[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] Alert: remote root exploit in openssh daemon (update: Mandrake, SuSE)
On Fri, Jun 28, 2002 at 12:46:13PM -0700, Martin Siegert wrote:
> Topic
> =====
> remote root exploit in ssh daemon
> Workaround
> ==========
> For versions 2.9p1 and later set in /etc/ssh/sshd_config (or wherever else
> your sshd_config file is located)
>
> ChallengeResponseAuthentication no
> PAMAuthenticationViaKbdInt no
>
> For versions between 2.3.1 and 2.9 set
>
> ChallengeResponseAuthentication no
> KbdInteractiveAuthentication no
>
> and restart sshd after making those changes.
>
> If you are running OpenSSH versions 3.2 or 3.3 the impact of these
> vulnerabilities can be reduced by setting
>
> UsePrivilegeSeparation yes
>
> in /etc/ssh/sshd_config
>
> and restarting sshd. This workaround does not prevent these vulnerabilities
> from being exploited, however due to the privilege separation mechanism, the
> intruder may be limited to a constrained chroot environment with restricted
> privileges. This workaround will not prevent these vulnerabilities from
> creating a denial-of-service condition. Furthermore, privilege separation
> under 2.2 kernels requires and patch to the openssh source code (provided
> by Solar Designer and contained, e.g., in the Mandrake source rpm for their
> 3.3 version). Mandrake has released new RPMs that let you enable
> privilege separation. However, it may be easier to just disable
> ChallengeResponseAuthentication and PAMAuthenticationViaKbdInt and then
> wait until Mandrake releases openssh-3.4 RPMs.
>
> Mandrake 7.1, 7.2, 8.x
> ----------------------
> rpm -Fvh openssh-3.3p1-3.1mdk.i586.rpm \
> openssh-clients-3.3p1-3.1mdk.i586.rpm \
> openssh-server-3.3p1-3.1mdk.i586.rpm \
> openssh-askpass-3.3p1-3.1mdk.i586.rpm \
> openssh-askpass-gnome-3.3p1-3.1mdk.i586.rpm
Solution
========
Mandrake has now released openssh-3.4 RPMs that fix the problem.
Additionally, information for SuSE is provided as well.
(For SuSE 6.4 - 7.3 SuSE provides openssh-2.9.9 patched against the
vulnerabilites mentioned in the advisory; if you happen to have installed
a newer version already, you must use the "--force --nodeps" or "--oldpackage"
options besides the "-Fvh" option).
In all cases you must restart the ssh daemon after installing the RPMs.
Mandrake 7.1, 7.2
-----------------
rpm -Fvh openssh-3.4p1-1.2mdk.i586.rpm \
openssh-clients-3.4p1-1.2mdk.i586.rpm \
openssh-server-3.4p1-1.2mdk.i586.rpm \
openssh-askpass-3.4p1-1.2mdk.i586.rpm \
openssh-askpass-gnome-3.4p1-1.2mdk.i586.rpm
Mandrake 8.x
------------
rpm -Fvh openssh-3.4p1-1.1mdk.i586.rpm \
openssh-clients-3.4p1-1.1mdk.i586.rpm \
openssh-server-3.4p1-1.1mdk.i586.rpm \
openssh-askpass-3.4p1-1.1mdk.i586.rpm \
openssh-askpass-gnome-3.4p1-1.1mdk.i586.rpm
SuSE 6.4
--------
rpm -Fvh openssh-2.9.9p2-100.i386.rpm
SuSE 7.0
--------
rpm -Fvh openssh-2.9.9p2-101.i386.rpm
SuSE 7.1
--------
rpm -Fvh openssh-2.9.9p2-102.i386.rpm
SuSE 7.2
--------
rpm -Fvh openssh-2.9.9p2-103.i386.rpm
SuSE 7.3
--------
rpm -Fvh openssh-2.9.9p2-102.i386.rpm
SuSE 8.0
--------
rpm -Fvh openssh-3.4p1-4.i386.rpm