row hammer attack in openssh

MidnightBSD · Dec 27, 2023 · ea2eb60 · ea2eb60
1 parent 635b156
commit ea2eb60
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 1 deletion.
diff --git a/latest-id.txt b/latest-id.txt
@@ -1 +1 @@
-2023-11
+2023-12
diff --git a/vulns/midnightbsd/MNBSD-2023-12.yaml b/vulns/midnightbsd/MNBSD-2023-12.yaml
@@ -0,0 +1,37 @@
+id: MNBSD-2023-12
+summary: OpenSSH row hammer attack
+details: OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.
+affected:
+  - package:
+      name: openssh
+      ecosystem: MidnightBSD
+    ranges:
+      - type: ECOSYSTEM
+        events:
+          - introduced: 2.2.0
+    versions:
+      - 2.2.0
+      - 2.2.1
+      - 2.2.2
+      - 2.2.3
+      - 2.2.4
+      - 2.2.5
+      - 2.2.6
+      - 2.2.7
+      - 2.2.8
+      - 3.0.0
+      - 3.0.1
+      - 3.0.2
+      - 3.1.0
+      - 3.1.1
+      - 3.1.2
+      - 3.1.3
+      - 3.1.4
+      - 3.2.0
+references:
+  - type: WEB
+    url: https://nvd.nist.gov/vuln/detail/CVE-2023-51767
+aliases:
+  - CVE-2023-51767
+modified: "2023-12-27T00:00:00.000Z"
+published: "2023-12-27T00:00:00.000Z"