[ObReminder: Please do not configure vacation(1) or procmail(1) or outlook "out of office autoreplies" to respond to Precedence: Bulk mail or other public mail lists. Please do not configure your virus scanners to trigger on -any- attachments; a GPG signature is not a virus. Thanks.] ----------------------------------------------------------------------- Immunix Secured OS Security Advisory Packages updated: openssh Affected products: Immunix OS 7+ Bugs fixed: CAN-2003-0693 Date: Tue Sep 16 2003 Advisory ID: IMNX-2003-7+-020-01 Author: Seth Arnold <sarnoldat_private> ----------------------------------------------------------------------- Description: A vulnerability has been reported in OpenSSH that is rumoured to be remotely exploitable for root privileges, even in the face of privsep. The bug is in the buffer_append_space() function, which operates on Buffer structs; these structs have a buffer initialized through malloc(), so StackGuard is unlikely to have any impact on any potential exploits. The vulnerability comes when the fatal() function calls cleanup handlers that rely on potentially corrupted data. This patch corrects buffer_append_space() to maintain consistent state. References: http://www.openssh.com/txt/buffer.adv http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0693 Package names and locations: Precompiled binary packages for Immunix 7+ are available at: http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/openssh-3.4p1-1_imnx_11.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/openssh-askpass-3.4p1-1_imnx_11.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/openssh-clients-3.4p1-1_imnx_11.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/openssh-server-3.4p1-1_imnx_11.i386.rpm Immunix OS 7+ md5sums: 50e8edbfe40d74b7c6689c08b2aa11de openssh-3.4p1-1_imnx_11.i386.rpm ac1a6f128c7476530ba081ff4da814f1 openssh-askpass-3.4p1-1_imnx_11.i386.rpm cac82740907f43ee584370e018ac1b90 openssh-clients-3.4p1-1_imnx_11.i386.rpm 09f2838278b8fd633745998c73d4ef2d openssh-server-3.4p1-1_imnx_11.i386.rpm GPG verification: Our public keys are available at http://download.immunix.org/GPG_KEY Immunix, Inc., has changed policy with GPG keys. We maintain several keys now: C53B2B53 for Immunix 7+ package signing, D3BA6C17 for Immunix 7.3 package signing, and 1B7456DA for general security issues. NOTE: Ibiblio is graciously mirroring our updates, so if the links above are slow, please try: ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/ or one of the many mirrors available at: http://www.ibiblio.org/pub/Linux/MIRRORS.html ImmunixOS 6.2 is no longer officially supported. ImmunixOS 7.0 is no longer officially supported. Contact information: To report vulnerabilities, please contact securityat_private Immunix attempts to conform to the RFP vulnerability disclosure protocol http://www.wiretrip.net/rfp/policy.html.
This archive was generated by hypermail 2b30 : Tue Sep 16 2003 - 12:31:12 PDT