_decrypt" function which handles the conversion from multiple
precision integer to the "rsaref" format and uses the fixed length buffer
input_data[MAX_RSA_MODULUS_LEN] is compiled in, and therefore i expect
it to be vulnerable.   

--
Jochen Bauer

RUS Security Team (RUS-CERT)                                              
Computer Center of the University of Stuttgart                        
Germany
                                                               
************************************************************************ 
*Email: jtb () theo2 physik uni-stuttgart de                              *
*       jochen.bauer () rus uni-stuttgart de                              *
*                                                                      *
*PGP Public Key:                                                       *
*http://ca.uni-stuttgart.de:11371/pks/lookup?op=index&search=0xB5D92889*
************************************************************************ 

<!-- attachment="bin0a21189" -->
<HR>
<UL>
<LI>application/pgp-signature attachment: stored
</UL>