-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security@xxxxxxxxxxx openpkg@xxxxxxxxxxx OpenPKG-SA-2005.019 06-Sep-2005 ________________________________________________________________________ Package: openssh Vulnerability: privilege escalation OpenPKG Specific: no Affected Releases: Affected Packages: Corrected Packages: OpenPKG CURRENT <= openssh-4.1p1-20050812 >= openssh-4.2p1-20050901 OpenPKG 2.4 <= openssh-4.1p1-2.4.0 >= openssh-4.1p1-2.4.1 OpenPKG 2.3 none N.A. Dependent Packages: none Description: A security bug introduced in OpenSSH [1] version 4.0 caused gateway ports (SSH client command line option "-o 'GatewayPorts yes'") to be accidentally activated for dynamic port forwardings (SSH client command line option "-D [address:]port") when the listen address was not explicitly specified. As a result, the SSH client performed a wildcard bind for the listening socket on the SSH client machine instead of a bind to just "localhost". This way the dynamic port forwardings can be accessed also from outside the SSH client machine. Please check whether you are affected by running "<prefix>/bin/rpm -q openssh". If you have the "openssh" package installed and its version is affected (see above), we recommend that you immediately upgrade it (see Solution). [2][3] Solution: Select the updated source RPM appropriate for your OpenPKG release [4], fetch it from the OpenPKG FTP service [5] or a mirror location, verify its integrity [6], build a corresponding binary RPM from it [2] and update your OpenPKG installation by applying the binary RPM [3]. For the most recent release OpenPKG 2.4, perform the following operations to permanently fix the security problem (for other releases adjust accordingly). $ ftp ftp.openpkg.org ftp> bin ftp> cd current/SRC ftp> get openssh-4.1p1-2.4.1.src.rpm ftp> bye $ <prefix>/bin/rpm --rebuild openssh-4.1p1-2.4.1.src.rpm $ su - # <prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/openssh-4.1p1-2.4.1.*.rpm ________________________________________________________________________ References: [1] http://www.openssh.com/ [2] http://www.openpkg.org/tutorial.html#regular-source [3] http://www.openpkg.org/tutorial.html#regular-binary [4] ftp://ftp.openpkg.org/release/2.4/UPD/openssh-4.1p1-2.4.1.src.rpm [5] ftp://ftp.openpkg.org/release/2.4/UPD/ [6] http://www.openpkg.org/security.html#signature ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG <openpkg@xxxxxxxxxxx>" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/ for details on how to verify the integrity of this advisory. ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG <openpkg@xxxxxxxxxxx> iD8DBQFDHZi1gHWT4GPEy58RAnrTAJ0dKA35YVj6Tltklch+O0bkXgxQkACg6R4Y IzIjDHb0pjTYiVqySMyBV2w= =/6Zk -----END PGP SIGNATURE-----
