SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Questions?
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (Security)  >  OpenSSH Vendors:  OpenSSH.org
OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
SecurityTracker Alert ID:  1004391
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 28 2002
Impact:  User access via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 3.2.2 and prior versions
Description:  A vulnerability was reported in OpenSSH when run on OpenBSD and BSD/OS operating systems. A remote user that should be denied access may be able to successfully authenticate to the system, or an authorized remote user may be denied access to the system.

OpenSSH reported that there is a defect in the BSD_AUTH access control handling for OpenBSD and BSD/OS systems.

According to the report, systems using YP with netgroups in the password database may fail to use the proper password when verifying passwords under certain conditions. The SSH daemon may perform access control list checks for the requested user name but using the password database entry of a different user for authentication. As a result, a user that should be denied access may be able to authenticate successfully while a valid remote user may be denied access.

[Editor's note: The report only mentions OpenBSD and BSD/OS as affected operating systems and does not indicate if any other BSD-based operating systems are affected; we have marked this alert as potentially affecting other BSD-based systems just to be safe, even though that has not been confirmed.]
Impact:  A remote user that is to be denied access by the SSH access control lists may be able to gain access to the system using the password of another user. Also, valide remote users may be incorrectly denied access.
Solution:  The vendor has issued a fixed version (3.2.3), available at:

http://www.openssh.com/
Vendor URL:  www.openssh.org/ (Links to External Site)
Cause:  Authentication error
Underlying OS:  UNIX (BSD/OS), UNIX (FreeBSD), UNIX (NetBSD), UNIX (OpenBSD), UNIX (OS X)
Underlying OS Comments:  Affects BSD-based operating systems
Reported By:  Jonas Eriksson <je@sekure.net>
Message History:   None.

 Source Message Contents
Date:  Mon, 27 May 2002 20:19:29 +0200 (CEST)
From:  Jonas Eriksson <je@sekure.net>
Subject:  OpenSSH 3.2.3 released (fwd)

 



---------- Forwarded message ----------
Date: Thu, 23 May 2002 10:08:08 +0200
From: Markus Friedl <Markus_Friedl@genua.de>
To: announce@openbsd.org
Subject: OpenSSH 3.2.3 released

OpenSSH 3.2.3 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.

We would like to thank the OpenSSH community for their continued
support and encouragement.


Changes since OpenSSH 3.2.2:
============================

  This release fixes several problems in OpenSSH 3.2.2:

    - a defect in the BSD_AUTH access control handling for
      OpenBSD and BSD/OS systems:

      Under certain conditions, on systems using YP with netgroups
      in the password database, it is possible that sshd does ACL
      checks for the requested user name but uses the password
      database entry of a different user for authentication. This
      means that denied users might authenticate successfully while
      permitted users could be locked out (OpenBSD PR 2659).

    - login/tty problems on Solaris (bug #245)

    - build problems on Cygwin systems


Changes between OpenSSH 3.1 and OpenSSH 3.2.2:
==============================================

  Security Changes:
  =================

  - fixed buffer overflow in Kerberos/AFS token passing
  - fixed overflow in Kerberos client code
  - sshd no longer auto-enables Kerberos/AFS
  - experimental support for privilege separation,
    see UsePrivilegeSeparation in sshd(8) and
  	  http://www.citi.umich.edu/u/provos/ssh/privsep.html
    for more information.
  - only accept RSA keys of size SSH_RSA_MINIMUM_MODULUS_SIZE (768) or larger

  Other Changes:
  ==============

  - improved smartcard support (including support for OpenSC,
    see www.opensc.org)
  - improved Kerberos support (including support for MIT-Kerberos V)
  - fixed stderr handling in protocol v2
  - client reports failure if -R style TCP forwarding fails in protocol v2
  - support configuration of TCP forwarding during interactive sessions (~C)
  - improved support for older sftp servers
  - improved support for importing old DSA keys (from ssh.com software).
  - client side suport for PASSWD_CHANGEREQ in protocol v2
  - fixed waitpid race conditions
  - record correct lastlogin time

Reporting Bugs:
===============

- please read http://www.openssh.com/report.html
  and http://bugzilla.mindrot.org/

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller and Ben Lindstrom.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC