SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
About the Archives
Want to learn about the SecurityTracker archives? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (Security)  >  SSH Vendors:  SSH Communications
(Default Caldera Linux Not Vulnerable) Re: SSH Secure Shell 3.0.0 for Unix Lets Remote Users Login to Certain Accounts Without Authentication
Date:  Jul 22 2001 04:35 (UTC/GMT)
Impact:  User access via network
Version(s): 3.0.0 (for UNIX only)
Description:  SSH warned of a vulnerability with SSH Secure Shell version 3.0.0 for Unix that grants remote users access to certain accounts without authorization.

Caldera reports that they do not ship the commercial version of SSH (which is the vulnerable version) and, as a result, is not vulnerable unless the system administrator has installed the commercial version of SSH.

Caldera indicates that they provide OpenSSH version 2.9p2 for all supported platforms, which is not affected by above flaw.
Impact:  A remote user can access certain accounts via SSH without authentication.
Solution:  SSH Secure Shell 3.0.1 reportedly fixes this problem. See the Vendor URL. The fix is also available at:
ftp://ftp.ssh.com/pub/ssh
A patch for 3.0.0 source code is also available at the ftp site.
Vendor URL:  commerce.ssh.com/ (Links to External Site)
Cause:  Authentication error
Underlying OS:  Linux (Caldera)
Underlying OS Comments:  Red Hat Linux 6.1 thru 7.1, Solaris 2.6 thru 2.8, HP-UX 10.20, HP-UX 11.00, Caldera Linux 2.4, Suse Linux 6.4 thru 7.0; other platforms may also be vulnerable
Reported By:  Marcus Meissner <mm@ns.caldera.de>
Message History:   This archive entry is a follow-up to the message listed below.
Jul 21 2001 SSH Secure Shell 3.0.0 for Unix Lets Remote Users Login to Certain Accounts Without Authentication


 Source Message Contents
Date:  Sun, 22 Jul 2001 00:48:58 +0200
From:  Marcus Meissner <mm@ns.caldera.de>
Subject:  Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0

 

In article <FNEKKFMHLBAMAHPEHBLMCEAGCAAA.customer.service@ssh.com> you wrote:
> Dear Secure Shell Community,

> A potential remote root exploit has been discovered 
> in SSH Secure Shell 3.0.0, for Unix only, concerning 
> accounts with password fields consisting of two or 
> fewer characters. Unauthorized users could potentially 
> log in to these accounts using any password, including 
> an empty password.  This affects SSH Secure Shell 3.0.0
> for Unix only.  This is a problem with password 
> authentication to the sshd2 daemon.  The SSH Secure 
> Shell client binaries (located by default in 
> /usr/local/bin) are not affected.   

> SSH Secure Shell 3.0.1 fixes this problem.
> ...
> ... Vulnerable ...
> ...
> Caldera Linux 2.4 


Caldera is not shipping the commercial version of SSH in its Linux
distribtuins and so is NOT vulnerable except in cases where the
administrator installed the commercial version of SSH.

We are instead providing OpenSSH version 2.9p2 for all supported platforms,
which is not affected by above flaw.

Ciao, Marcus
-- 
      _____     ___
     /  __/____/  /                Caldera (Deutschland) GmbH
    /  /_/ __  / /__          Naegelsbachstr. 49c, 91052 Erlangen
   /_____//_/ /____/       Dipl. Inf. Marcus Meissner, email: mm@caldera.de
  ==== /_____/ ======    phone: ++49 9131 7912-300, fax: ++49 9131 7192-399
   Caldera OpenLinux


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2001, SecurityGlobal.net LLC