Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » ESA-20020307-007-openssh, openssh-clients, openssh-server

ESA-20020307-007-openssh, openssh-clients, openssh-server

by Nikola Strahija on March 7th, 2002 There is a local vulnerability in the OpenSSH channel code which may allow a local, authenticated user to exploit the server.


DETAIL
- ------
Joost Pol outlined this bug in Pine Internet Security
Advisory PINE-CERT-20020301:

http://www.pine.nl/advisories/pine-cert-20020301

"Users with an existing user account can abuse this bug to
gain root privileges. Exploitability without an existing
user account has not been proven but is not considered
impossible. A malicious ssh server could also use this bug
to exploit a connecting vulnerable client."

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0083 to this issue.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0083


SOLUTION
- --------
All users should upgrade to the most recent version as outlined in
this advisory.

Guardian Digital recently made available the Guardian Digital Secure
Network, a means to proactively keep systems secure and manage
system software. EnGarde users can automatically update their system
using the Guardian Digital WebTool secure interface.

If choosing to manually upgrade this package, updates can be
obtained from:

ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
http://ftp.engardelinux.org/pub/engarde/stable/updates/

Before upgrading the package, the machine must either:

a) be booted into a "standard" kernel; or
b) have LIDS disabled.

To disable LIDS, execute the command:

# /sbin/lidsadm -S -- -LIDS_GLOBAL

To install the updated package, execute the command:

# rpm -Uvh

You must now update the LIDS configuration by executing the command:

# /usr/sbin/config_lids.pl

To re-enable LIDS (if it was disabled), execute the command:

# /sbin/lidsadm -S -- +LIDS_GLOBAL

To verify the signatures of the updated packages, execute the command:

# rpm -Kv


UPDATED PACKAGES
- ----------------
These updated packages are only for EnGarde Secure Linux Community
Edition.

Source Packages:

SRPMS/openssh-2.3.0p1-1.0.18.src.rpm
MD5 Sum: 675ca26dd4cf1bddb3363b65433a8833

i386 Binary Packages:

i386/openssh-2.3.0p1-1.0.18.i386.rpm
MD5 Sum: 8564be9e0d904b29bbea0ce743e14f51

i386/openssh-clients-2.3.0p1-1.0.18.i386.rpm
MD5 Sum: a42d161a88ad830abec45a13b2ee710c

i386/openssh-server-2.3.0p1-1.0.18.i386.rpm
MD5 Sum: 77cf681f7b0e530d98ab784edec3a76f

i686 Binary Packages:

i686/openssh-2.3.0p1-1.0.18.i686.rpm
MD5 Sum: a703f0046b35d7d08ee3a6354dde25ea

i686/openssh-clients-2.3.0p1-1.0.18.i686.rpm
MD5 Sum: e0e8de4271d26f36c75b28c727906bb4

i686/openssh-server-2.3.0p1-1.0.18.i686.rpm
MD5 Sum: 96d91d85f116934737bd3e1419bd90c0


REFERENCES
- ----------
Guardian Digital's public key:
http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY

Credit for the discovery of this bug goes to:
Joost Pol

OpenSSH's Official Web Site:
http://www.openssh.org/

Security Contact: [email protected]
EnGarde Advisories: http://www.engardelinux.org/advisories.html

- --------------------------------------------------------------------------
$Id: ESA-20020307-007-openssh,v 1.2 2002/03/07 16:27:48 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple,
Copyright 2002, Guardian Digital, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8h5ekHD5cqd57fu0RAikiAJ4hBhPpIJlCi550HssJDCaNYtpfqACbB9lj
5Ddl3sDxMGN0dbatzTzSzUk=
=Bh8V
-----END PGP SIGNATURE-----


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »