Security Update: [CSSA-2002-SCO.11] Open UNIX, UnixWare: OpenSSH channel code vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca


___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		Open UNIX, UnixWare: OpenSSH channel code vulnerability
Advisory number: 	CSSA-2002-SCO.11
Issue date: 		2002 March 12
Cross reference:	CSSA-2002-SCO.10
___________________________________________________________________________


1. Problem Description

	A  bug exists in the  channel code  of  OpenSSH  versions  2.0
	though 3.0.2.

	Existing users can use this bug  to gain root privileges.  The
	ability to exploit this vulnerability without an existing user
	account  has  not  yet  been  proven,  but  it  is  considered
	possible.  A  malicious ssh server could also  use this bug to
	exploit a connecting vulnerable client.
						

2. Vulnerable Supported Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	UnixWare		7.1.1		all ssh distribution files
	Open UNIX		8.0.0		all ssh distribution files


3. Workaround

	None.


4. Open UNIX, UnixWare

  4.1 Location of Fixed Binaries

	ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/


  4.2 Verification

	MD5 (openssh-3.1p1.pkg) = 795ce670574cfad348996be551cd498e

	md5 is available for download from
		ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	Download openssh-3.1p1.pkg to the /tmp directory

	# pkgadd -d /tmp/openssh-3.1p1.pkg


5. References

	http://www.pine.nl/advisories/pine-cert-20020301.txt

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	sr861335, fz520314, erg711983.


6. Disclaimer

	Caldera International, Inc. is not  responsible for the misuse
	of  any of  the  information we provide on  our website and/or
	through our  security advisories. Our advisories are a service
	to  our customers  intended to promote secure installation and
	use of Caldera International products.


7. Acknowledgements

	Joost  Pol  <joost@pine.nl>  discovered  and  researched  this
	vulnerability.

___________________________________________________________________________

Attachment: pgp00099.pgp
Description: PGP signature

[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux