Bugtraq mailing list archives

Security Update: [CSSA-2002-030.0] Linux: OpenSSH Vulnerabilities in Challenge Response Handling

From: security () caldera com
Date: Thu, 27 Jun 2002 11:52:21 -0700

To: bugtraq () securityfocus com announce () lists caldera com security-alerts () linuxsecurity com

______________________________________________________________________________

                Caldera International, Inc.  Security Advisory

Subject:                Linux: OpenSSH Vulnerabilities in Challenge Response Handling
Advisory number:        CSSA-2002-030.0
Issue date:             2002 June 27
Cross reference:
______________________________________________________________________________


1. Problem Description

        Several vulnerabilities have been reported  in OpenSSH if  the
        S/KEY  or BSD  Auth  features    have  been  enabled, or    if
        PAMAuthenticationViaKbdInt has been enabled.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------

        OpenLinux 3.1.1 Server          prior to and including openssh-3.2.3p1-2
        OpenLinux 3.1.1 Workstation     prior to and including openssh-3.2.3p1-2
        OpenLinux 3.1 Server            prior to and including openssh-3.2.3p1-2
        OpenLinux 3.1 Workstation       prior to and including openssh-3.2.3p1-2


3. Solution

        Caldera  OpenLinux OpenSSH has  neither the S/KEY nor BSD Auth
        features   compiled in,  so   it  is  not  vulnerable   to the
        Challenge/Response vulnerability.

        We do have  the  ChallengeResponseAuthentication option  on by
        default, however, so to be safe, we  recommend that the option
        be disabled (set to no) in the /etc/ssh/sshd_config file.

        In addition, the sshd_config PAMAuthenticationViaKbdInt option
        is disabled by default, so  OpenLinux is not vulnerable to the
        other   alleged   vulnerability in   a default  configuration,
        either. However, Caldera  recommends that this  option also be
        disabled (set to   no) if it  has been  enabled by the  system
        administrator.


4. References

        Specific references for this advisory:
                http://www.cert.org/advisories/CA-2002-18.html

        Caldera security resources:
                http://www.caldera.com/support/security/index.html


5. Disclaimer

        Caldera International, Inc. is not  responsible for the misuse
        of any  of the information  we provide on this  website and/or
        through our security advisories.  Our advisories are a service
        to our customers intended to  promote secure installation  and
        use of Caldera products.

______________________________________________________________________________

Attachment: _bin
Description:

Current thread:

Security Update: [CSSA-2002-030.0] Linux: OpenSSH Vulnerabilities in Challenge Response Handling security (Jun 28)