[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] ALERT: Again: possibility of remote root exploit in openssh

To: linux-security
Subject: [linux-security] ALERT: Again: possibility of remote root exploit in openssh
From: Martin Siegert <siegert@sfu.ca>
Date: Wed, 17 Sep 2003 19:25:25 -0700
User-Agent: Mutt/1.4.1i

Topic
=====
more DoS attacks or possibly even remote root exploit in openssh

Problem Description
===================
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow
attackers to cause a denial of service or execute arbitrary code using
(1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or
(3) a separate function in channels.c

These problems are in addition to the similar problems that were reported
on recently (see http://www.sfu.ca/~siegert/linux-security/msg00199.html).

Upgrading immediately to a fixed version is strongly advised.

Affected Versions
=================
versions of openssh prior to 3.7.1p1.

Solution
========
Upgrade to openssh-3.7.1p1 or a patched version for your distribution.

RedHat 7.1
----------
rpm -Fvh openssh-3.1p1-13.i386.rpm \
         openssh-clients-3.1p1-13.i386.rpm \
         openssh-server-3.1p1-13.i386.rpm \
         openssh-askpass-3.1p1-13.i386.rpm \
         openssh-askpass-gnome-3.1p1-13.i386.rpm

RedHat 7.2, 7.3
---------------
rpm -Fvh openssh-3.1p1-14.i386.rpm \
         openssh-clients-3.1p1-14.i386.rpm \
         openssh-server-3.1p1-14.i386.rpm \
         openssh-askpass-3.1p1-14.i386.rpm \
         openssh-askpass-gnome-3.1p1-14.i386.rpm

RedHat 8.0
----------
rpm -Fvh openssh-3.4p1-7.i386.rpm \
         openssh-clients-3.4p1-7.i386.rpm \
         openssh-server-3.4p1-7.i386.rpm \
         openssh-askpass-3.4p1-7.i386.rpm \
         openssh-askpass-gnome-3.4p1-7.i386.rpm

RedHat 9
--------
rpm -Fvh openssh-3.5p1-11.i386.rpm \
         openssh-clients-3.5p1-11.i386.rpm \
         openssh-server-3.5p1-11.i386.rpm \
         openssh-askpass-3.5p1-11.i386.rpm \
         openssh-askpass-gnome-3.5p1-11.i386.rpm

Debian 3.0 (woody)
------------------
upgrade to ssh_3.4p1-1.woody.2_i386.deb,
           ssh-askpass-gnome_3.4p1-1.woody.2_i386.deb

Mandrake 8.2
------------
rpm -Fvh openssh-3.6.1p2-1.2.82mdk.i586.rpm \
         openssh-clients-3.6.1p2-1.2.82mdk.i586.rpm \
         openssh-server-3.6.1p2-1.2.82mdk.i586.rpm \
         openssh-askpass-3.6.1p2-1.2.82mdk.i586.rpm \
         openssh-askpass-gnome-3.6.1p2-1.2.82mdk.i586.rpm

Mandrake 9.0
------------
rpm -Fvh openssh-3.6.1p2-1.2.90mdk.i586.rpm \
         openssh-clients-3.6.1p2-1.2.90mdk.i586.rpm \
         openssh-server-3.6.1p2-1.2.90mdk.i586.rpm \
         openssh-askpass-3.6.1p2-1.2.90mdk.i586.rpm \
         openssh-askpass-gnome-3.6.1p2-1.2.90mdk.i586.rpm

Mandrake 9.1
------------
rpm -Fvh openssh-3.6.1p2-1.2.91mdk.i586.rpm \
         openssh-clients-3.6.1p2-1.2.91mdk.i586.rpm \
         openssh-server-3.6.1p2-1.2.91mdk.i586.rpm \
         openssh-askpass-3.6.1p2-1.2.91mdk.i586.rpm \
         openssh-askpass-gnome-3.6.1p2-1.2.91mdk.i586.rpm

Follow-Ups:
- Re: [linux-security] ALERT: Again: possibility of remote root exploit in openssh (SuSE)
  - From: Martin Siegert <siegert@sfu.ca>

Prev by Date: Re: [linux-security] ALERT: possibility of remote root exploit in openssh (Mandrake)
Next by Date: Re: [linux-security] ALERT: Again: possibility of remote root exploit in openssh (SuSE)
Prev by thread: Re: [linux-security] ALERT: remote exploit in sendmail (SuSE)
Next by thread: Re: [linux-security] ALERT: Again: possibility of remote root exploit in openssh (SuSE)
Index(es):
- Date
- Thread