To: bugtraqat_private announceat_private security-alertsat_private ______________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: Linux: OpenSSH channel code vulnerability Advisory number: CSSA-2002-012.0 Issue date: 2002, March 28 Cross reference: ______________________________________________________________________________ 1. Problem Description A bug exists in the channel code of OpenSSH versions 2.0 though 3.0.2. Existing users can use this bug to gain root privileges. The ability to exploit this vulnerability without an existing user account has not yet been proven, but it is considered possible. A malicious ssh server could also use this bug to exploit a connecting vulnerable client. 2. Vulnerable Supported Versions System Package ----------------------------------------------------------- OpenLinux Server 3.1 All packages previous to openssh-2.9p2 OpenLinux Workstation 3.1 All packages previous to openssh-2.9p2 OpenLinux Server 3.1.1 All packages previous to openssh-2.9.9p2 OpenLinux Workstation All packages previous to 3.1.1 openssh-2.9.9p2 3. Solution Workaround none The proper solution is to upgrade to the latest packages. 4. OpenLinux 3.1 Server 4.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS 4.2 Verification f628846edca7e40cebf0174d4a02abb9 RPMS/openssh-2.9p2-5.i386.rpm 4.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh openssh-2.9p2-5.i386.rpm 5. OpenLinux 3.1 Workstation 5.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS 5.2 Verification f628846edca7e40cebf0174d4a02abb9 RPMS/openssh-2.9p2-5.i386.rpm 5.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh openssh-2.9p2-5.i386.rpm 6. OpenLinux 3.1.1 Server 6.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS 6.2 Verification 523a21268ec04feb84feaf8a8b41bb3c RPMS/openssh-2.9.9p2-3.i386.rpm 6.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh openssh-2.9.9p2-3.i386.rpm 7. OpenLinux 3.1.1 Workstation 7.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/RPMS The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current/SRPMS 7.2 Verification 523a21268ec04feb84feaf8a8b41bb3c RPMS/openssh-2.9.9p2-3.i386.rpm 7.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh openssh-2.9.9p2-3.i386.rpm 8. References Specific references for this advisory: none Caldera OpenLinux security resources: http://www.caldera.com/support/security/index.html Caldera UNIX security resources: http://stage.caldera.com/support/security/ This security fix closes Caldera incidents sr861333, fz520313, erg711982. 9. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera International products. 10. Acknowledgements Joost Pol <joostat_private> discovered and researched this vulnerability. ______________________________________________________________________________
This archive was generated by hypermail 2b30 : Fri Mar 29 2002 - 13:48:47 PST