SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Security)  >   OpenSSH Vendors:   OpenSSH.org
(Trustix Issues Fix) Re: Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
SecurityTracker Alert ID:  1007833
SecurityTracker URL:  http://securitytracker.com/id/1007833
CVE Reference:   CAN-2003-0786, CAN-2003-0787   (Links to External Site)
Updated:  Dec 1 2003
Original Entry Date:  Sep 30 2003
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Portable Version Only; 3.7p1 and 3.7.1p1
Description:   A vulnerability was reported in two specific portable versions of OpenSSH in the PAM implementation. A remote user may be able to execute arbitrary code.

It is reported that there are multiple flaws in the new PAM code in portable OpenSSH versions 3.7p1 and 3.7.1p1. In at least one bug, a remote user can cause arbitrary code to be executed on the target system when the target system is in a non-standard configuration (with privsep disabled).

The vendor notes that the OpenBSD releases of OpenSSH do not contain this code and, therefore, are not vulnerable. Also, portable OpenSSH versions prior to 3.6.1p2 are also not affected.
Impact:   A remote user may be able to execute arbitrary code on the target system wtih root privileges.
Solution:   Trustix has issued a fix, available at:

http://www.trustix.net/pub/Trustix/updates/

Users of the SWUP tool can update automatically using 'swup --upgrade'.

The MD5sums of the packages are:

cdd7fbe95ce29e7986a0221281bd55dd ./1.2/RPMS/openssh-3.1.0p1-7tr.i586.rpm
1c25a27b945b95244aad8ba67174f83b ./1.2/RPMS/openssh-clients-3.1.0p1-7tr.i586.rpm
808f9e79c58ca5e59e97520e62852dbb ./1.2/RPMS/openssh-server-3.1.0p1-7tr.i586.rpm
16c61042d2804ff58d238ec4c951334e ./1.2/SRPMS/openssh-3.1.0p1-7tr.src.rpm
082c9e04ac3ddc7c9cfb5485fc87623c ./1.5/RPMS/openssh-3.1.0p1-7tr.i586.rpm
43f0118586fce6165fc64cc0ad9ff89d ./1.5/RPMS/openssh-clients-3.1.0p1-7tr.i586.rpm
a93c90cd2dbc88e1f6eafecec8fe3bb6 ./1.5/RPMS/openssh-server-3.1.0p1-7tr.i586.rpm
16c61042d2804ff58d238ec4c951334e ./1.5/SRPMS/openssh-3.1.0p1-7tr.src.rpm
c6b2140f2d31890d997ac111bdbc1bb3 ./2.0/RPMS/openssh-3.6.1p2-5tr.i586.rpm
70e0f048977ab7e4f9258fd74ca01f3e ./2.0/RPMS/openssh-clients-3.6.1p2-5tr.i586.rpm
041ed1eee2a15010cc6af4128403e166 ./2.0/RPMS/openssh-server-3.6.1p2-5tr.i586.rpm
aaf479bd9d626b7ff7d2888e4cb0a153 ./2.0/RPMS/openssh-server-config-3.6.1p2-5tr.i586.rpm
529ccaf089966ac90bbd3b5bb2596cb8 ./2.0/SRPMS/openssh-3.6.1p2-5tr.src.rpm
Vendor URL:  www.openssh.com/txt/sshpam.adv (Links to External Site)
Cause:   State error
Underlying OS:   Linux (Trustix)

Message History:   This archive entry is a follow-up to the message listed below.
Sep 23 2003 Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code


 Source Message Contents
Date:  Mon, 29 Sep 2003 04:19:48 +0200
Subject:  TSLSA-2003-0036 - openssh


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Bugfix Advisory #2003-0036

Package name:      openssh
Summary:           Minor bugfixes
Date:              2003-09-27
Affected versions: TSL 1.2, 1.5, 2.0

- --------------------------------------------------------------------------
Package description:
  Ssh (Secure Shell) a program for logging into a remote machine and for
  executing commands in a remote machine.  It is intended to replace
  rlogin and rsh, and provide secure encrypted communications between
  two untrusted hosts over an insecure network.  X11 connections and
  arbitrary TCP/IP ports can also be forwarded over the secure channel.

  OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
  up to date in terms of security and features, as well as removing all
  patented algorithms to seperate libraries (OpenSSL).

Problem description:
  More cleanup patches not belived to be of any security matter, but
  still.

Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All TSL updates are available from
  <URI:http://www.trustix.net/pub/Trustix/updates/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Public testing:
  These packages have been available for public testing for some time.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://www.trustix.net/pub/Trustix/testing/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/testing/>

  You may also use swup for public testing of updates for TSL 2.0 and later:
  
  site {
      class = 0
      location = "http://snow.trustix.org/cloud/rdfs/latest.rdf"
      regexp = ".*"
  }
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.net/support/>


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key is available from:
  <URI:http://www.trustix.net/TSL-GPG-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.net/errata/trustix-1.2/>,
  <URI:http://www.trustix.net/errata/trustix-1.5/> and
  <URI:http://www.trustix.net/errata/trustix-2.0/>
  or directly at
  <URI:http://www.trustix.net/errata/misc/2003/TSL-2003-0036-openssh.asc.txt>


MD5sums of the packages:
- --------------------------------------------------------------------------
cdd7fbe95ce29e7986a0221281bd55dd  ./1.2/RPMS/openssh-3.1.0p1-7tr.i586.rpm
1c25a27b945b95244aad8ba67174f83b  ./1.2/RPMS/openssh-clients-3.1.0p1-7tr.i586.rpm
808f9e79c58ca5e59e97520e62852dbb  ./1.2/RPMS/openssh-server-3.1.0p1-7tr.i586.rpm
16c61042d2804ff58d238ec4c951334e  ./1.2/SRPMS/openssh-3.1.0p1-7tr.src.rpm
082c9e04ac3ddc7c9cfb5485fc87623c  ./1.5/RPMS/openssh-3.1.0p1-7tr.i586.rpm
43f0118586fce6165fc64cc0ad9ff89d  ./1.5/RPMS/openssh-clients-3.1.0p1-7tr.i586.rpm
a93c90cd2dbc88e1f6eafecec8fe3bb6  ./1.5/RPMS/openssh-server-3.1.0p1-7tr.i586.rpm
16c61042d2804ff58d238ec4c951334e  ./1.5/SRPMS/openssh-3.1.0p1-7tr.src.rpm
c6b2140f2d31890d997ac111bdbc1bb3  ./2.0/RPMS/openssh-3.6.1p2-5tr.i586.rpm
70e0f048977ab7e4f9258fd74ca01f3e  ./2.0/RPMS/openssh-clients-3.6.1p2-5tr.i586.rpm
041ed1eee2a15010cc6af4128403e166  ./2.0/RPMS/openssh-server-3.6.1p2-5tr.i586.rpm
aaf479bd9d626b7ff7d2888e4cb0a153  ./2.0/RPMS/openssh-server-config-3.6.1p2-5tr.i586.rpm
529ccaf089966ac90bbd3b5bb2596cb8  ./2.0/SRPMS/openssh-3.6.1p2-5tr.src.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/d4sywRTcg4BxxS0RAhYwAJ0WN5KmwaeNXCnmaxJTGgXV6etUvACeL/lt
Owo0n7fhUCIOqszO4sa5mBs=
=4xHh
-----END PGP SIGNATURE-----
_______________________________________________
tsl-announce mailing list
tsl-announce@tslng.org
http://www.tslng.org/mailman/listinfo/tsl-announce


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC