Home page logo
/

bugtraq logo Bugtraq mailing list archives

Security Update: [CSSA-2002-SCO.11] Open UNIX, UnixWare: OpenSSH channel code vulnerability
From: security () caldera com
Date: Tue, 12 Mar 2002 16:33:04 -0800

To: bugtraq () securityfocus com announce () lists caldera com scoannmod () xenitec on ca


___________________________________________________________________________

            Caldera International, Inc. Security Advisory

Subject:                Open UNIX, UnixWare: OpenSSH channel code vulnerability
Advisory number:        CSSA-2002-SCO.11
Issue date:             2002 March 12
Cross reference:        CSSA-2002-SCO.10
___________________________________________________________________________


1. Problem Description

        A  bug exists in the  channel code  of  OpenSSH  versions  2.0
        though 3.0.2.

        Existing users can use this bug  to gain root privileges.  The
        ability to exploit this vulnerability without an existing user
        account  has  not  yet  been  proven,  but  it  is  considered
        possible.  A  malicious ssh server could also  use this bug to
        exploit a connecting vulnerable client.
                                                

2. Vulnerable Supported Versions

        Operating System        Version         Affected Files
        ------------------------------------------------------------------
        UnixWare                7.1.1           all ssh distribution files
        Open UNIX               8.0.0           all ssh distribution files


3. Workaround

        None.


4. Open UNIX, UnixWare

  4.1 Location of Fixed Binaries

        ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/


  4.2 Verification

        MD5 (openssh-3.1p1.pkg) = 795ce670574cfad348996be551cd498e

        md5 is available for download from
                ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        Download openssh-3.1p1.pkg to the /tmp directory

        # pkgadd -d /tmp/openssh-3.1p1.pkg


5. References

        http://www.pine.nl/advisories/pine-cert-20020301.txt

        This and other advisories are located at
                http://stage.caldera.com/support/security

        This advisory addresses Caldera Security internal incidents
        sr861335, fz520314, erg711983.


6. Disclaimer

        Caldera International, Inc. is not  responsible for the misuse
        of  any of  the  information we provide on  our website and/or
        through our  security advisories. Our advisories are a service
        to  our customers  intended to promote secure installation and
        use of Caldera International products.


7. Acknowledgements

        Joost  Pol  <joost () pine nl>  discovered  and  researched  this
        vulnerability.

___________________________________________________________________________

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
  • Security Update: [CSSA-2002-SCO.11] Open UNIX, UnixWare: OpenSSH channel code vulnerability security (Mar 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]