[OpenPKG-SA-2005.019] OpenPKG Security Advisory (openssh)

[OpenPKG <openpkg () openpkg org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory                            The OpenPKG Project
http://www.openpkg.org/security.html              http://www.openpkg.org
openpkg-security () openpkg org                         openpkg () openpkg org
OpenPKG-SA-2005.019                                          06-Sep-2005
________________________________________________________________________

Package:             openssh
Vulnerability:       privilege escalation
OpenPKG Specific:    no

Affected Releases:   Affected Packages:        Corrected Packages:
OpenPKG CURRENT      <= openssh-4.1p1-20050812 >= openssh-4.2p1-20050901 
OpenPKG 2.4          <= openssh-4.1p1-2.4.0    >= openssh-4.1p1-2.4.1    
OpenPKG 2.3          none                      N.A.

Dependent Packages:  none

Description:
  A security bug introduced in OpenSSH [1] version 4.0 caused gateway
  ports (SSH client command line option "-o 'GatewayPorts yes'") to
  be accidentally activated for dynamic port forwardings (SSH client
  command line option "-D [address:]port") when the listen address
  was not explicitly specified. As a result, the SSH client performed
  a wildcard bind for the listening socket on the SSH client machine
  instead of a bind to just "localhost". This way the dynamic port
  forwardings can be accessed also from outside the SSH client machine.

  Please check whether you are affected by running "<prefix>/bin/rpm -q
  openssh". If you have the "openssh" package installed and its version
  is affected (see above), we recommend that you immediately upgrade it
  (see Solution). [2][3]

Solution:
  Select the updated source RPM appropriate for your OpenPKG release
  [4], fetch it from the OpenPKG FTP service [5] or a mirror location,
  verify its integrity [6], build a corresponding binary RPM from it
  [2] and update your OpenPKG installation by applying the binary RPM
  [3]. For the most recent release OpenPKG 2.4, perform the following
  operations to permanently fix the security problem (for other releases
  adjust accordingly).

  $ ftp ftp.openpkg.org
  ftp> bin
  ftp> cd current/SRC
  ftp> get openssh-4.1p1-2.4.1.src.rpm
  ftp> bye
  $ <prefix>/bin/rpm --rebuild openssh-4.1p1-2.4.1.src.rpm
  $ su -
  # <prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/openssh-4.1p1-2.4.1.*.rpm
________________________________________________________________________

References:
  [1] http://www.openssh.com/
  [2] http://www.openpkg.org/tutorial.html#regular-source
  [3] http://www.openpkg.org/tutorial.html#regular-binary
  [4] ftp://ftp.openpkg.org/release/2.4/UPD/openssh-4.1p1-2.4.1.src.rpm
  [5] ftp://ftp.openpkg.org/release/2.4/UPD/
  [6] http://www.openpkg.org/security.html#signature
________________________________________________________________________

For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg () openpkg org>" (ID 63C4CB9F) of the
OpenPKG project which you can retrieve from http://pgp.openpkg.org and
hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/
for details on how to verify the integrity of this advisory.
________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg () openpkg org>

iD8DBQFDHZi1gHWT4GPEy58RAnrTAJ0dKA35YVj6Tltklch+O0bkXgxQkACg6R4Y
IzIjDHb0pjTYiVqySMyBV2w=
=/6Zk
-----END PGP SIGNATURE-----