Bugtraq mailing list archives
ssh2 security problem (and patch) (fwd)
From: avalon () COOMBS ANU EDU AU (Darren Reed)
Date: Wed, 30 Dec 1998 00:04:47 +1100
This just came across the ssh list...I've deleted the patch for brievity (original length was some 2900 lines).
From owner-ssh () clinet fi Tue Dec 29 23:13:34 EDT 1998 From: Sami Lehtinen <sjl () ssh fi> MIME-Version: 1.0 Date: Tue, 29 Dec 1998 12:56:52 +0200 (EET) To: ssh () clinet fi Subject: ssh2 security problem (and patch) Message-ID: <13960.46005.391107.110139 () torni ssh fi> Description for the problem and the patch (and it's signature) are attached to this message. -- [sjl () ssh fi -- Sami J. Lehtinen -- sjl () iki fi] [work:+358 9 43543214][gsm:+358 50 5170 258][http://www.iki.fi/~sjl] [SSH Communications Security Ltd. http://www.ssh.fi/]
[...]
sshd2 (version 2.0.11 and older) has a security bug, which allows any eligible user to request remote forwarding from privileged ports without being root. Thanks to Niko Tyni for pointing this one out. Included in this message is a patch that fixes this. It also makes the client print an error message, if remote port forwarding fails. Also, the configure script is a bit revised. It should atleast compile at HP-UX 9.x now (the "/usr/bin/ld: Unsatisfied symbols: vsnprintf (code)" bug should be fixed). This patch works with ssh-2.0.11, atleast. The patch can also be found in http://www.ssh.fi/sshprotocols2/ in a short while. Installing the patch is simple. Go to the sources directory (~/src/ssh-2.0.11/ , or whatever) and give this command % patch -p1 -l ~/patches/patch-ssh-2.0.11 (the filename depends on where you save it, and with what name) Then run configure, make and make install as usual. Restart any sshd2-daemons currently running.
[...patch deleted...]
Current thread:
- Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service Ulf Munkedal (Dec 23)
- Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service David Schwartz (Dec 23)
- The grand-son of Cuartango Hole aleph1 () UNDERGROUND ORG (Dec 23)
- Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service Guido van Rooij (Dec 24)
- lame old finger bounce bug still exists in sparc 2.7 spoon (Dec 26)
- Breeze Network Server remote reboot and other bogosity. //Stany (Dec 26)
- [patch] fix for urandom read(2) not interruptible Andrea Arcangeli (Dec 27)
- Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service Jeff Roberson (Dec 28)
- Oracle8 TNSLSNR DoS Jason Ackley (Dec 28)
- ssh2 security problem (and patch) (fwd) Darren Reed (Dec 29)
- Comparison of THC-SCAN v2.0 with Sandstorm PhoneSweep 1.02 Simson L. Garfinkel (Dec 29)
- Local/remote exploit for SCO UNIX. leshka (Dec 29)
- followup on yahoo pager security problem Neulinger, Nathan R. (Dec 29)
- Nmap 2.02 released (fwd) Chris Tobkin (Dec 29)
- netscan.org - broadcast ICMP list Troy Davis (Dec 29)
- Administrivia Aleph One (Dec 30)