drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Fehlerhafter Vergleich in openssh
Name: |
Fehlerhafter Vergleich in openssh
|
|
ID: |
CSSA-2002-012.0 |
|
Distribution: |
Caldera |
|
Plattformen: |
Caldera Server 3.1, Caldera Workstation 3.1, Caldera Server 3.1.1, Caldera Workstation 3.1.1 |
|
Datum: |
Mi, 3. April 2002, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Portable OpenSSH |
|
Originalnachricht |
--EgVrEAR5UttbsTXg Content-Disposition: inline Content-Transfer-Encoding: quoted-printable
To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com
______________________________________________________________________________ Caldera International, Inc. Security Advisory
Subject: Linux: OpenSSH channel code vulnerability Advisory number: CSSA-2002-012.0 Issue date: 2002, March 28 Cross reference: ______________________________________________________________________________
1. Problem Description
A bug exists in the channel code of OpenSSH versions 2.0 though 3.0.2. Existing users can use this bug to gain root privileges. The ability to exploit this vulnerability without an existing user account has not yet been proven, but it is considered possible. A malicious ssh server could also use this bug to exploit a connecting vulnerable client.
2. Vulnerable Supported Versions
System Package ----------------------------------------------------------- OpenLinux Server 3.1 All packages previous to openssh-2.9p2 OpenLinux Workstation 3.1 All packages previous to openssh-2.9p2 OpenLinux Server 3.1.1 All packages previous to openssh-2.9.9p2 OpenLinux Workstation All packages previous to 3.1.1 openssh-2.9.9p2
3. Solution
Workaround
none
The proper solution is to upgrade to the latest packages.
4. OpenLinux 3.1 Server
4.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS
4.2 Verification
f628846edca7e40cebf0174d4a02abb9 RPMS/openssh-2.9p2-5.i386.rpm 4.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh openssh-2.9p2-5.i386.rpm
5. OpenLinux 3.1 Workstation
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS
The corresponding source code package can be found at:
SRPMS
5.2 Verification
f628846edca7e40cebf0174d4a02abb9 RPMS/openssh-2.9p2-5.i386.rpm 5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh openssh-2.9p2-5.i386.rpm
6. OpenLinux 3.1.1 Server
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS
6.2 Verification
523a21268ec04feb84feaf8a8b41bb3c RPMS/openssh-2.9.9p2-3.i386.rpm 6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh openssh-2.9.9p2-3.i386.rpm
7. OpenLinux 3.1.1 Workstation
7.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
RPMS
The corresponding source code package can be found at:
SRPMS
7.2 Verification
523a21268ec04feb84feaf8a8b41bb3c RPMS/openssh-2.9.9p2-3.i386.rpm 7.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh openssh-2.9.9p2-3.i386.rpm
8. References
Specific references for this advisory:
none
Caldera OpenLinux security resources:
http://www.caldera.com/support/security/index.html
Caldera UNIX security resources:
http://stage.caldera.com/support/security/
This security fix closes Caldera incidents sr861333, fz520313, erg711982.
9. Disclaimer
Caldera International, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera International products.
10. Acknowledgements
Joost Pol <joost@pine.nl> discovered and researched this vulnerability. ______________________________________________________________________________
--EgVrEAR5UttbsTXg Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (SCO_SV) Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjykxucACgkQbluZssSXDTEoQgCeLDNK8rwOMbsTXbkWFDTELBSj 5sEAoNTYsFidhlmjixORdQClbJmODc8l =Mj7n -----END PGP SIGNATURE-----
--EgVrEAR5UttbsTXg--
|
|
|
|