From c6b8dc97e173d868b1c714792572bf94f484aa91 Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Mon, 21 Feb 2022 21:48:10 -0500 Subject: [PATCH] Fixed tests. --- test/docker/expected_results/openssh_4.0p1_test1.txt | 5 ++++- test/docker/expected_results/openssh_5.6p1_test1.txt | 5 ++++- test/docker/expected_results/openssh_5.6p1_test2.txt | 5 ++++- test/docker/expected_results/openssh_5.6p1_test3.txt | 5 ++++- test/docker/expected_results/openssh_5.6p1_test4.txt | 5 ++++- test/docker/expected_results/openssh_5.6p1_test5.txt | 5 ++++- test/docker/expected_results/openssh_8.0p1_test1.txt | 6 ++++++ test/docker/expected_results/openssh_8.0p1_test2.txt | 6 ++++++ test/docker/expected_results/openssh_8.0p1_test3.txt | 6 ++++++ test/test_ssh1.py | 4 ++-- test/test_ssh2.py | 4 ++-- 11 files changed, 46 insertions(+), 10 deletions(-) diff --git a/test/docker/expected_results/openssh_4.0p1_test1.txt b/test/docker/expected_results/openssh_4.0p1_test1.txt index 419105a..3b4a40f 100644 --- a/test/docker/expected_results/openssh_4.0p1_test1.txt +++ b/test/docker/expected_results/openssh_4.0p1_test1.txt @@ -6,7 +6,10 @@ (gen) compression: enabled (zlib) # security -(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies +(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers +(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies +(cve) CVE-2017-15906 -- (CVSSv2: 5.3) readonly bypass via sftp +(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response (cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data (cve) CVE-2014-1692 -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption) (cve) CVE-2012-0814 -- (CVSSv2: 3.5) leak data via debug messages diff --git a/test/docker/expected_results/openssh_5.6p1_test1.txt b/test/docker/expected_results/openssh_5.6p1_test1.txt index 014d7e7..d11b4f5 100644 --- a/test/docker/expected_results/openssh_5.6p1_test1.txt +++ b/test/docker/expected_results/openssh_5.6p1_test1.txt @@ -5,7 +5,10 @@ (gen) compression: enabled (zlib@openssh.com) # security -(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies +(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers +(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies +(cve) CVE-2017-15906 -- (CVSSv2: 5.3) readonly bypass via sftp +(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response (cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data (cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read) (cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid diff --git a/test/docker/expected_results/openssh_5.6p1_test2.txt b/test/docker/expected_results/openssh_5.6p1_test2.txt index 2a6825f..d127814 100644 --- a/test/docker/expected_results/openssh_5.6p1_test2.txt +++ b/test/docker/expected_results/openssh_5.6p1_test2.txt @@ -5,7 +5,10 @@ (gen) compression: enabled (zlib@openssh.com) # security -(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies +(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers +(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies +(cve) CVE-2017-15906 -- (CVSSv2: 5.3) readonly bypass via sftp +(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response (cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data (cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read) (cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid diff --git a/test/docker/expected_results/openssh_5.6p1_test3.txt b/test/docker/expected_results/openssh_5.6p1_test3.txt index 657b22e..39ccda1 100644 --- a/test/docker/expected_results/openssh_5.6p1_test3.txt +++ b/test/docker/expected_results/openssh_5.6p1_test3.txt @@ -5,7 +5,10 @@ (gen) compression: enabled (zlib@openssh.com) # security -(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies +(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers +(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies +(cve) CVE-2017-15906 -- (CVSSv2: 5.3) readonly bypass via sftp +(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response (cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data (cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read) (cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid diff --git a/test/docker/expected_results/openssh_5.6p1_test4.txt b/test/docker/expected_results/openssh_5.6p1_test4.txt index fb48d1c..def1421 100644 --- a/test/docker/expected_results/openssh_5.6p1_test4.txt +++ b/test/docker/expected_results/openssh_5.6p1_test4.txt @@ -5,7 +5,10 @@ (gen) compression: enabled (zlib@openssh.com) # security -(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies +(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers +(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies +(cve) CVE-2017-15906 -- (CVSSv2: 5.3) readonly bypass via sftp +(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response (cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data (cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read) (cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid diff --git a/test/docker/expected_results/openssh_5.6p1_test5.txt b/test/docker/expected_results/openssh_5.6p1_test5.txt index 5ff250a..0460b2e 100644 --- a/test/docker/expected_results/openssh_5.6p1_test5.txt +++ b/test/docker/expected_results/openssh_5.6p1_test5.txt @@ -5,7 +5,10 @@ (gen) compression: enabled (zlib@openssh.com) # security -(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies +(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers +(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies +(cve) CVE-2017-15906 -- (CVSSv2: 5.3) readonly bypass via sftp +(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response (cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data (cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read) (cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid diff --git a/test/docker/expected_results/openssh_8.0p1_test1.txt b/test/docker/expected_results/openssh_8.0p1_test1.txt index d7e45b1..aafd004 100644 --- a/test/docker/expected_results/openssh_8.0p1_test1.txt +++ b/test/docker/expected_results/openssh_8.0p1_test1.txt @@ -4,6 +4,12 @@ (gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+ (gen) compression: enabled (zlib@openssh.com) +# security +(cve) CVE-2021-41617 -- (CVSSv2: 7.0) privilege escalation via supplemental groups +(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers +(cve) CVE-2019-16905 -- (CVSSv2: 7.8) memory corruption and local code execution via pre-authentication integer overflow +(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response + # key exchange algorithms (kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76 (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62 diff --git a/test/docker/expected_results/openssh_8.0p1_test2.txt b/test/docker/expected_results/openssh_8.0p1_test2.txt index a13be8a..a987ab3 100644 --- a/test/docker/expected_results/openssh_8.0p1_test2.txt +++ b/test/docker/expected_results/openssh_8.0p1_test2.txt @@ -4,6 +4,12 @@ (gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+ (gen) compression: enabled (zlib@openssh.com) +# security +(cve) CVE-2021-41617 -- (CVSSv2: 7.0) privilege escalation via supplemental groups +(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers +(cve) CVE-2019-16905 -- (CVSSv2: 7.8) memory corruption and local code execution via pre-authentication integer overflow +(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response + # key exchange algorithms (kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76 (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62 diff --git a/test/docker/expected_results/openssh_8.0p1_test3.txt b/test/docker/expected_results/openssh_8.0p1_test3.txt index 5b20c3f..3530a63 100644 --- a/test/docker/expected_results/openssh_8.0p1_test3.txt +++ b/test/docker/expected_results/openssh_8.0p1_test3.txt @@ -4,6 +4,12 @@ (gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+ (gen) compression: enabled (zlib@openssh.com) +# security +(cve) CVE-2021-41617 -- (CVSSv2: 7.0) privilege escalation via supplemental groups +(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers +(cve) CVE-2019-16905 -- (CVSSv2: 7.8) memory corruption and local code execution via pre-authentication integer overflow +(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response + # key exchange algorithms (kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76 (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62 diff --git a/test/test_ssh1.py b/test/test_ssh1.py index d40c157..96e8846 100644 --- a/test/test_ssh1.py +++ b/test/test_ssh1.py @@ -138,7 +138,7 @@ class TestSSH1: self.audit(out, self._conf()) out.write() lines = output_spy.flush() - assert len(lines) == 17 + assert len(lines) == 21 def test_ssh1_server_invalid_first_packet(self, output_spy, virtual_socket): vsocket = virtual_socket @@ -153,7 +153,7 @@ class TestSSH1: out.write() assert ret != 0 lines = output_spy.flush() - assert len(lines) == 10 + assert len(lines) == 14 assert 'unknown message' in lines[-1] def test_ssh1_server_invalid_checksum(self, output_spy, virtual_socket): diff --git a/test/test_ssh2.py b/test/test_ssh2.py index fc4c0fa..23ce21e 100644 --- a/test/test_ssh2.py +++ b/test/test_ssh2.py @@ -147,7 +147,7 @@ class TestSSH2: self.audit(out, self._conf()) out.write() lines = output_spy.flush() - assert len(lines) == 70 + assert len(lines) == 74 def test_ssh2_server_invalid_first_packet(self, output_spy, virtual_socket): vsocket = virtual_socket @@ -161,5 +161,5 @@ class TestSSH2: out.write() assert ret != 0 lines = output_spy.flush() - assert len(lines) == 5 + assert len(lines) == 9 assert 'unknown message' in lines[-1]