Security Update: [CSSA-2001-023.0] Linux - openssh cookie file problem

From: Support Info (supinfoat_private)
Date: Tue Jul 03 2001 - 11:40:23 PDT

Next message: Andrea Barisani: "poprelayd and sendmail relay authentication problem (Cobalt Raq3)"

Previous message: Support Info: "Security Update:[CSSA-2001-019.1] Linux - Webmin root account leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
		   Caldera International, Inc.  Security Advisory

Subject:		Linux - openssh cookie file problem
Advisory number: 	CSSA-2001-023.0
Issue date: 		2001 July, 03
Cross reference:        
______________________________________________________________________________


1. Problem Description

   Due to unsafe temporary directory usage an local attacker
   could remove any file called 'cookies' on the system.

2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux 2.3		not vulnerable

   OpenLinux eServer 2.3.1      All packages previous to
   and OpenLinux eBuilder  	openssh-2.9p2-3

   OpenLinux eDesktop 2.4       not vulnerable

   OpenLinux 3.1 Server		All packages previous to
				openssh-2.9p2-3	

   OpenLinux 3.1 Workstation    All packages previous to
				openssh-2.9p2-3

3. Solution

   Workaround

      none

   The proper solution is to upgrade to the latest packages.

4. OpenLinux 2.3

       not vulnerable

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

   5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

       34fbb2815f03c432492720d28f0db39d  RPMS/openssh-2.9p2-3.i386.rpm
       ee99b7b586166416601b4a0d4f90164d  RPMS/openssh-askpass-2.9p2-3.i386.rpm
       66c4ccbc757c7fc3f0d9edd50ce4444b  RPMS/openssh-server-2.9p2-3.i386.rpm
       f07dbad19313f6ae41329115ceda1bf4  SRPMS/openssh-2.9p2-3.src.rpm

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

	  /etc/rc.d/init.d/sshd stop
          rpm -Fvh openssh*.i386.rpm
	  /etc/rc.d/init.d/sshd start

6. OpenLinux eDesktop 2.4

       not vulnerable

7. OpenLinux 3.1 Server

   7.1 Location of Fixed Packages

   The upgrade packages can be found on Caldera's FTP site at:

   ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/

   The corresponding source code package can be found at:

   ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

   7.2 Verification

       af280d6cc5b6fb7d9f9be1511bd4aa40  RPMS/openssh-2.9p2-3.i386.rpm
       346dfd71190bbbe59d4ae0bc2f582011  RPMS/openssh-askpass-2.9p2-3.i386.rpm
       6fadeb3261714e130ccd0d69d40871a1  RPMS/openssh-server-2.9p2-3.i386.rpm
       f07dbad19313f6ae41329115ceda1bf4  SRPMS/openssh-2.9p2-3.src.rpm

   7.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

           rpm -Fvh openssh*i386.rpm

       or start kcupdate, the Caldera OpenLinux Update Manager.

8. OpenLinux 3.1 Workstation

   8.1 Location of Fixed Packages

   The upgrade packages can be found on Caldera's FTP site at:

   ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS/

   The corresponding source code package can be found at:

   ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS

   8.2 Verification

       af280d6cc5b6fb7d9f9be1511bd4aa40  RPMS/openssh-2.9p2-3.i386.rpm
       346dfd71190bbbe59d4ae0bc2f582011  RPMS/openssh-askpass-2.9p2-3.i386.rpm
       6fadeb3261714e130ccd0d69d40871a1  RPMS/openssh-server-2.9p2-3.i386.rpm
       f07dbad19313f6ae41329115ceda1bf4  SRPMS/openssh-2.9p2-3.src.rpm

   8.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

           rpm -Fvh openssh*i386.rpm

       or start kcupdate, the Caldera OpenLinux Update Manager.

9. References

   This and other Caldera security resources are located at:

   http://www.caldera.com/support/security/index.html

   This security fix closes Caldera's internal Problem Reports 10114 and
   10157.

10.Disclaimer

   Caldera International, Inc. is not responsible for the misuse of
   any of the information we provide on this website and/or through our
   security advisories. Our advisories are a service to our customers
   intended to promote secure installation and use of Caldera OpenLinux.

11.Acknowledgements

   Caldera International wishes to thank zen-parse for reporting this
   problem and the OpenSSH folks for providing a timely fix.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7Qcmw18sy83A/qfwRAitUAJ48NSL6X6fpVr9hXXv8tAJ21EXCbgCgpcLt
D6Cqe0VDor5g/SiY8ZDYsT8=
=4ZXh
-----END PGP SIGNATURE-----

Next message: Andrea Barisani: "poprelayd and sendmail relay authentication problem (Cobalt Raq3)"
Previous message: Support Info: "Security Update:[CSSA-2001-019.1] Linux - Webmin root account leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 04 2001 - 11:44:03 PDT