Sicherheit: Problem in OpenSSH, wenn UseLogin eingeschaltet ist

Lesezeichen hinzufügen

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
Caldera International, Inc. Security Advisory

Subject: Linux - Remote vulnerability in OpenSSH
Advisory number: CSSA-2001-042.0
Issue date: 2001, December 11
Cross reference:
______________________________________________________________________________

1. Problem Description

The OpenSSH team has reported a vulnerability in the OpenSSH server
that allows remote attackers to obtain root privilege if the server
has the UseLogin option enabled. This option is off by default on
OpenLinux, so a default installation is not vulnerable.

We nevertheless recommend to our customers to upgrade to the fixed
package.

Exploits of this vulnerability have apparently been circulated for
some time.

2. Vulnerable Versions

System Package
-----------------------------------------------------------
OpenLinux 2.3 not vulnerable

OpenLinux eServer 2.3.1 All packages previous to
and OpenLinux eBuilder openssh-2.9p2-4

OpenLinux eDesktop 2.4 All packages previous to
openssh-2.9p2-4

OpenLinux Server 3.1 All packages previous to
openssh-2.9p2-4

OpenLinux Workstation 3.1 All packages previous to
openssh-2.9p2-4

3. Solution

Workaround

Make sure that you do not have the UseLogin option enabled.
In /etc/ssh/sshd_config, the UseLogin option should either
be commended out, or should be set to "no".

The proper solution is to upgrade to the latest packages.

4. OpenLinux 2.3

not vulnerable

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

5.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/SRPMS

5.2 Verification

4750b4dc110bcdb9a06f275422486d22 RPMS/openssh-2.9p2-4.i386.rpm
2ccef9bbd5c51ac9ee3ea7bdb0cad5e8 RPMS/openssh-askpass-2.9p2-4.i386.rpm
db4931cfa21ef0312ca9f7baaea9d19d RPMS/openssh-server-2.9p2-4.i386.rpm
50511f127c8215bce46d6082aa924aa9 SRPMS/openssh-2.9p2-4.src.rpm

5.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fvh openssh-2.9p2-4.i386.rpm \
openssh-askpass-2.9p2-4.i386.rpm \
openssh-server-2.9p2-4.i386.rpm

6. OpenLinux eDesktop 2.4

6.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/SRPMS

6.2 Verification

67227fa9552a81465786e23b82347b7b RPMS/openssh-2.9p2-4.i386.rpm
80693bc40f533ed757a2cc3aa7ad2dbc RPMS/openssh-askpass-2.9p2-4.i386.rpm
3cbd5f69eb010de1dad17c25b85bcc6f RPMS/openssh-server-2.9p2-4.i386.rpm
50511f127c8215bce46d6082aa924aa9 SRPMS/openssh-2.9p2-4.src.rpm

6.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fvh openssh-2.9p2-4.i386.rpm \
openssh-askpass-2.9p2-4.i386.rpm \
openssh-server-2.9p2-4.i386.rpm

7. OpenLinux 3.1 Server

7.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

The corresponding source code package can be found at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

7.2 Verification

2b214778e58a252b5fa6efda93564ec9 RPMS/openssh-2.9p2-4.i386.rpm
a7cbe46794f3e2ccd9db54844d6500a2 RPMS/openssh-askpass-2.9p2-4.i386.rpm
eb5f164e76adf62b19d8d7ce8bd4e121 RPMS/openssh-server-2.9p2-4.i386.rpm
50511f127c8215bce46d6082aa924aa9 SRPMS/openssh-2.9p2-4.src.rpm

7.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fvh openssh-2.9p2-4.i386.rpm \
openssh-askpass-2.9p2-4.i386.rpm \
openssh-server-2.9p2-4.i386.rpm

8. OpenLinux 3.1 Workstation

8.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS

The corresponding source code package can be found at:

SRPMS

8.2 Verification

2b214778e58a252b5fa6efda93564ec9 RPMS/openssh-2.9p2-4.i386.rpm
a7cbe46794f3e2ccd9db54844d6500a2 RPMS/openssh-askpass-2.9p2-4.i386.rpm
eb5f164e76adf62b19d8d7ce8bd4e121 RPMS/openssh-server-2.9p2-4.i386.rpm
50511f127c8215bce46d6082aa924aa9 SRPMS/openssh-2.9p2-4.src.rpm

8.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fvh openssh-2.9p2-4.i386.rpm \
openssh-askpass-2.9p2-4.i386.rpm \
openssh-server-2.9p2-4.i386.rpm

9. References

This and other Caldera security resources are located at:

http://www.caldera.com/support/security/index.html

This security fix closes Caldera's internal Problem Report 11153.

10. Disclaimer

Caldera International, Inc. is not responsible for the misuse of
any of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera OpenLinux.

11. Acknowledgements

Caldera wishes to thank Markus Friedl of the OpenSSH team for notifying
vendor-sec.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE8FewT18sy83A/qfwRAkprAKCUuQ2aRIFumjIbmPnz8XHkPyfWlwCfR7eL
q5MEexeQXE2DDAlofnVtlpg=
=Uwbo
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@lists.caldera.com
For additional commands, e-mail: announce-help@lists.caldera.com