Privilege escalation vulnerability detected on ssh

Post Reply
joelnet
Posts: 23
Joined: Thu Mar 19, 2015 5:16 am
languages_spoken: english
ODROIDs: C1
Contact:

Privilege escalation vulnerability detected on ssh

Unread post by joelnet » Fri Feb 08, 2019 1:02 pm

I installed Bitdefender Home Scanner on a Windows machine I have. It listed my Odroid-c1 as POTENTIALLY AT RISK.

The vulnerabilities listed are:
* HIGH - Privilege escalation vulnerability detected on ssh
* HIGH - Denial of Service vulnerability detected on ssh
* MEDIUM - Vulnerability detected on ssh
* MEDIUM - Sensitive data access vulnerability detected on ssh

No other useful details are provided.

Ubuntu 16.04 (minimal)
Linux odroid 3.10.107-192 #1 SMP PREEMPT Mon Feb 12 04:14:36 UTC 2018 armv7l armv7l armv7l GNU/Linux
3.10.107-192 #1 SMP PREEMPT Mon Feb 12 04:14:36 UTC 2018

I followed the directions here to update: https://wiki.odroid.com/odroid-c1/os_images/ubuntu/v2.2

User avatar
rooted
Posts: 6435
Joined: Fri Dec 19, 2014 9:12 am
languages_spoken: english
Location: Gulf of Mexico, US
Contact:

Re: Privilege escalation vulnerability detected on ssh

Unread post by rooted » Fri Feb 08, 2019 1:45 pm

This is not Odroid specific, it's just the version of ssh on Ubuntu.

Thanks for the information though.

User avatar
mad_ady
Posts: 5398
Joined: Wed Jul 15, 2015 5:00 pm
languages_spoken: english
ODROIDs: XU4, C1+, C2, N1, H2, N2
Location: Bucharest, Romania
Contact:

Re: Privilege escalation vulnerability detected on ssh

Unread post by mad_ady » Fri Feb 08, 2019 4:01 pm

Some CVE numbers would have helped. Try running sudo apt-get dist-upgrade

joelnet
Posts: 23
Joined: Thu Mar 19, 2015 5:16 am
languages_spoken: english
ODROIDs: C1
Contact:

Re: Privilege escalation vulnerability detected on ssh

Unread post by joelnet » Fri Feb 08, 2019 4:07 pm

rooted wrote:
Fri Feb 08, 2019 1:45 pm
This is not Odroid specific, it's just the version of ssh on Ubuntu.
I installed openssh-server on another desktop to check this. Also had the same issues.

What is an alternative?

joelnet
Posts: 23
Joined: Thu Mar 19, 2015 5:16 am
languages_spoken: english
ODROIDs: C1
Contact:

Re: Privilege escalation vulnerability detected on ssh

Unread post by joelnet » Fri Feb 08, 2019 4:08 pm

mad_ady wrote:
Fri Feb 08, 2019 4:01 pm
Some CVE numbers would have helped. Try running sudo apt-get dist-upgrade
Ya I agree. The Bitdefender Home Scanner doesn't provide these. I wonder what it is detecting as a vulnerability.

No changes with sudo apt-get dist-upgrade

User avatar
mad_ady
Posts: 5398
Joined: Wed Jul 15, 2015 5:00 pm
languages_spoken: english
ODROIDs: XU4, C1+, C2, N1, H2, N2
Location: Bucharest, Romania
Contact:

Re: Privilege escalation vulnerability detected on ssh

Unread post by mad_ady » Fri Feb 08, 2019 4:18 pm

Well, nessus is an industry standard when it comes to vulnerability detection. You may want to give it a try. It should give you a detailed report, though I'm not sure if it can work unlicensed.

The fis should come from canonical, but if upstream openssh is fixed and ubuntu's isn't, you can recompile the upstream version yourself.

It may be worth it if you're running the odroid in a security hardened environment. If it's just your lan, the risks should be low.

joelnet
Posts: 23
Joined: Thu Mar 19, 2015 5:16 am
languages_spoken: english
ODROIDs: C1
Contact:

Re: Privilege escalation vulnerability detected on ssh

Unread post by joelnet » Fri Feb 08, 2019 4:28 pm

mad_ady wrote:
Fri Feb 08, 2019 4:18 pm
Well, nessus is an industry standard when it comes to vulnerability detection. You may want to give it a try. It should give you a detailed report, though I'm not sure if it can work unlicensed.
I'm just scanning my home network. So I am looking for something in the free category.
mad_ady wrote:
Fri Feb 08, 2019 4:18 pm
If it's just your lan, the risks should be low.
It is on my home network, but I have this port exposed to the internet, so it's a potential entry point into my home network.

User avatar
meveric
Posts: 9761
Joined: Mon Feb 25, 2013 2:41 pm
languages_spoken: german, english
ODROIDs: X2, U2, U3, XU-Lite, XU3, XU3-Lite, C1, XU4, C2, C1+, XU4Q, HC1, N1, Go
Contact:

Re: Privilege escalation vulnerability detected on ssh

Unread post by meveric » Fri Feb 08, 2019 6:00 pm

Today there was an security update for SSH on Ubuntu 16.04. so maybe these issues have been fixed with that.

Code: Select all

openssh (1:7.2p2-4ubuntu2.7) xenial-security; urgency=medium

  * SECURITY UPDATE: access restrictions bypass in scp
    - debian/patches/CVE-2018-20685.patch: disallow empty filenames
      or ones that refer to the current directory in scp.c.
    - CVE-2018-20685
  * SECURITY UPDATE: scp client spoofing via object name
    - debian/patches/CVE-2019-6109.patch: make sure the filenames match
      the wildcard specified by the user, and add new flag to relax the new
      restrictions in scp.c, scp.1.
    - CVE-2019-6109
  * SECURITY UPDATE: scp client missing received object name validation
    - debian/patches/CVE-2019-6111-pre1.patch: backport snmprintf from
      newer OpenSSH in Makefile.in, utf8.c, utf8.h, configure.ac.
    - debian/patches/CVE-2019-6111-pre2.patch: update vis.h and vis.c from
      newer OpenSSH.
    - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
      snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
      scp.c, sftp-client.c.
    - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
      progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
    - CVE-2019-6111

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 31 Jan 2019 09:03:12 -0500
Also, some scanners only compare "versions" and known security issues in a version of an application, means that openssh 7.2p2 may have known issues which are listed by Bitdefender, while Ubuntu currently uses 7.2p2-4ubuntu2.7 which has several security patches applied but still openssh advertises it's version as 7.2p2.
Not sure if that's the case with BitDefender, but it's a cheap and easy way to check for security issues, rather than actually probing for the issue itself (which may take HOURS to confirm).
Donate to support my work on the ODROID GameStation Turbo Image for U2/U3 XU3/XU4 X2 X C1 as well as many other releases.
Check out the Games and Emulators section to find some of my work or check the files in my repository to find the software i build for ODROIDs.
If you want to add my repository to your image read my HOWTO integrate my repo into your image.

User avatar
mad_ady
Posts: 5398
Joined: Wed Jul 15, 2015 5:00 pm
languages_spoken: english
ODROIDs: XU4, C1+, C2, N1, H2, N2
Location: Bucharest, Romania
Contact:

Re: Privilege escalation vulnerability detected on ssh

Unread post by mad_ady » Fri Feb 08, 2019 6:43 pm

The scp issue still needed a valid (unprivileged account) on the system to exploit. But glad fixes were pushed.

joelnet
Posts: 23
Joined: Thu Mar 19, 2015 5:16 am
languages_spoken: english
ODROIDs: C1
Contact:

Re: Privilege escalation vulnerability detected on ssh

Unread post by joelnet » Tue Feb 12, 2019 6:26 am


User avatar
meveric
Posts: 9761
Joined: Mon Feb 25, 2013 2:41 pm
languages_spoken: german, english
ODROIDs: X2, U2, U3, XU-Lite, XU3, XU3-Lite, C1, XU4, C2, C1+, XU4Q, HC1, N1, Go
Contact:

Re: Privilege escalation vulnerability detected on ssh

Unread post by meveric » Tue Feb 12, 2019 4:26 pm

joelnet wrote:
Tue Feb 12, 2019 6:26 am
It is my guess that this issue is due to: Vulnerability Scanners returning false positives due to backporting
Which is exactly what I said ;)
Donate to support my work on the ODROID GameStation Turbo Image for U2/U3 XU3/XU4 X2 X C1 as well as many other releases.
Check out the Games and Emulators section to find some of my work or check the files in my repository to find the software i build for ODROIDs.
If you want to add my repository to your image read my HOWTO integrate my repo into your image.

joelnet
Posts: 23
Joined: Thu Mar 19, 2015 5:16 am
languages_spoken: english
ODROIDs: C1
Contact:

Re: Privilege escalation vulnerability detected on ssh

Unread post by joelnet » Wed Feb 13, 2019 8:04 am

meveric wrote:
Tue Feb 12, 2019 4:26 pm
joelnet wrote:
Tue Feb 12, 2019 6:26 am
It is my guess that this issue is due to: Vulnerability Scanners returning false positives due to backporting
Which is exactly what I said ;)
Just agreeing with you :)

Post Reply

Return to “Issues”

Who is online

Users browsing this forum: No registered users and 2 guests