Skip to content

Commit 75fb932

Browse files
manfred-kaisermanfred-kaiser
committed
updated vulnerabilities
1 parent 7a7014d commit 75fb932

File tree

7 files changed

+232
-7
lines changed

7 files changed

+232
-7
lines changed

doc/CVE-2016-20012.rst

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
CVE-2016-20012
2+
==============
3+
4+
.. raw:: html
5+
6+
<div class="card card-margin">
7+
<div class="card-header no-border">
8+
<h5 class="card-title cve-title">CVE-2016-20012</h5>
9+
</div>
10+
<div class="card-body pt-0">
11+
<div class="widget-49">
12+
<div class="widget-49-title-wrapper">
13+
<div class="widget-49-date-primary">
14+
<span class="widget-49-date-day">7.4</span>
15+
<span class="widget-49-date-month">CVSS</span>
16+
</div>
17+
<div class="widget-49-meeting-info">
18+
<span class="widget-49-pro-title"><b>Vector:</b> CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N</span>
19+
<span class="widget-49-meeting-time">
20+
<a href="https://nvd.nist.gov/vuln/detail/CVE-2016-20012">https://nvd.nist.gov/vuln/detail/CVE-2016-20012</a>
21+
</span>
22+
</div>
23+
</div>
24+
<p class="widget-49-meeting-integration">
25+
<i class="fas fa-check"></i> integrated in <a href="https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/authentication.py">SSH-MITM server</a>
26+
</p>
27+
<p class="widget-49-meeting-text">
28+
OpenSSH through 8.7 allows remote attackers, who have a suspicion that
29+
a certain combination of username and public key is known to an SSH server,
30+
to test whether this suspicion is correct. This occurs because a challenge is
31+
sent only when that combination could be valid for a login session.
32+
</p>
33+
<span class="widget-49-pro-title"><b>Affected Software:</b></span>
34+
<ul class="widget-49-meeting-points">
35+
<li class="widget-49-meeting-item"><b>OpenSSH</b> &lt;=8.7</li>
36+
</ul>
37+
</div>
38+
</div>
39+
</div>
40+
41+
42+
References
43+
----------
44+
45+
* https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265
46+
* https://github.com/openssh/openssh-portable/pull/270
47+
* https://rushter.com/blog/public-ssh-keys/
48+
* https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak

doc/CVE-2021-36367.rst

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,58 @@
1+
CVE-2021-36367
2+
==============
3+
4+
.. raw:: html
5+
6+
<div class="card card-margin">
7+
<div class="card-header no-border">
8+
<h5 class="card-title cve-title">CVE-2021-36367</h5>
9+
</div>
10+
<div class="card-body pt-0">
11+
<div class="widget-49">
12+
<div class="widget-49-title-wrapper">
13+
<div class="widget-49-date-primary">
14+
<span class="widget-49-date-day">8.1</span>
15+
<span class="widget-49-date-month">CVSS</span>
16+
</div>
17+
<div class="widget-49-meeting-info">
18+
<span class="widget-49-pro-title"><b>Vector:</b> CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N</span>
19+
<span class="widget-49-meeting-time">
20+
<a href="https://nvd.nist.gov/vuln/detail/CVE-2021-36367">https://nvd.nist.gov/vuln/detail/CVE-2021-36367</a>
21+
</span>
22+
</div>
23+
</div>
24+
<p class="widget-49-meeting-integration">
25+
<i class="fas fa-check"></i> integrated in SSH-MITM server
26+
</p>
27+
<p class="widget-49-meeting-text">
28+
<b>Note: MITRE's description is wrong. Please read note bellow.</b></br>
29+
PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response.
30+
This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt
31+
(that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).
32+
</p>
33+
<span class="widget-49-pro-title"><b>Affected Software:</b></span>
34+
<ul class="widget-49-meeting-points">
35+
<li class="widget-49-meeting-item"><b>PuTTY</b> &lt; 0.71</li>
36+
</ul>
37+
</div>
38+
</div>
39+
</div>
40+
41+
.. note::
42+
43+
**Comment from Simon Tatham:**
44+
45+
CVE-2021-36367 refers to this new option as a fix for a vulnerability, and describes the vulnerability
46+
as "PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive
47+
authentication response". With respect to the author of that text, we consider that to be misleading.
48+
It is perfectly legal for the server to waive authentication, and actually useful in some legitimate use cases;
49+
it is perfectly legal for PuTTY to proceed with the connection regardless; and the trust sigil system introduced
50+
in 0.71 already defends against every spoofing attack we know of that a server could attempt by doing this unexpectedly.
51+
This new option is a UI improvement, but not in and of itself a vital vulnerability fix.
52+
53+
54+
References
55+
----------
56+
57+
* https://git.tartarus.org/?p=simon/putty.git;a=commit;h=1dc5659aa62848f0aeb5de7bd3839fecc7debefa
58+
* https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

doc/CVE-2021-36368.rst

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
CVE-2021-36368
2+
==============
3+
4+
.. raw:: html
5+
6+
<div class="card card-margin">
7+
<div class="card-header no-border">
8+
<h5 class="card-title cve-title">CVE-2021-36368</h5>
9+
</div>
10+
<div class="card-body pt-0">
11+
<div class="widget-49">
12+
<div class="widget-49-title-wrapper">
13+
<div class="widget-49-date-primary">
14+
<span class="widget-49-date-day">N/A</span>
15+
<span class="widget-49-date-month">CVSS</span>
16+
</div>
17+
<div class="widget-49-meeting-info">
18+
<span class="widget-49-pro-title"><b>Vector:</b> N/A</span>
19+
<span class="widget-49-meeting-time">
20+
<a href="https://nvd.nist.gov/vuln/detail/CVE-2021-36368">https://nvd.nist.gov/vuln/detail/CVE-2021-36368</a>
21+
</span>
22+
</div>
23+
</div>
24+
<p class="widget-49-meeting-integration">
25+
<i class="fas fa-check"></i> integrated in SSH-MITM server
26+
</p>
27+
<p class="widget-49-meeting-text">
28+
This CVE is marked as reserved.
29+
</p>
30+
<span class="widget-49-pro-title"><b>Affected Software:</b></span>
31+
<ul class="widget-49-meeting-points">
32+
<li class="widget-49-meeting-item"><b>OpenSSHH</b> &lt;= 8.7</li>
33+
</ul>
34+
</div>
35+
</div>
36+
</div>

doc/CVE-2021-36369.rst

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
CVE-2021-36369
2+
==============
3+
4+
.. raw:: html
5+
6+
<div class="card card-margin">
7+
<div class="card-header no-border">
8+
<h5 class="card-title cve-title">CVE-2021-36369</h5>
9+
</div>
10+
<div class="card-body pt-0">
11+
<div class="widget-49">
12+
<div class="widget-49-title-wrapper">
13+
<div class="widget-49-date-primary">
14+
<span class="widget-49-date-day">N/A</span>
15+
<span class="widget-49-date-month">CVSS</span>
16+
</div>
17+
<div class="widget-49-meeting-info">
18+
<span class="widget-49-pro-title"><b>Vector:</b> N/A</span>
19+
<span class="widget-49-meeting-time">
20+
<a href="https://nvd.nist.gov/vuln/detail/CVE-2021-36369">https://nvd.nist.gov/vuln/detail/CVE-2021-36369</a>
21+
</span>
22+
</div>
23+
</div>
24+
<p class="widget-49-meeting-integration">
25+
<i class="fas fa-check"></i> integrated in SSH-MITM server
26+
</p>
27+
<p class="widget-49-meeting-text">
28+
This CVE is marked as reserved.
29+
</p>
30+
<span class="widget-49-pro-title"><b>Affected Software:</b></span>
31+
<ul class="widget-49-meeting-points">
32+
<li class="widget-49-meeting-item"><b>Dropbear</b> &lt;= 2020.81</li>
33+
</ul>
34+
</div>
35+
</div>
36+
</div>

doc/_templates/includes/sidebar.html

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
</div>
1313

1414
{% block menu %}
15-
{% set theTocTree = toctree(maxdepth=2)
15+
{% set theTocTree = toctree(maxdepth=1)
1616
| replace('<p class="caption"><span class="caption-text">Contents:</span></p>', "")
1717
| replace("toctree-l1", "toctree-l1 toctree-item") %}
1818
{{theTocTree}}

doc/ssh_vulnerabilities.rst

Lines changed: 37 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -2,21 +2,52 @@ SSH Vurnabilities
22
===================
33

44

5-
65
.. toctree::
76
:maxdepth: 1
8-
:caption: CVE List
7+
:caption: OpenSSH
98

10-
CVE-2021-36370
11-
CVE-2021-33500
9+
CVE-2016-20012
10+
CVE-2021-36368
1211
CVE-2021-28041
1312
CVE-2020-15778
1413
CVE-2020-14145
15-
CVE-2020-14002
1614
CVE-2019-6111
1715
CVE-2019-6110
1816
CVE-2019-6109
1917
CVE-2018-20685
2018
CVE-2018-15919
21-
CVE-2018-15599
2219
CVE-2018-15473
20+
21+
22+
.. toctree::
23+
:maxdepth: 1
24+
:caption: PuTTY
25+
26+
CVE-2021-36367
27+
CVE-2021-33500
28+
CVE-2020-14002
29+
30+
31+
.. toctree::
32+
:maxdepth: 1
33+
:caption: Dropbear
34+
35+
CVE-2021-36369
36+
CVE-2018-15599
37+
38+
39+
.. toctree::
40+
:maxdepth: 1
41+
:caption: WinSCP
42+
43+
CVE-2019-6111
44+
CVE-2019-6110
45+
CVE-2019-6109
46+
CVE-2018-20685
47+
48+
49+
.. toctree::
50+
:maxdepth: 1
51+
:caption: Midnight Commander
52+
53+
CVE-2021-36370

ssh_proxy_server/data/client_vulnerabilities.yml

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,8 @@
11
putty_release:
2+
CVE-2021-36367:
3+
version_max: 0.71
4+
cvss: N/A
5+
docs: true
26
CVE-2021-33500:
37
version_min:
48
version_max: 0.74
@@ -10,6 +14,14 @@ putty_release:
1014
cvss: 4.3
1115
docs: true
1216
openssh:
17+
CVE-2016-20012:
18+
version_max: 8.7
19+
cvss: N/A
20+
docs: true
21+
CVE-2021-36368:
22+
version_max: 8.7
23+
cvss: N/A
24+
docs: true
1325
CVE-2021-28041:
1426
version_min: 8.2
1527
version_max: 8.4
@@ -76,6 +88,10 @@ openssh:
7688
version_max: 7.3
7789
cvss: 7.5
7890
dropbear:
91+
CVE-2021-36369:
92+
version_max: 2020.81
93+
cvss: N/A
94+
docs: true
7995
CVE-2018-15599:
8096
version_max: 2018.76
8197
cvss: 5.0

0 commit comments

Comments
 (0)