Security Update: [CSSA-2002-SCO.11] Open UNIX, UnixWare: OpenSSH channel code vulnerability

From: securityat_private
Date: Tue Mar 12 2002 - 16:33:04 PST

Next message: Support Info: "Security Update: [CSSA-2002-004.1] REVISED: Linux: Various security problems in ucd-snmp"

Previous message: Guy Poizat: "Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: bugtraqat_private announceat_private scoannmodat_private


___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		Open UNIX, UnixWare: OpenSSH channel code vulnerability
Advisory number: 	CSSA-2002-SCO.11
Issue date: 		2002 March 12
Cross reference:	CSSA-2002-SCO.10
___________________________________________________________________________


1. Problem Description

	A  bug exists in the  channel code  of  OpenSSH  versions  2.0
	though 3.0.2.

	Existing users can use this bug  to gain root privileges.  The
	ability to exploit this vulnerability without an existing user
	account  has  not  yet  been  proven,  but  it  is  considered
	possible.  A  malicious ssh server could also  use this bug to
	exploit a connecting vulnerable client.
						

2. Vulnerable Supported Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	UnixWare		7.1.1		all ssh distribution files
	Open UNIX		8.0.0		all ssh distribution files


3. Workaround

	None.


4. Open UNIX, UnixWare

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/


  4.2 Verification

	MD5 (openssh-3.1p1.pkg) = 795ce670574cfad348996be551cd498e

	md5 is available for download from
		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	Download openssh-3.1p1.pkg to the /tmp directory

	# pkgadd -d /tmp/openssh-3.1p1.pkg


5. References

	http://www.pine.nl/advisories/pine-cert-20020301.txt

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	sr861335, fz520314, erg711983.


6. Disclaimer

	Caldera International, Inc. is not  responsible for the misuse
	of  any of  the  information we provide on  our website and/or
	through our  security advisories. Our advisories are a service
	to  our customers  intended to promote secure installation and
	use of Caldera International products.


7. Acknowledgements

	Joost  Pol  <joostat_private>  discovered  and  researched  this
	vulnerability.

___________________________________________________________________________

application/pgp-signature attachment: stored

Next message: Support Info: "Security Update: [CSSA-2002-004.1] REVISED: Linux: Various security problems in ucd-snmp"
Previous message: Guy Poizat: "Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Mar 13 2002 - 18:22:03 PST