Gentoo alert OpenSSH-20020627 (OpenSSH) [LWN.net]


From:
    	       Seemant Kulleen <seemant@gentoo.org>
To:
    	       gentoo-announce@gentoo.org, lwn@lwn.net
Subject:
    	       GLSA: OpenSSH
Date:
    	       Wed, 26 Jun 2002 19:07:17 -0700

- -----------------------------------------------------------------------
GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT
- -----------------------------------------------------------------------
PACKAGE         : OpenSSH
SUMMARY         : security vulnerability in openssh
DATE            : Thu Jun 27 02:03:04 UTC 2002
- -----------------------------------------------------------------------

OVERVIEW

This bug can be exploited remotely if ChallengeResponseAuthentication
is enabled in sshd_config, allowing attackers to gain superuser access.

DETAIL

A vulnerability exists within the "challenge-response" authentication
mechanism in the OpenSSH daemon (sshd). This mechanism, part of the SSH2
protocol, verifies a user's identity by generating a challenge and
forcing the user to supply a number of responses. It is possible for a
remote attacker to send a specially-crafted reply that triggers an
overflow.  Remote attackers can therefore gain superuser priveleges.

http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-06-29/0
http://openssh.org/txt/preauth.adv
http://openssh.org/txt/iss.adv

Affected versions are: openssh-3.3_p1 and earlier.


SOLUTION

It is recommended that all Gentoo Linux users who are running openssh
update their systems as follows.

emerge --clean rsync
emerge openssh
emerge clean

- ------------------------------------------------------------------------
lostlogic@gentoo.org
woodchip@gentoo.org
seemant@gentoo.org
drobbins@gentoo.org
- ------------------------------------------------------------------------
(Log in to post comments)