Merge branch 'develop' into patch-6

Author: manfred-kaiser

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.6.0
+current_version = 0.6.3
 
 [bumpversion:file:snapcraft.yaml]
 

AppImageBuilder.yml

@@ -17,7 +17,7 @@ AppDir:
     id: at.ssh-mitm.server
     name: ssh-mitm
     icon: ssh-mitm
-    version: 0.6.0
+    version: 0.6.3
     # Set the python executable as entry point
     exec: usr/bin/python3
     # Set the application main script path as argument. Use '$@' to forward CLI parameters
@@ -70,4 +70,3 @@ AppImage:
   arch: x86_64
   file_name: ssh-mitm-x86_64.AppImage
   update-information: gh-releases-zsync|ssh-mitm|ssh-mitm|latest|ssh-mitm-x86_64.AppImage.zsync
-  sign-key: None

CHANGELOG.md

@@ -7,6 +7,23 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.6.3] - 2021-11-04
+
+- fixed hostname regex (error in regex)
+
+## [0.6.2] - 2021-11-04
+
+### Fixed
+
+- fixed hostname regex (regex was to strict and not all hostnames were allowed)
+
+## [0.6.1] - 2021-09-21
+
+### Fixed
+
+- missing environment variable in snap file
+- fixed ssh-mitm-audit command
+
 ## [0.6.0] - 2021-09-13
 
 ### Added
@@ -203,7 +220,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - fixed pseudo terminal on exec command
 
-[Unreleased]: https://github.com/ssh-mitm/ssh-mitm/compare/0.6.0...develop
+[Unreleased]: https://github.com/ssh-mitm/ssh-mitm/compare/0.6.3...develop
+[0.6.3]: https://github.com/ssh-mitm/ssh-mitm/compare/0.6.2...0.6.3
+[0.6.2]: https://github.com/ssh-mitm/ssh-mitm/compare/0.6.1...0.6.2
+[0.6.1]: https://github.com/ssh-mitm/ssh-mitm/compare/0.6.0...0.6.1
 [0.6.0]: https://github.com/ssh-mitm/ssh-mitm/compare/0.5.13...0.6.0
 [0.5.13]: https://github.com/ssh-mitm/ssh-mitm/compare/0.5.12...0.5.13
 [0.5.12]: https://github.com/ssh-mitm/ssh-mitm/compare/0.5.11...0.5.12

README.md

@@ -54,21 +54,23 @@ When publickey authentication is possible, a forwarded agent is needed to login
 
 <img src="https://www.ssh-mitm.at/assets/images/streamline-free/monitor-loading-progress.svg" align="left" width="128">
 
-**SSH-MITM** can be installed as a [Ubuntu Snap](https://snapcraft.io/ssh-mitm), [PIP-Package](https://pypi.org/project/ssh-mitm/) or [AppImage](https://github.com/ssh-mitm/ssh-mitm/releases/latest)
+**SSH-MITM** can be installed as a [Ubuntu Snap](https://snapcraft.io/ssh-mitm), [PIP-Package](https://pypi.org/project/ssh-mitm/) or [AppImage](https://github.com/ssh-mitm/ssh-mitm/releases/latest) and even runs on **[Android devices](https://github.com/ssh-mitm/ssh-mitm/discussions/83#discussioncomment-1531873)**
 
     # install ssh-mitm as snap package
     $ sudo snap install ssh-mitm
 
     # install ssh-mitm as python pip package
     $ pip install ssh-mitm
 
+
+
 ## Quickstart
 
 <img src="https://www.ssh-mitm.at/assets/images/streamline-free/programmer-male.svg" align="left" width="128">
 
 To start SSH-MITM, all you have to do is run this command in your terminal of choice.
 
-    $ ssh-mitm --remote-host 192.168.0.x
+    $ ssh-mitm --remote-host 192.168.0.x:PORT
 
 Now let's try to connect. SSH-MITM is listening on port 10022.
 

doc/CVE-2016-20012.rst

@@ -0,0 +1,48 @@
+CVE-2016-20012
+==============
+
+.. raw:: html
+
+    <div class="card card-margin">
+        <div class="card-header no-border">
+            <h5 class="card-title cve-title">CVE-2016-20012</h5>
+        </div>
+        <div class="card-body pt-0">
+            <div class="widget-49">
+                <div class="widget-49-title-wrapper">
+                    <div class="widget-49-date-primary">
+                        <span class="widget-49-date-day">7.4</span>
+                        <span class="widget-49-date-month">CVSS</span>
+                    </div>
+                    <div class="widget-49-meeting-info">
+                        <span class="widget-49-pro-title"><b>Vector:</b> CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N</span>
+                        <span class="widget-49-meeting-time">
+                            <a href="https://nvd.nist.gov/vuln/detail/CVE-2016-20012">https://nvd.nist.gov/vuln/detail/CVE-2016-20012</a>
+                        </span>
+                    </div>
+                </div>
+                <p class="widget-49-meeting-integration">
+                    <i class="fas fa-check"></i> integrated in <a href="https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/authentication.py">SSH-MITM server</a>
+                </p>
+                <p class="widget-49-meeting-text">
+                    OpenSSH through 8.7 allows remote attackers, who have a suspicion that
+                    a certain combination of username and public key is known to an SSH server,
+                    to test whether this suspicion is correct. This occurs because a challenge is
+                    sent only when that combination could be valid for a login session.
+                </p>
+                <span class="widget-49-pro-title"><b>Affected Software:</b></span>
+                <ul class="widget-49-meeting-points">
+                    <li class="widget-49-meeting-item"><b>OpenSSH</b> &lt;=8.7</li>
+                </ul>
+            </div>
+        </div>
+    </div>
+
+
+References
+----------
+
+* https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265
+* https://github.com/openssh/openssh-portable/pull/270
+* https://rushter.com/blog/public-ssh-keys/
+* https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak

doc/CVE-2021-36367.rst

@@ -0,0 +1,58 @@
+CVE-2021-36367
+==============
+
+.. raw:: html
+
+    <div class="card card-margin">
+        <div class="card-header no-border">
+            <h5 class="card-title cve-title">CVE-2021-36367</h5>
+        </div>
+        <div class="card-body pt-0">
+            <div class="widget-49">
+                <div class="widget-49-title-wrapper">
+                    <div class="widget-49-date-primary">
+                        <span class="widget-49-date-day">8.1</span>
+                        <span class="widget-49-date-month">CVSS</span>
+                    </div>
+                    <div class="widget-49-meeting-info">
+                        <span class="widget-49-pro-title"><b>Vector:</b> CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N</span>
+                        <span class="widget-49-meeting-time">
+                            <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-36367">https://nvd.nist.gov/vuln/detail/CVE-2021-36367</a>
+                        </span>
+                    </div>
+                </div>
+                <p class="widget-49-meeting-integration">
+                    <i class="fas fa-check"></i> integrated in SSH-MITM server
+                </p>
+                <p class="widget-49-meeting-text">
+                    <b>Note: MITRE's description is wrong. Please read note bellow.</b></br>
+                    PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response.
+                    This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt
+                    (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).
+                </p>
+                <span class="widget-49-pro-title"><b>Affected Software:</b></span>
+                <ul class="widget-49-meeting-points">
+                    <li class="widget-49-meeting-item"><b>PuTTY</b> &lt; 0.71</li>
+                </ul>
+            </div>
+        </div>
+    </div>
+
+.. note::
+
+    **Comment from Simon Tatham:**
+
+    CVE-2021-36367 refers to this new option as a fix for a vulnerability, and describes the vulnerability
+    as "PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive
+    authentication response". With respect to the author of that text, we consider that to be misleading.
+    It is perfectly legal for the server to waive authentication, and actually useful in some legitimate use cases;
+    it is perfectly legal for PuTTY to proceed with the connection regardless; and the trust sigil system introduced
+    in 0.71 already defends against every spoofing attack we know of that a server could attempt by doing this unexpectedly.
+    This new option is a UI improvement, but not in and of itself a vital vulnerability fix.
+
+
+References
+----------
+
+* https://git.tartarus.org/?p=simon/putty.git;a=commit;h=1dc5659aa62848f0aeb5de7bd3839fecc7debefa
+* https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

doc/CVE-2021-36368.rst

@@ -0,0 +1,36 @@
+CVE-2021-36368
+==============
+
+.. raw:: html
+
+    <div class="card card-margin">
+        <div class="card-header no-border">
+            <h5 class="card-title cve-title">CVE-2021-36368</h5>
+        </div>
+        <div class="card-body pt-0">
+            <div class="widget-49">
+                <div class="widget-49-title-wrapper">
+                    <div class="widget-49-date-primary">
+                        <span class="widget-49-date-day">N/A</span>
+                        <span class="widget-49-date-month">CVSS</span>
+                    </div>
+                    <div class="widget-49-meeting-info">
+                        <span class="widget-49-pro-title"><b>Vector:</b> N/A</span>
+                        <span class="widget-49-meeting-time">
+                            <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-36368">https://nvd.nist.gov/vuln/detail/CVE-2021-36368</a>
+                        </span>
+                    </div>
+                </div>
+                <p class="widget-49-meeting-integration">
+                    <i class="fas fa-check"></i> integrated in SSH-MITM server
+                </p>
+                <p class="widget-49-meeting-text">
+                    This CVE is marked as reserved.
+                </p>
+                <span class="widget-49-pro-title"><b>Affected Software:</b></span>
+                <ul class="widget-49-meeting-points">
+                    <li class="widget-49-meeting-item"><b>OpenSSHH</b> &lt;= 8.7</li>
+                </ul>
+            </div>
+        </div>
+    </div>

doc/CVE-2021-36369.rst

@@ -0,0 +1,36 @@
+CVE-2021-36369
+==============
+
+.. raw:: html
+
+    <div class="card card-margin">
+        <div class="card-header no-border">
+            <h5 class="card-title cve-title">CVE-2021-36369</h5>
+        </div>
+        <div class="card-body pt-0">
+            <div class="widget-49">
+                <div class="widget-49-title-wrapper">
+                    <div class="widget-49-date-primary">
+                        <span class="widget-49-date-day">N/A</span>
+                        <span class="widget-49-date-month">CVSS</span>
+                    </div>
+                    <div class="widget-49-meeting-info">
+                        <span class="widget-49-pro-title"><b>Vector:</b> N/A</span>
+                        <span class="widget-49-meeting-time">
+                            <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-36369">https://nvd.nist.gov/vuln/detail/CVE-2021-36369</a>
+                        </span>
+                    </div>
+                </div>
+                <p class="widget-49-meeting-integration">
+                    <i class="fas fa-check"></i> integrated in SSH-MITM server
+                </p>
+                <p class="widget-49-meeting-text">
+                    This CVE is marked as reserved.
+                </p>
+                <span class="widget-49-pro-title"><b>Affected Software:</b></span>
+                <ul class="widget-49-meeting-points">
+                    <li class="widget-49-meeting-item"><b>Dropbear</b> &lt;= 2020.81</li>
+                </ul>
+            </div>
+        </div>
+    </div>