Michał Wąsowski

**Name of the Vulnerable Software and Affected Versions** Erlang OTP versions 17.0 through 29.0.1 Erlang OTP versions prior to 28.5.0.2 Erlang OTP versions prior to 27.3.4.13 **Description** An issue in the `ssh sftpd` module allows for file discovery through the exposure of sensitive information. The `SSH FXP READLINK` handler sends the raw result of the `file:read link/2` function to the client without using `chroot filename/2` to remove the backend root prefix. Consequently, an authenticated SFTP client can create a symlink inside the chroot pointing to `/`, and reading it back via `SSH FXP READLINK` returns the absolute backend root path (e.g., `/data/sftp`) instead of the chrooted value `/`. This discloses the absolute filesystem path of the SFTP root directory and any symlink targets within it, although file contents, credentials, and paths outside the root directory remain inaccessible. This issue is associated with the file `lib/ssh/src/ssh sftpd.erl` and requires the SFTP subsystem to be enabled with the `root` option configured in the `ssh sftpd:subsystem spec/1` call. **Recommendations** Update Erlang OTP to version 29.0.2 or later. Update Erlang OTP to version 28.5.0.2 or later. Update Erlang OTP to version 27.3.4.13 or later. Use OS-level chroot to run the Erlang VM or SFTP server process in an isolated filesystem environment. Ensure the SFTP server port is not reachable from untrusted machines. Ensure no sensitive information is inferrable from the absolute path of the configured root directory.

**Name of the Vulnerable Software and Affected Versions** Erlang/OTP versions 29.0 through 29.0.1 ssh versions 6.0 through 6.0.0 **Description** A timing side-channel in password authentication allows unauthenticated remote attackers to enumerate usernames. When the SSH daemon is configured with the `user passwords` or `password` option, the `check password/3()` function in the `ssh auth` module performs a PBKDF2-SHA256 computation for valid usernames, taking approximately 300ms. Conversely, for invalid usernames, the `get password option/2()` function in the `ssh options` module returns immediately. This discrepancy allows an attacker to distinguish between valid and invalid usernames in a single attempt. **Recommendations** Update Erlang/OTP to version 29.0.2 or later. Update ssh to version 6.0.1 or later. Use the `pwdfun` option instead of `user passwords` for password authentication. Restrict SSH port access to trusted networks via firewall rules.

**Name of the Vulnerable Software and Affected Versions** Erlang OTP versions 17.0 through 28.4.3 Erlang OTP versions 17.0 through 27.3.4.11 Erlang OTP versions 17.0 through 26.2.5.20 **Description** A path traversal issue in the Erlang OTP ssh `ssh sftpd` module allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon stores the raw, user-supplied path in file handles instead of the chroot-resolved path. When `SSH FXP FSETSTAT` is issued on such a handle, file attributes like permissions, ownership, and timestamps are modified on the real filesystem path, bypassing the root directory boundary. This requires the server to be configured with the root option and for the target file to exist on the real filesystem at the same relative path. This flaw only allows the modification of file attributes; file contents cannot be read or altered. If the SSH daemon runs as root, an attacker can achieve privilege escalation by setting the setuid bit on binaries, changing ownership of sensitive files, or making system configurations world-writable. The issue is associated with the file `lib/ssh/src/ssh sftpd.erl` and the functions `ssh sftpd:do open/4` and `ssh sftpd:handle op/4`. **Recommendations** Update Erlang OTP to a version later than 28.4.3, 27.3.4.11, or 26.2.5.20 depending on the release branch. Do not use the root option in `ssh sftpd:subsystem spec/1` and instead use OS-level chroot or container isolation to confine SFTP users. Ensure the Erlang VM is not running as a privileged OS user to limit the impact of attribute modifications.

**Name of the Vulnerable Software and Affected Versions** Erlang OTP versions 17.0 through 28.4.1 Erlang OTP versions 26.2.5.18 through 27.3.4.9 **Description** An improper limitation of a pathname to a restricted directory, specifically a 'Path Traversal' issue, exists in the Erlang OTP `ssh sftpd` module. The SFTP server uses string prefix matching with the `lists:prefix/2` function instead of proper path component validation when verifying if a path is within the configured root directory. This allows authenticated users to access sibling directories that share a common name prefix with the configured root directory. For example, if the root directory is set to `/home/user1`, paths like `/home/user10` or `/home/user1 backup` could be incorrectly considered within the root. The issue is associated with the program file `lib/ssh/src/ssh sftpd.erl` and the `ssh sftpd:is within root/2` function. **Recommendations** Update Erlang OTP to a version later than 28.4.1. Update Erlang OTP to a version later than 27.3.4.9. Update Erlang OTP to a version later than 26.2.5.18.

**Name of the Vulnerable Software and Affected Versions** Erlang OTP versions 17.0 through 28.4.1 Erlang OTP versions 26.2.5.18 through 27.3.4.9 **Description** An issue exists in Erlang OTP ssh (ssh transport modules) that allows for Denial of Service via Resource Depletion. The SSH transport layer, by default, advertises legacy zlib compression and inflates attacker-controlled payloads without a size limit before authentication. This enables a reliable memory exhaustion attack. Two compression algorithms are affected: zlib, which activates immediately after key exchange, and zlib@openssh.com, which activates post-authentication. Each SSH packet can decompress approximately 255 MB from 256 KB of data, resulting in a 1029:1 amplification ratio. Multiple packets can quickly exhaust available memory, potentially causing Out-Of-Memory (OOM) kills in environments with limited memory. The issue is associated with the `ssh transport.erl` file and the `ssh transport:decompress/2` and `ssh transport:handle packet part/4` routines. **Recommendations** Update Erlang OTP to a version later than 28.4.1. Update Erlang OTP to a version later than 27.3.4.9.