Security Update: [CSSA-2002-SCO.10] OpenServer: OpenSSH channel code vulnerability

From: securityat_private
Date: Tue Mar 12 2002 - 14:48:40 PST

Next message: FreeBSD Security Advisories: "FreeBSD Ports Security Advisory FreeBSD-SA-02:17.mod_frontpage"

Previous message: Florian Hobelsberger / BlueScreen: "Marcus S. Xenakis "directory.php" allows arbitrary code execution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: bugtraqat_private announceat_private scoannmodat_private

___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		OpenServer: OpenSSH channel code vulnerability
Advisory number: 	CSSA-2002-SCO.10
Issue date: 		2002 March 12
Cross reference:
___________________________________________________________________________


1. Problem Description

	A  bug exists in the  channel code  of  OpenSSH  versions  2.0
	though 3.0.2.

	Existing users can use this bug  to gain root privileges.  The
	ability to exploit this vulnerability without an existing user
	account  has  not  yet  been  proven,  but  it  is  considered
	possible.  A  malicious ssh server could also  use this bug to
	exploit a connecting vulnerable client.
						

2. Vulnerable Supported Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	OpenServer		<= 5.0.6a	all ssh distribution files


3. Workaround

	None.


4. OpenServer

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/


  4.2 Verification

	MD5 (openssh-3.1p1-VOLS.tar) = 8e99c00aa99c12b48cc4fcc4578c9923

	md5 is available for download from
		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	Download openssh-3.1p1-VOLS.tar to the /tmp directory

	# cd /tmp
	# tar xvf openssh-3.1p1-VOLS.tar

	Run the custom command, specify an install from media  images,
	and specify the /tmp directory as the location of the images.


5. References

	http://www.pine.nl/advisories/pine-cert-20020301.txt

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	sr861336, fz520315, erg711984.


6. Disclaimer

	Caldera International, Inc. is not  responsible for the misuse
	of  any of  the  information we provide on  our website and/or
	through our  security advisories. Our advisories are a service
	to  our customers  intended to promote secure installation and
	use of Caldera International products.


7. Acknowledgements

	Joost  Pol  <joostat_private>  discovered  and  researched  this
	vulnerability.

___________________________________________________________________________

application/pgp-signature attachment: stored

Next message: FreeBSD Security Advisories: "FreeBSD Ports Security Advisory FreeBSD-SA-02:17.mod_frontpage"
Previous message: Florian Hobelsberger / BlueScreen: "Marcus S. Xenakis "directory.php" allows arbitrary code execution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Mar 12 2002 - 17:55:59 PST