Bugtraq mailing list archives

Security Update: [CSSA-2002-SCO.10] OpenServer: OpenSSH channel code vulnerability

From: security () caldera com
Date: Tue, 12 Mar 2002 14:48:40 -0800

To: bugtraq () securityfocus com announce () lists caldera com scoannmod () xenitec on ca

___________________________________________________________________________

            Caldera International, Inc. Security Advisory

Subject:                OpenServer: OpenSSH channel code vulnerability
Advisory number:        CSSA-2002-SCO.10
Issue date:             2002 March 12
Cross reference:
___________________________________________________________________________


1. Problem Description

        A  bug exists in the  channel code  of  OpenSSH  versions  2.0
        though 3.0.2.

        Existing users can use this bug  to gain root privileges.  The
        ability to exploit this vulnerability without an existing user
        account  has  not  yet  been  proven,  but  it  is  considered
        possible.  A  malicious ssh server could also  use this bug to
        exploit a connecting vulnerable client.
                                                

2. Vulnerable Supported Versions

        Operating System        Version         Affected Files
        ------------------------------------------------------------------
        OpenServer              <= 5.0.6a       all ssh distribution files


3. Workaround

        None.


4. OpenServer

  4.1 Location of Fixed Binaries

        ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/


  4.2 Verification

        MD5 (openssh-3.1p1-VOLS.tar) = 8e99c00aa99c12b48cc4fcc4578c9923

        md5 is available for download from
                ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        Download openssh-3.1p1-VOLS.tar to the /tmp directory

        # cd /tmp
        # tar xvf openssh-3.1p1-VOLS.tar

        Run the custom command, specify an install from media  images,
        and specify the /tmp directory as the location of the images.


5. References

        http://www.pine.nl/advisories/pine-cert-20020301.txt

        This and other advisories are located at
                http://stage.caldera.com/support/security

        This advisory addresses Caldera Security internal incidents
        sr861336, fz520315, erg711984.


6. Disclaimer

        Caldera International, Inc. is not  responsible for the misuse
        of  any of  the  information we provide on  our website and/or
        through our  security advisories. Our advisories are a service
        to  our customers  intended to promote secure installation and
        use of Caldera International products.


7. Acknowledgements

        Joost  Pol  <joost () pine nl>  discovered  and  researched  this
        vulnerability.

___________________________________________________________________________

Attachment: _bin
Description:

Current thread:

Security Update: [CSSA-2002-SCO.10] OpenServer: OpenSSH channel code vulnerability security (Mar 12)