From nobody Tue Apr 16 06:39:51 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VJZCW33SNz5HwbY; Tue, 16 Apr 2024 06:39:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VJZCW2bWzz4l37; Tue, 16 Apr 2024 06:39:51 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1713249591; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RCtKI+GkQhIIcJNdJTkb4Hx5S1j7Djpf+Mcxukw0r0U=; b=yh4acgHEkPV24cVoWjTZbOH9VJSuCI1aDMzYBmHkwDhgmvmNq9bcgE0CJWGnMxP+w4mhuO SivIoMk+/SEd4ASdyTYZCst5lD5yJJtCPf4+uUFKOKr1BpV82n/GcdruTlfBo9WaZ12YJc ioNQTwunOM8ibVztN4rUI3tnEa3/cRUgeMEBUVPIsbB58iRzWtK9NOzAJO1L5iVl0+LZ1Z C22FJ6o8jwkL45a4XtONh+no+gUpKpAXDviR9dVUJj6NYJmpDgODlDDouqISKk/UdCCFqY +19A08G82sOcI5wVgEGYTfnH9YMC5Wc8jsmVfEY457+kru//J3pV2Vj/w/FR6A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1713249591; a=rsa-sha256; cv=none; b=XTByBkdHzfRPOolfatDeVRAEOut7tXOqOTbruOK5oTv3l3TmRJ+pew80wk+klmASSb0OM3 HGM5la6IfdJ4gaACe2piCNcshLzU9HhlfqgXdi1216NaxpomKGHgKm1ypL2hX07bgn94Cd cDCRYnIs8F4ZvVxMWjym9ohNJxoJwL0bLliEPTxIcZ3HEQsN4g/X2aCfeoxJSrfol+vgWX IRzP/QF0et2e5FsMhkb9zIqSeVXO8SBvu/gR+9zXLsVpX9GJLm8DjA5uORcqAjLhx+AuVK Q8iJNt4MjbbjOMDjoO5JLgTNz5Q/cmHzYboYiWxDkDxmeq89kn915YoZXWRjTg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1713249591; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RCtKI+GkQhIIcJNdJTkb4Hx5S1j7Djpf+Mcxukw0r0U=; b=dFSlTnjoNA3zK859EalWv4l2T0gkrDg2aSWfg5WXZupII0dhb38/cycRpaUojOAXzcw3Cg REXospxUnBm+YebjDsoVPIJWUX7rG9wc/mo2yiQIPOAm5tQdDyqI7kP3nYwkDwyKH5dwKr NbIgovsN8+FiVftqNmzE9qCG1TjTXPakMet+DQXNJGAyTHbhU7oz0KL3lNp2jjEzLCZ09/ LGKzqf7mD9bbOuPw19/rgM7NdFy63AzkKWDXsbJeaZFKgOsmrmvvw9Dsn00xvCTZTl8Yfa suh1PM1Zd4/2s4IdR05YGWESbhPT68rCY4JFrfrmFMPFGCSdfbxhiaf8ZnJeqg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VJZCW2BrDzY2w; Tue, 16 Apr 2024 06:39:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 43G6dp1G046251; Tue, 16 Apr 2024 06:39:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 43G6dpEA046248; Tue, 16 Apr 2024 06:39:51 GMT (envelope-from git) Date: Tue, 16 Apr 2024 06:39:51 GMT Message-Id: <202404160639.43G6dpEA046248@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Matthias Andree Subject: git: be65d14cbffe - main - security/vuxml: document PuTTY/FileZilla NIST P521 private key recovery List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mandree X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: be65d14cbffe5c0a135e330a8544831057b7e7cd Auto-Submitted: auto-generated The branch main has been updated by mandree: URL: https://cgit.FreeBSD.org/ports/commit/?id=be65d14cbffe5c0a135e330a8544831057b7e7cd commit be65d14cbffe5c0a135e330a8544831057b7e7cd Author: Matthias Andree AuthorDate: 2024-04-16 06:38:21 +0000 Commit: Matthias Andree CommitDate: 2024-04-16 06:38:49 +0000 security/vuxml: document PuTTY/FileZilla NIST P521 private key recovery Security: 080936ba-fbb7-11ee-abc8-6960f2492b1d Security: CVE-2024-31497 --- security/vuxml/vuln/2024.xml | 63 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 3998dd2adcff..b9a1df0e5a5f 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -75,6 +75,69 @@ + + PuTTY and embedders (f.i., filezilla) -- biased RNG with NIST P521/ecdsa-sha2-nistp521 signatures permits recovering private key + + + putty + 0.680.81 + + + putty-nogtk + 0.680.81 + + + filezilla + 3.67.0 + + + + +

Simon Tatham reports:

+
+

ECDSA signatures using 521-bit keys (the NIST P521 curve, + otherwise known as ecdsa-sha2-nistp521) were generated with biased + random numbers. This permits an attacker in possession of a few + dozen signatures to RECOVER THE PRIVATE KEY.

+

Any 521-bit ECDSA private key that PuTTY or Pageant has used to + sign anything should be considered compromised.

+

Additionally, if you have any 521-bit ECDSA private keys that + you've used with PuTTY, you should consider them to be + compromised: generate new keys, and remove the old public keys + from any authorized_keys files.

+
+
+

+ A second, independent scenario is that the adversary is an operator + of an SSH server to which the victim authenticates (for remote login + or file copy), [...] and the victim uses the same private key for + SSH connections to other services operated by other entities. Here, + the rogue server operator (who would otherwise have no way to + determine the victim's private key) can derive the victim's private + key, and then use it for unauthorized access to those other + services. If the other services include Git services, then again it + may be possible to conduct supply-chain attacks on software + maintained in Git. This also affects, for example, FileZilla before + 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and + TortoiseSVN through 1.14.6. +

+
+ +
+ + CVE-2024-31497 + https://lists.tartarus.org/pipermail/putty-announce/2024/000038.html + https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html + https://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27&p=simon/putty.git + https://filezilla-project.org/versions.php + https://nvd.nist.gov/vuln/detail/CVE-2024-31497 + + + 2024-04-01 + 2024-04-16 + +
+ electron{27,28} -- Out of bounds memory access in V8