8216586 2002-03-29 11:56 -0800 /182 rader/ <security@caldera.com>
Sänt av: joel@lysator.liu.se
Importerad: 2002-03-29 22:51 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: announce@lists.caldera.com
Extern mottagare: security-alerts@linuxsecurity.com
Mottagare: Bugtraq (import) <21641>
Ärende: Security Update: [CSSA-2002-012.0] Linux: OpenSSH channel code vulnerability
------------------------------------------------------------
From: security@caldera.com
To: bugtraq@securityfocus.com, announce@lists.caldera.com,
security-alerts@linuxsecurity.com
Message-ID: <20020329115623.K25454@caldera.com>
To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com
______________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Linux: OpenSSH channel code vulnerability
Advisory number: CSSA-2002-012.0
Issue date: 2002, March 28
Cross reference:
______________________________________________________________________________
1. Problem Description
A bug exists in the channel code of OpenSSH versions 2.0 though
3.0.2. Existing users can use this bug to gain root
privileges. The ability to exploit this vulnerability without an
existing user account has not yet been proven, but it is
considered possible. A malicious ssh server could also use this
bug to exploit a connecting vulnerable client.
2. Vulnerable Supported Versions
System Package
-----------------------------------------------------------
OpenLinux Server 3.1 All packages previous to
openssh-2.9p2
OpenLinux Workstation 3.1 All packages previous to
openssh-2.9p2
OpenLinux Server 3.1.1 All packages previous to
openssh-2.9.9p2
OpenLinux Workstation All packages previous to
3.1.1 openssh-2.9.9p2
3. Solution
Workaround
none
The proper solution is to upgrade to the latest packages.
4. OpenLinux 3.1 Server
4.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS
4.2 Verification
f628846edca7e40cebf0174d4a02abb9 RPMS/openssh-2.9p2-5.i386.rpm
4.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh openssh-2.9p2-5.i386.rpm
5. OpenLinux 3.1 Workstation
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS
5.2 Verification
f628846edca7e40cebf0174d4a02abb9 RPMS/openssh-2.9p2-5.i386.rpm
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh openssh-2.9p2-5.i386.rpm
6. OpenLinux 3.1.1 Server
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS
6.2 Verification
523a21268ec04feb84feaf8a8b41bb3c
RPMS/openssh-2.9.9p2-3.i386.rpm
6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh openssh-2.9.9p2-3.i386.rpm
7. OpenLinux 3.1.1 Workstation
7.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS
The corresponding source code package can be found at:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS
7.2 Verification
523a21268ec04feb84feaf8a8b41bb3c
RPMS/openssh-2.9.9p2-3.i386.rpm
7.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh openssh-2.9.9p2-3.i386.rpm
8. References
Specific references for this advisory:
none
Caldera OpenLinux security resources:
http://www.caldera.com/support/security/index.html
Caldera UNIX security resources:
http://stage.caldera.com/support/security/
This security fix closes Caldera incidents sr861333, fz520313,
erg711982.
9. Disclaimer
Caldera International, Inc. is not responsible for the misuse of
any of the information we provide on this website and/or through
our security advisories. Our advisories are a service to our
customers intended to promote secure installation and use of
Caldera International products.
10. Acknowledgements
Joost Pol <joost@pine.nl> discovered and researched this
vulnerability.
______________________________________________________________________________
(8216586) / <security@caldera.com>/-------(Ombruten)
Bilaga (application/pgp-signature) i text 8216587
8216587 2002-03-29 11:56 -0800 /10 rader/ <security@caldera.com>
Importerad: 2002-03-29 22:51 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern mottagare: announce@lists.caldera.com
Extern mottagare: security-alerts@linuxsecurity.com
Mottagare: Bugtraq (import) <21642>
Bilaga (text/plain) till text 8216586
Ärende: Bilaga till: Security Update: [CSSA-2002-012.0] Linux: OpenSSH channel code vulnerability
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjykxucACgkQbluZssSXDTEoQgCeLDNK8rwOMbsTXbkWFDTELBSj
5sEAoNTYsFidhlmjixORdQClbJmODc8l
=Mj7n
-----END PGP SIGNATURE-----
(8216587) / <security@caldera.com>/-----------------