[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] ssh1 remote root exploit



Topic
=====
remote root exploit in SSH-1

Problem description
===================
All versions of ssh1 (protocol 1.5) and all versions versions of ssh2 with
ssh1 compatibility mode except openssh-2.3.0 are vulnerable to a remote
root exploit.
All vulnerable versions should be upgraded immediately.

Affected Systems
================
All systems with ssh1 and/or ssh2 with ssh1 compatibility mode installed.

Solution
========
upgrade to openssh-2.3.0p1

For systems that support rpms (RedHat, Caldera, SuSe, Mandrake, etc.)
you can download openssh-2.3.0p1 from http://www.sfu.ca/acs/ssh/ssh-linux.html.
Alternatively, if you mount our distribution from sphinx you find these
packages in /vol/vol1/distrib/redhat/contrib. These are rpms from the
OpenSSH site (www.openssh.com) and as such they are not special to any
distribution, hence you should be able to use them on any system that supports
rpms (I am using these under RH 6.1, 6.2).

RedHat 6.x
----------
The standard RH 6.x distributions did not come with ssh. If you installed
ssh yourself, check its version (rpm -q openssh). If it is < 2.3.0p1,
upgrade as indicated above.

RedHat 7.0
----------
The version that came with the original distribution is vulnerable. 
If you followed the openssh-advisory from this list (Nov. 14, 2000) and
upgraded to openssh-2.3.0p1 then you are not vulnerable.
If you must upgrade you can either use the upgrade method indicated above
or use the "official" RedHat openssh packages from any RedHat upgrade site,
see http://www.redhat.com/support/errata/RHSA-2000-111.html.

Debian 2.2 (potato)
-------------------
New packages have been released:
upgrade to ssh-askpass-gnome_1.2.3-9.2_i386.deb, ssh_1.2.3-9.2_i386.deb