Bug 920167 - (CVE-2015-2157) VUL-0: CVE-2015-2157: PuTTY fails to clear private key information from memory
(CVE-2015-2157)
VUL-0: CVE-2015-2157: PuTTY fails to clear private key information from memory
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 13.1
: P3 - Medium : Normal
: ---
Assigned To: Jan Engelhardt
Security Team bot
https://smash.suse.de/issue/114353/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-03-02 09:35 UTC by Marcus Meissner
Modified: 2015-03-11 12:10 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2015-03-02 09:35:17 UTC
CVE-2015-2157

 CVE Request: PuTTY fails to clear private key information from memory 


 summary: Failure to scrub private keys from memory after use
class: vulnerability: This is a security vulnerability.
difficulty: fun: Just needs tuits, and not many of them.
priority: high: This should be fixed in the next release.
present-in: 0.63
fixed-in: 0.64

When PuTTY has sensitive data in memory and has no further need for it, it should wipe the data out of its memory, in case malware later gains access to the PuTTY process or the memory is swapped out to disk or written into a crash dump file. An obvious example of this is the password typed during SSH login; other examples include obsolete session keys, public-key passphrases, and the private halves of public keys.

PuTTY 0.63 and earlier versions, after loading a private key from a disk file, mistakenly leak a memory buffer containing a copy of the private key, in the function ssh2_load_userkey. The companion function ssh2_save_userkey (only called by PuTTYgen) can also leak a copy, but only in the case where the file it tried to save to could not be created.

This applies to SSH-2 private keys only. It affects all tools in the PuTTY suite which load or save private keys: PuTTY, Plink, PSCP, PSFTP, Pageant and PuTTYgen. If any of those programs loads a private key directly (rather than getting a signature from an SSH agent such as Pageant) then they will have left information equivalent to the private key in memory for their entire run.

(Of course, in Pageant's case, its job is to retain decrypted private keys in memory, so this may not be so important. However, if you ever told Pageant to delete a key from memory, it would not have properly deleted it: it would still have retained a copy by mistake due to this bug.)

PuTTY 0.64 fixes this bug in all the tools.

However, it is still unavoidably very dangerous if malicious software is in a position to read the memory of your PuTTY processes: there is still a lot of sensitive data in there which cannot be wiped because it's still being used, e.g. session keys. And, as mentioned above, Pageant retains decrypted private keys in memory for long periods on purpose if you use it. So this fix somewhat mitigates the risks of malicious access to your PuTTY processes' memory, but no fix can eliminate those risks completely.

This issue is distinct from private-key-not-wiped, which was in a different part of the code and was fixed in 0.63.

This bug has been assigned CVE ID CVE-2015-2157.

Thanks to Patrick Coleman for spotting this issue and sending a patch.

Audit trail for this vulnerability. 

References:
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html

http://seclists.org/oss-sec/2015/q1/712
Comment 1 Bernhard Wiedemann 2015-03-02 23:00:08 UTC
This is an autogenerated message for OBS integration:
This bug (920167) was mentioned in
https://build.opensuse.org/request/show/288581 13.2 / putty
https://build.opensuse.org/request/show/288582 13.1 / putty
Comment 2 Swamp Workflow Management 2015-03-02 23:00:23 UTC
bugbot adjusting priority
Comment 3 Marcus Meissner 2015-03-11 11:53:46 UTC
released

did you fix factory too?
Comment 4 Jan Engelhardt 2015-03-11 11:57:01 UTC
Yes, Factory has received 0.64 too.
Comment 5 Swamp Workflow Management 2015-03-11 12:05:39 UTC
openSUSE-SU-2015:0474-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 920167
CVE References: CVE-2015-2157
Sources used:
openSUSE 13.2 (src):    putty-0.64-4.4.1
openSUSE 13.1 (src):    putty-0.64-2.4.1
Comment 6 Andreas Stieger 2015-03-11 12:10:30 UTC
released