__________________________________________________________
S.A.F.E.R. Security Bulletin 980907.EXP.1.1
__________________________________________________________
TITLE : Vulnerability with HP-UX 10.20 and SSH 1.2.25
DATE : September 7, 1998
NATURE : Local compromise (remote under some circumstances)
PLATFORMS : HP-UX 10.20 (possibly other versions of HP-UX)
DETAILS:
A vulnerability exists in HP-UX systems (tested on 10.20 that was converted
to "trusted system") using SSH 1.2.25.
When administrator creates a new user using SAM, no password is assigned,
but a random number is generated which the user needs to input upon first
login.
However, if user connects via SSH using newly created username, no password
authentication is performed and user automatically drops into shell.
This can be especially dangerous on systems where users are added on a
daily basis (universities for example) and other users aware of this bug
could gain access to newly created accounts (remote users could gain
information about new users using finger command, for example).
FIXES:
SSH 1.2.26 is available for over a month now (this problem has been fixed).
Also, version 2.0 of SSH is released (completely rewritten).
They are available for download at: ftp://ftp.cs.hut.fi/pub/ssh/
__________________________________________________________
S.A.F.E.R. - Security Alert For Entreprise Resources
Copyright (c) 1998 Siam Relay Ltd.
http://siamrelay.com/safer --- securityat_private
__________________________________________________________
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:15:43 PDT