SSH Communications SSH Secure Shell on IBM AIX Systems Lets Authenticated Remote Users Escape Their 'chroot' Directory
|
|
SecurityTracker Alert ID: 1004849 |
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jul 26 2002
|
Impact: Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 3.2.0 (Only vulnerable when the chroot functionality is used)
|
Description: SSH Communications has released a security advisory warning of a vulnerability in version 3.2.0 of SSH Secure Shell for Servers and
Secure Shell for Workstations, only affecting IBM AIX platforms. When chroot functionality is used, a remote authenticated user
may be able to access directories and files located outside of the user's chroot directory.
According to the report, there is 'incorrect code' in SSH Secure Shell for Servers and SSH Secure Shell for Workstations version
3.2.0 on AIX when chroot functionality is used that allows all users to have access to all directories in the server. Normally,
chroot functionality limits user access below a specified directory tree on the server. Access is typically limited to the user's
home directory and it's subdirectories.
The specific nature of the flaw was not disclosed.
|
Impact: An authenticated remote user could gain access to files on the system located outside of the user's chroot'd directory.
|
Solution: The vendor has released a patch (in diff format), an AIX installation package, and instructions on how to perform the update. These
are available at:
ftp://ftp.ssh.com/pub/ssh/patches
Commercial and non-commercial customers can apply the source diff file
to the 3.2.0 release source code and create binaries for 3.2.1.
SSH notes that the installation package binaries require a license.dat
file, which is available to all 3.2.0 customers on their installation CD or on the package they have downloaded from our e-commerce
site.
SSH strongly recommendeds that affected users update their software immediately.
|
Vendor URL: www.ssh.com/products/ssh/advisories/AIX-chroot.cfm (Links to External Site)
|
Cause: Access control error
|
Underlying OS: UNIX (AIX)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 26 Jul 2002 11:58:27 -0400
Subject: SSH Secure Shell 3.2.0 for AIX Vulnerability
|
http://www.ssh.com/products/ssh/advisories/AIX-chroot.cfm
SSH has released a security advisory warning of a vulnerability in SSH
Secure Shell for Servers & Secure Shell for Workstations, version 3.2.0
only. Only customers using AIX platforms with chroot functionality are
affected.
According to the report, there is 'incorrect code' in 3.2.0 on AIX when
chroot functionality is used that allows all users to have access to all
directories in the server. Normally, chroot functionality limits user
access below a specified directory tree on the server. Access is
typically limited to the user's home directory and it's subdirectories.
An authorized remote user could gain access to files on the system
located outside of the user's chroot'd directory.
SSH strongly recommendeds that affected users update their software
immediately.
The vendor has released a patch (in diff format), an AIX installation
package, and instructions on how to perform the update. These are
available at:
ftp://ftp.ssh.com/pub/ssh/patches
Commercial and non-commercial customers can apply the source diff file
to the 3.2.0 release source code and create binaries for 3.2.1.
SSH notes that the installation package binaries require a license.dat
file, which is available to all 3.2.0 customers on their installation CD
or on the package they have downloaded from our e-commerce site.
|
|
