(Gentoo Issues Fix) Re: Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
|
|
SecurityTracker Alert ID: 1007806 |
|
SecurityTracker URL: http://securitytracker.com/id/1007806
|
|
CVE Reference:
CAN-2003-0786, CAN-2003-0787
(Links to External Site)
|
Updated: Dec 1 2003
|
Original Entry Date: Sep 25 2003
|
Impact:
Execution of arbitrary code via network, Root access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): Portable Version Only; 3.7p1 and 3.7.1p1
|
Description:
A vulnerability was reported in two specific portable versions of OpenSSH in the PAM implementation. A remote user may be able to execute arbitrary code.
It is reported that there are multiple flaws in the new PAM code in portable OpenSSH versions 3.7p1 and 3.7.1p1. In at least one bug, a remote user can cause arbitrary code to be executed on the target system when the target system is in a non-standard configuration (with privsep disabled).
The vendor notes that the OpenBSD releases of OpenSSH do not contain this code and, therefore, are not vulnerable. Also, portable OpenSSH versions prior to 3.6.1p2 are also not affected.
|
Impact:
A remote user may be able to execute arbitrary code on the target system wtih root privileges.
|
Solution:
Gentoo has issued a fix and recommends that Gentoo Linux users running net-misc/openssh upgrade to openssh-3.7.1_p2 as follows:
emerge sync
emerge openssh
emerge clean
|
Vendor URL: www.openssh.com/txt/sshpam.adv (Links to External Site)
|
Cause:
State error
|
Underlying OS:
Linux (Gentoo)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Tue, 23 Sep 2003 22:25:37 +0200 (CEST)
Subject: [gentoo-announce] GLSA: openssh (200309-14)
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200309-14
- - - ---------------------------------------------------------------------
PACKAGE : openssh
SUMMARY : multiple vulnerabilities in new PAM code
DATE : 2003-09-23 20:25 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <openssh-3.7.1_p2
FIXED VERSION : >=openssh-3.7.1_p2
CVE :
- - - ---------------------------------------------------------------------
quote from advisory:
"Portable OpenSSH versions 3.7p1 and 3.7.1p1 contain multiple
vulnerabilities in the new PAM code. At least one of these bugs
is remotely exploitable (under a non-standard configuration,
with privsep disabled)."
read the full advisory at:
http://www.openssh.com/txt/sshpam.adv
SOLUTION
It is recommended that all Gentoo Linux users who are running
net-misc/openssh upgrade to openssh-3.7.1_p2 as follows:
emerge sync
emerge openssh
emerge clean
- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://dev.gentoo.org/~aliz
- - - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/cKxBfT7nyhUpoZMRAmw0AJ92FPN0+E9Sm30c8B8rjF31/gQ7UwCcCWmi
ZSsCQAtKpTlq4M/KTdfMQ5M=
=mEO/
-----END PGP SIGNATURE-----
|
|
