RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0

From: Stephanie Thomas (customer.serviceat_private)
Date: Wed Jul 25 2001 - 13:58:32 PDT

Next message: sco-securityat_private: "Security Update: [CSSA-2001-SCO.8] OpenServer: /etc/popper buffer overflow"

Previous message: David Maxwell: "Re: Telnetd AYT overflow scanner"
In reply to: Vega, Cesar: "RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Cesar,

We have not tested SSH Secure Shell 3.0.0 on AIX 4.2.1 for 
this vulnerability, so I cannot verify that one.

The HP-UX issue is a little more complex, however.

SSH Secure Shell 3.0.0 has proven vulnerable when running on 
HP-UX 10.20 and 11.00 (trusted AND untrusted) 
in the following, NON-DEFAULT situation:

- The password field of /etc/passwd is modified to
contain two characters

While this is a situation which does not occur natively in
HP-UX 10.20 or 11.00, we have listed them as affected because
there may be situations where this could occur.  One which comes
immediately to mind is the installation of some third-party
software which modifies /etc/passwd .  Another is improper 
editing of the /etc/passwd - perhaps by someone who is very
familiar with Solaris, for example, and puts 'NP' in the password
field.

All told, we felt it was best to list HP-UX 10.20 and 11.00 as
affected by this vulnerability of SSH Secure Shell 3.0.0 
in the face of these possibilities.

Best Regards,

Steph

-----Original Message-----
From: Vega, Cesar [mailto:cesar.vegaat_private]
Sent: Wednesday, July 25, 2001 1:01 PM
To: Stephanie Thomas; bugtraqat_private
Subject: RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0


Same thing in AIX 4.2.1.0 and HP-UX 10.20/11.00, previously configured as
Trusted System.

Cordial Greetings,

CVC

#  -----Original Message-----
#  From: Stephanie Thomas [mailto:customer.serviceat_private]
#  Sent: Wednesday, July 25, 2001 11:18 AM
#  To: Emre Yildirim; bugtraqat_private
#  Subject: RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
#  
#  
#  Hi Emre,
#  
#  We have tested OpenBSD and NetBSD, and have found
#  that they do not experience this vulnerability, 
#  even with ssh 3.0.0 installed.
#  
#  This is most likely due to the method used to encrypt the 
#  password in /etc/passwd or /etc/shadow.
#  
#  Best Regards,
#  
#  Steph
#  
#  -----Original Message-----
#  From: Emre Yildirim [mailto:emreat_private]
#  Sent: Monday, July 23, 2001 5:12 PM
#  To: bugtraqat_private
#  Cc: customer.serviceat_private
#  Subject: RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
#  
#  
#  
#  > SSH Secure Shell 3.0.0 does not ship with any
#  > of the operating systems mentioned, nor does the
#  > announcement specify that it does. However, if a
#  > user has explicitly installed SSH Secure Shell 3.0.0
#  > on any of the listed operating systems, they are
#  > vulnerable to this potential exploit.
#  >
#  
#  I don't want to drag this boring thread any longer, but in
#  your advisory, it stated that OpenBSD and NetBSD were
#  not vulnerable.  So...if I install SSH 3.0.0 on one of those
#  (even though the already come with openssh), ssh will not
#  be vulnerable to this bug?  Or will it?  I think that part
#  created a little confusion.
#  
#  
#  Cheers
#  
#  
#

Next message: sco-securityat_private: "Security Update: [CSSA-2001-SCO.8] OpenServer: /etc/popper buffer overflow"
Previous message: David Maxwell: "Re: Telnetd AYT overflow scanner"
In reply to: Vega, Cesar: "RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 14:15:29 PDT