Merge branch 'develop'

Author: manfred-kaiser

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.6.0
+current_version = 0.6.1
 
 [bumpversion:file:snapcraft.yaml]
 

AppImageBuilder.yml

@@ -17,7 +17,7 @@ AppDir:
     id: at.ssh-mitm.server
     name: ssh-mitm
     icon: ssh-mitm
-    version: 0.6.0
+    version: 0.6.1
     # Set the python executable as entry point
     exec: usr/bin/python3
     # Set the application main script path as argument. Use '$@' to forward CLI parameters
@@ -70,4 +70,3 @@ AppImage:
   arch: x86_64
   file_name: ssh-mitm-x86_64.AppImage
   update-information: gh-releases-zsync|ssh-mitm|ssh-mitm|latest|ssh-mitm-x86_64.AppImage.zsync
-  sign-key: None

CHANGELOG.md

@@ -7,6 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.6.1] - 2021-09-21
+
+### Fixed
+
+- missing environment variable in snap file
+- fixed ssh-mitm-audit command
+
 ## [0.6.0] - 2021-09-13
 
 ### Added
@@ -203,7 +210,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - fixed pseudo terminal on exec command
 
-[Unreleased]: https://github.com/ssh-mitm/ssh-mitm/compare/0.6.0...develop
+[Unreleased]: https://github.com/ssh-mitm/ssh-mitm/compare/0.6.1...develop
+[0.6.1]: https://github.com/ssh-mitm/ssh-mitm/compare/0.6.0...0.6.1
 [0.6.0]: https://github.com/ssh-mitm/ssh-mitm/compare/0.5.13...0.6.0
 [0.5.13]: https://github.com/ssh-mitm/ssh-mitm/compare/0.5.12...0.5.13
 [0.5.12]: https://github.com/ssh-mitm/ssh-mitm/compare/0.5.11...0.5.12

doc/CVE-2016-20012.rst

@@ -0,0 +1,48 @@
+CVE-2016-20012
+==============
+
+.. raw:: html
+
+    <div class="card card-margin">
+        <div class="card-header no-border">
+            <h5 class="card-title cve-title">CVE-2016-20012</h5>
+        </div>
+        <div class="card-body pt-0">
+            <div class="widget-49">
+                <div class="widget-49-title-wrapper">
+                    <div class="widget-49-date-primary">
+                        <span class="widget-49-date-day">7.4</span>
+                        <span class="widget-49-date-month">CVSS</span>
+                    </div>
+                    <div class="widget-49-meeting-info">
+                        <span class="widget-49-pro-title"><b>Vector:</b> CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N</span>
+                        <span class="widget-49-meeting-time">
+                            <a href="https://nvd.nist.gov/vuln/detail/CVE-2016-20012">https://nvd.nist.gov/vuln/detail/CVE-2016-20012</a>
+                        </span>
+                    </div>
+                </div>
+                <p class="widget-49-meeting-integration">
+                    <i class="fas fa-check"></i> integrated in <a href="https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/authentication.py">SSH-MITM server</a>
+                </p>
+                <p class="widget-49-meeting-text">
+                    OpenSSH through 8.7 allows remote attackers, who have a suspicion that
+                    a certain combination of username and public key is known to an SSH server,
+                    to test whether this suspicion is correct. This occurs because a challenge is
+                    sent only when that combination could be valid for a login session.
+                </p>
+                <span class="widget-49-pro-title"><b>Affected Software:</b></span>
+                <ul class="widget-49-meeting-points">
+                    <li class="widget-49-meeting-item"><b>OpenSSH</b> &lt;=8.7</li>
+                </ul>
+            </div>
+        </div>
+    </div>
+
+
+References
+----------
+
+* https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265
+* https://github.com/openssh/openssh-portable/pull/270
+* https://rushter.com/blog/public-ssh-keys/
+* https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak

doc/CVE-2021-36367.rst

@@ -0,0 +1,58 @@
+CVE-2021-36367
+==============
+
+.. raw:: html
+
+    <div class="card card-margin">
+        <div class="card-header no-border">
+            <h5 class="card-title cve-title">CVE-2021-36367</h5>
+        </div>
+        <div class="card-body pt-0">
+            <div class="widget-49">
+                <div class="widget-49-title-wrapper">
+                    <div class="widget-49-date-primary">
+                        <span class="widget-49-date-day">8.1</span>
+                        <span class="widget-49-date-month">CVSS</span>
+                    </div>
+                    <div class="widget-49-meeting-info">
+                        <span class="widget-49-pro-title"><b>Vector:</b> CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N</span>
+                        <span class="widget-49-meeting-time">
+                            <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-36367">https://nvd.nist.gov/vuln/detail/CVE-2021-36367</a>
+                        </span>
+                    </div>
+                </div>
+                <p class="widget-49-meeting-integration">
+                    <i class="fas fa-check"></i> integrated in SSH-MITM server
+                </p>
+                <p class="widget-49-meeting-text">
+                    <b>Note: MITRE's description is wrong. Please read note bellow.</b></br>
+                    PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response.
+                    This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt
+                    (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).
+                </p>
+                <span class="widget-49-pro-title"><b>Affected Software:</b></span>
+                <ul class="widget-49-meeting-points">
+                    <li class="widget-49-meeting-item"><b>PuTTY</b> &lt; 0.71</li>
+                </ul>
+            </div>
+        </div>
+    </div>
+
+.. note::
+
+    **Comment from Simon Tatham:**
+
+    CVE-2021-36367 refers to this new option as a fix for a vulnerability, and describes the vulnerability
+    as "PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive
+    authentication response". With respect to the author of that text, we consider that to be misleading.
+    It is perfectly legal for the server to waive authentication, and actually useful in some legitimate use cases;
+    it is perfectly legal for PuTTY to proceed with the connection regardless; and the trust sigil system introduced
+    in 0.71 already defends against every spoofing attack we know of that a server could attempt by doing this unexpectedly.
+    This new option is a UI improvement, but not in and of itself a vital vulnerability fix.
+
+
+References
+----------
+
+* https://git.tartarus.org/?p=simon/putty.git;a=commit;h=1dc5659aa62848f0aeb5de7bd3839fecc7debefa
+* https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

doc/CVE-2021-36368.rst

@@ -0,0 +1,36 @@
+CVE-2021-36368
+==============
+
+.. raw:: html
+
+    <div class="card card-margin">
+        <div class="card-header no-border">
+            <h5 class="card-title cve-title">CVE-2021-36368</h5>
+        </div>
+        <div class="card-body pt-0">
+            <div class="widget-49">
+                <div class="widget-49-title-wrapper">
+                    <div class="widget-49-date-primary">
+                        <span class="widget-49-date-day">N/A</span>
+                        <span class="widget-49-date-month">CVSS</span>
+                    </div>
+                    <div class="widget-49-meeting-info">
+                        <span class="widget-49-pro-title"><b>Vector:</b> N/A</span>
+                        <span class="widget-49-meeting-time">
+                            <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-36368">https://nvd.nist.gov/vuln/detail/CVE-2021-36368</a>
+                        </span>
+                    </div>
+                </div>
+                <p class="widget-49-meeting-integration">
+                    <i class="fas fa-check"></i> integrated in SSH-MITM server
+                </p>
+                <p class="widget-49-meeting-text">
+                    This CVE is marked as reserved.
+                </p>
+                <span class="widget-49-pro-title"><b>Affected Software:</b></span>
+                <ul class="widget-49-meeting-points">
+                    <li class="widget-49-meeting-item"><b>OpenSSHH</b> &lt;= 8.7</li>
+                </ul>
+            </div>
+        </div>
+    </div>

doc/CVE-2021-36369.rst

@@ -0,0 +1,36 @@
+CVE-2021-36369
+==============
+
+.. raw:: html
+
+    <div class="card card-margin">
+        <div class="card-header no-border">
+            <h5 class="card-title cve-title">CVE-2021-36369</h5>
+        </div>
+        <div class="card-body pt-0">
+            <div class="widget-49">
+                <div class="widget-49-title-wrapper">
+                    <div class="widget-49-date-primary">
+                        <span class="widget-49-date-day">N/A</span>
+                        <span class="widget-49-date-month">CVSS</span>
+                    </div>
+                    <div class="widget-49-meeting-info">
+                        <span class="widget-49-pro-title"><b>Vector:</b> N/A</span>
+                        <span class="widget-49-meeting-time">
+                            <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-36369">https://nvd.nist.gov/vuln/detail/CVE-2021-36369</a>
+                        </span>
+                    </div>
+                </div>
+                <p class="widget-49-meeting-integration">
+                    <i class="fas fa-check"></i> integrated in SSH-MITM server
+                </p>
+                <p class="widget-49-meeting-text">
+                    This CVE is marked as reserved.
+                </p>
+                <span class="widget-49-pro-title"><b>Affected Software:</b></span>
+                <ul class="widget-49-meeting-points">
+                    <li class="widget-49-meeting-item"><b>Dropbear</b> &lt;= 2020.81</li>
+                </ul>
+            </div>
+        </div>
+    </div>

doc/_static/assets/css/theme2.css

@@ -0,0 +1,146 @@
+
+table.docutils,
+.rst-content table.field-list,
+.wy-table {
+	border-collapse: collapse;
+	border-spacing: 0;
+	empty-cells: show;
+	margin-bottom: 24px
+}
+
+table.docutils caption,
+.rst-content table.field-list caption,
+.wy-table caption {
+	color: #000;
+	font: italic 85%/1 arial, sans-serif;
+	padding: 1em 0;
+	text-align: center
+}
+
+table.docutils td,
+table.docutils th,
+.rst-content table.field-list td,
+.rst-content table.field-list th,
+.wy-table td,
+.wy-table th {
+	font-size: 90%;
+	margin: 0;
+	overflow: visible;
+	padding: 8px 16px
+}
+
+table.docutils td:first-child,
+table.docutils th:first-child,
+.rst-content table.field-list td:first-child,
+.rst-content table.field-list th:first-child,
+.wy-table td:first-child,
+.wy-table th:first-child {
+	border-left-width: 0
+}
+
+table.docutils thead,
+.rst-content table.field-list thead,
+.wy-table thead {
+	color: #000;
+	text-align: left;
+	vertical-align: bottom;
+	white-space: nowrap
+}
+
+table.docutils thead th,
+.rst-content table.field-list thead th,
+.wy-table thead th {
+	font-weight: 700;
+	border-bottom: 2px solid #e1e4e5
+}
+
+table.docutils td,
+.rst-content table.field-list td,
+.wy-table td {
+	background-color: transparent;
+	vertical-align: middle
+}
+
+table.docutils td p,
+.rst-content table.field-list td p,
+.wy-table td p {
+	line-height: 18px
+}
+
+table.docutils td p:last-child,
+.rst-content table.field-list td p:last-child,
+.wy-table td p:last-child {
+	margin-bottom: 0
+}
+
+table.docutils .wy-table-cell-min,
+.rst-content table.field-list .wy-table-cell-min,
+.wy-table .wy-table-cell-min {
+	width: 1%;
+	padding-right: 0
+}
+
+table.docutils .wy-table-cell-min input[type=checkbox],
+.rst-content table.field-list .wy-table-cell-min input[type=checkbox],
+.wy-table .wy-table-cell-min input[type=checkbox] {
+	margin: 0
+}
+
+.wy-table-secondary {
+	color: grey;
+	font-size: 90%
+}
+
+.wy-table-tertiary {
+	color: grey;
+	font-size: 80%
+}
+
+table.docutils:not(.field-list) tr:nth-child(2n-1) td,
+.wy-table-backed,
+.wy-table-odd td,
+.wy-table-striped tr:nth-child(2n-1) td {
+	background-color: #f3f6f6
+}
+
+table.docutils,
+.wy-table-bordered-all {
+	border: 1px solid #e1e4e5
+}
+
+table.docutils td,
+.wy-table-bordered-all td {
+	border-bottom: 1px solid #e1e4e5;
+	border-left: 1px solid #e1e4e5
+}
+
+table.docutils tbody>tr:last-child td,
+.wy-table-bordered-all tbody>tr:last-child td {
+	border-bottom-width: 0
+}
+
+table.docutils th {
+	border-color: #e1e4e5
+}
+
+
+table.docutils td .last,
+table.docutils td .last>:last-child {
+	margin-bottom: 0
+}
+
+table.docutils th {
+	border-color: #e1e4e5
+}
+
+
+table.docutils th {
+	border: 1px solid #e1e4e5
+}
+
+table.docutils td>p,
+table.docutils th>p {
+	line-height: 1rem;
+	margin-bottom: 0;
+	font-size: .9rem
+}