drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in openssh
Name: |
Denial of Service in openssh |
|
ID: |
RHSA-2005:550-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Enterprise Linux |
|
Datum: |
Mi, 28. September 2005, 17:44 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2069 |
|
Applikationen: |
Portable OpenSSH |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- --------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Low: openssh security update Advisory ID: RHSA-2005:550-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-550.html Issue date: 2005-09-28 Updated on: 2005-09-28 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-2069 - ---------------------------------------------------------------------
1. Summary:
Updated openssh packages that fix a potential security vulnerability and various other bugs are now available.
This update has been rated as having low security impact by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
3. Problem description:
OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This includes the core files necessary for both the OpenSSH client and server.
A bug was found in the way the OpenSSH server handled the MaxStartups and LoginGraceTime configuration variables. A malicious user could connect to the SSH daemon in such a way that it would prevent additional logins from occuring until the malicious connections are closed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-2069 to this issue.
Additionally, the following issues are resolved with this update:
- - The -q option of the ssh client did not suppress the banner message sent by the server, which caused errors when used in scripts.
- - The sshd daemon failed to close the client connection if multiple X clients were forwarded over the connection and the client session exited.
- - The sftp client leaked memory if used for extended periods.
- - The sshd daemon called the PAM functions incorrectly if the user was unknown on the system.
All users of openssh should upgrade to these updated packages, which contain backported patches and resolve these issues.
4. Solution:
Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
129289 - [PATCH] SSH -q flag does not suppress banner text 151080 - sftp over a persistent connection (days/weeks) develops a memory leak. 156996 - CAN-2004-2069 openssh DoS issue
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS: openssh-3.6.1p2-33.30.6.src.rpm f514321c6f738324ef5aa4df64a6e1c2 openssh-3.6.1p2-33.30.6.src.rpm
i386: 52e87b68f36f459088903be25e4dc9fd openssh-3.6.1p2-33.30.6.i386.rpm 4352bdb2f2c165818bb72723840bc96e openssh-askpass-3.6.1p2-33.30.6.i386.rpm bccb045b7834a86051d4be555034f048 openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm 4cda57abc7d85f321900d568a95c5480 openssh-clients-3.6.1p2-33.30.6.i386.rpm b807bb89e975f7c6afe6f8270d1d5357 openssh-server-3.6.1p2-33.30.6.i386.rpm
ia64: 26481121cb896b726c8e891b801ef3d6 openssh-3.6.1p2-33.30.6.ia64.rpm 2f8aa489e8d9744cbafcd45730794395 openssh-askpass-3.6.1p2-33.30.6.ia64.rpm fbdd53c3bf2288409aa0687f3717ea5b openssh-askpass-gnome-3.6.1p2-33.30.6.ia64.rpm d60c195299c8e07e4c5e100f18e2145b openssh-clients-3.6.1p2-33.30.6.ia64.rpm a0b7c2e40c942f7996003b3d33dc7094 openssh-server-3.6.1p2-33.30.6.ia64.rpm
ppc: 3e29708efad159fa8cc254662b6ff505 openssh-3.6.1p2-33.30.6.ppc.rpm 5c6363576c83399dfa948aa45d8f185e openssh-askpass-3.6.1p2-33.30.6.ppc.rpm bea38750538bd370e65406b5b1eabf33 openssh-askpass-gnome-3.6.1p2-33.30.6.ppc.rpm fc65f08b4c2e6ede36e0f7762140aa5c openssh-clients-3.6.1p2-33.30.6.ppc.rpm ddb0d4bbf471f2c9a60ac8d928a1733e openssh-server-3.6.1p2-33.30.6.ppc.rpm
s390: a09e96711d0f9e6527193eb3a3660ce1 openssh-3.6.1p2-33.30.6.s390.rpm 8fde7e1acc7593ba0048836f88c9548f openssh-askpass-3.6.1p2-33.30.6.s390.rpm 35e1caa39539fbdd1bd38f17ad66103d openssh-askpass-gnome-3.6.1p2-33.30.6.s390.rpm c6f91623373358c892fcb36c7785d1c6 openssh-clients-3.6.1p2-33.30.6.s390.rpm d13ba0dee80f74ac42eb2594fb1582cd openssh-server-3.6.1p2-33.30.6.s390.rpm
s390x: c953f6bebbffc2c5e888a4b59c4cee7a openssh-3.6.1p2-33.30.6.s390x.rpm 3938bf4cb26335f471f494fd455427a0 openssh-askpass-3.6.1p2-33.30.6.s390x.rpm 06561eab8bd1a67fec7747c9b4ace426 openssh-askpass-gnome-3.6.1p2-33.30.6.s390x.rpm 42df2d392e3741527b820edb6e7fe8c0 openssh-clients-3.6.1p2-33.30.6.s390x.rpm 2bc0b74d772c4fea91ba835b23e86fae openssh-server-3.6.1p2-33.30.6.s390x.rpm
x86_64: 2778b91c7cb7735c4b60fac710a4e602 openssh-3.6.1p2-33.30.6.x86_64.rpm ed944f1bdecb361ee6cf8e9429ccbc52 openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm 252f1926456af7e2749fa34eafd91cec openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm 9d788669ff55c53e49e35e1f0919c0ce openssh-clients-3.6.1p2-33.30.6.x86_64.rpm 3552034cbb2d541408fe82faf821a42f openssh-server-3.6.1p2-33.30.6.x86_64.rpm
Red Hat Desktop version 3:
SRPMS: openssh-3.6.1p2-33.30.6.src.rpm f514321c6f738324ef5aa4df64a6e1c2 openssh-3.6.1p2-33.30.6.src.rpm
i386: 52e87b68f36f459088903be25e4dc9fd openssh-3.6.1p2-33.30.6.i386.rpm 4352bdb2f2c165818bb72723840bc96e openssh-askpass-3.6.1p2-33.30.6.i386.rpm bccb045b7834a86051d4be555034f048 openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm 4cda57abc7d85f321900d568a95c5480 openssh-clients-3.6.1p2-33.30.6.i386.rpm b807bb89e975f7c6afe6f8270d1d5357 openssh-server-3.6.1p2-33.30.6.i386.rpm
x86_64: 2778b91c7cb7735c4b60fac710a4e602 openssh-3.6.1p2-33.30.6.x86_64.rpm ed944f1bdecb361ee6cf8e9429ccbc52 openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm 252f1926456af7e2749fa34eafd91cec openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm 9d788669ff55c53e49e35e1f0919c0ce openssh-clients-3.6.1p2-33.30.6.x86_64.rpm 3552034cbb2d541408fe82faf821a42f openssh-server-3.6.1p2-33.30.6.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS: openssh-3.6.1p2-33.30.6.src.rpm f514321c6f738324ef5aa4df64a6e1c2 openssh-3.6.1p2-33.30.6.src.rpm
i386: 52e87b68f36f459088903be25e4dc9fd openssh-3.6.1p2-33.30.6.i386.rpm 4352bdb2f2c165818bb72723840bc96e openssh-askpass-3.6.1p2-33.30.6.i386.rpm bccb045b7834a86051d4be555034f048 openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm 4cda57abc7d85f321900d568a95c5480 openssh-clients-3.6.1p2-33.30.6.i386.rpm b807bb89e975f7c6afe6f8270d1d5357 openssh-server-3.6.1p2-33.30.6.i386.rpm
ia64: 26481121cb896b726c8e891b801ef3d6 openssh-3.6.1p2-33.30.6.ia64.rpm 2f8aa489e8d9744cbafcd45730794395 openssh-askpass-3.6.1p2-33.30.6.ia64.rpm fbdd53c3bf2288409aa0687f3717ea5b openssh-askpass-gnome-3.6.1p2-33.30.6.ia64.rpm d60c195299c8e07e4c5e100f18e2145b openssh-clients-3.6.1p2-33.30.6.ia64.rpm a0b7c2e40c942f7996003b3d33dc7094 openssh-server-3.6.1p2-33.30.6.ia64.rpm
x86_64: 2778b91c7cb7735c4b60fac710a4e602 openssh-3.6.1p2-33.30.6.x86_64.rpm ed944f1bdecb361ee6cf8e9429ccbc52 openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm 252f1926456af7e2749fa34eafd91cec openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm 9d788669ff55c53e49e35e1f0919c0ce openssh-clients-3.6.1p2-33.30.6.x86_64.rpm 3552034cbb2d541408fe82faf821a42f openssh-server-3.6.1p2-33.30.6.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS: openssh-3.6.1p2-33.30.6.src.rpm f514321c6f738324ef5aa4df64a6e1c2 openssh-3.6.1p2-33.30.6.src.rpm
i386: 52e87b68f36f459088903be25e4dc9fd openssh-3.6.1p2-33.30.6.i386.rpm 4352bdb2f2c165818bb72723840bc96e openssh-askpass-3.6.1p2-33.30.6.i386.rpm bccb045b7834a86051d4be555034f048 openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm 4cda57abc7d85f321900d568a95c5480 openssh-clients-3.6.1p2-33.30.6.i386.rpm b807bb89e975f7c6afe6f8270d1d5357 openssh-server-3.6.1p2-33.30.6.i386.rpm
ia64: 26481121cb896b726c8e891b801ef3d6 openssh-3.6.1p2-33.30.6.ia64.rpm 2f8aa489e8d9744cbafcd45730794395 openssh-askpass-3.6.1p2-33.30.6.ia64.rpm fbdd53c3bf2288409aa0687f3717ea5b openssh-askpass-gnome-3.6.1p2-33.30.6.ia64.rpm d60c195299c8e07e4c5e100f18e2145b openssh-clients-3.6.1p2-33.30.6.ia64.rpm a0b7c2e40c942f7996003b3d33dc7094 openssh-server-3.6.1p2-33.30.6.ia64.rpm
x86_64: 2778b91c7cb7735c4b60fac710a4e602 openssh-3.6.1p2-33.30.6.x86_64.rpm ed944f1bdecb361ee6cf8e9429ccbc52 openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm 252f1926456af7e2749fa34eafd91cec openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm 9d788669ff55c53e49e35e1f0919c0ce openssh-clients-3.6.1p2-33.30.6.x86_64.rpm 3552034cbb2d541408fe82faf821a42f openssh-server-3.6.1p2-33.30.6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2069
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/
Copyright 2005 Red Hat, Inc.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFDOrmeXlSAg2UNWIIRAuF5AJ4lKY89ZylrKmOfz6MPg76isA4TBgCfTgWH e1YnMwvvi28iiE9DO9zfGKc= =dqOJ -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|
|
|
|