__________________________________________________________ S.A.F.E.R. Security Bulletin 980907.EXP.1.1 __________________________________________________________ TITLE : Vulnerability with HP-UX 10.20 and SSH 1.2.25 DATE : September 7, 1998 NATURE : Local compromise (remote under some circumstances) PLATFORMS : HP-UX 10.20 (possibly other versions of HP-UX) DETAILS: A vulnerability exists in HP-UX systems (tested on 10.20 that was converted to "trusted system") using SSH 1.2.25. When administrator creates a new user using SAM, no password is assigned, but a random number is generated which the user needs to input upon first login. However, if user connects via SSH using newly created username, no password authentication is performed and user automatically drops into shell. This can be especially dangerous on systems where users are added on a daily basis (universities for example) and other users aware of this bug could gain access to newly created accounts (remote users could gain information about new users using finger command, for example). FIXES: SSH 1.2.26 is available for over a month now (this problem has been fixed). Also, version 2.0 of SSH is released (completely rewritten). They are available for download at: ftp://ftp.cs.hut.fi/pub/ssh/ __________________________________________________________ S.A.F.E.R. - Security Alert For Entreprise Resources Copyright (c) 1998 Siam Relay Ltd. http://siamrelay.com/safer --- securityat_private __________________________________________________________
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:15:43 PDT