| |||||||||||||
Immunix alert IMNX-2003-7+-020-02 (openssh)
----------------------------------------------------------------------- Immunix Secured OS Security Advisory Packages updated: openssh Affected products: Immunix OS 7+ Bugs fixed: CAN-2003-0693 Date: Tue Sep 16 2003 Advisory ID: IMNX-2003-7+-020-02 Author: Seth Arnold <sarnold@immunix.com> ----------------------------------------------------------------------- Description: [This advisory has been updated to reflect that the OpenSSH team has found more instances of the programming idiom in question in their codebase. The package has been updated with their latest fixes. As this audit continues, there may be additional updates. Further updates will be posted only to the immunix-announce@ mail list. See http://mail.wirex.com/mailman/listinfo/immunix-announce for instructions on subscribing or reading archives.] A vulnerability has been reported in OpenSSH that is rumoured to be remotely exploitable for root privileges, even in the face of privsep. The bug is in the buffer_append_space() function, which operates on Buffer structs; these structs have a buffer initialized through malloc(), so StackGuard is unlikely to have any impact on any potential exploits. The vulnerability comes when the fatal() function calls cleanup handlers that rely on potentially corrupted data. This patch corrects buffer_append_space() to maintain consistent state. References: http://www.openssh.com/txt/buffer.adv http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0693 Package names and locations: Precompiled binary packages for Immunix 7+ are available at: http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/openssh-3.4p1-1_imnx_12.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/openssh-askpass-3.4p1-1_imnx_12.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/openssh-clients-3.4p1-1_imnx_12.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/openssh-server-3.4p1-1_imnx_12.i386.rpm A source package for Immunix 7+ is available at: http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/openssh-3.4p1-1_imnx_12.src.rpm Immunix OS 7+ md5sums: 0331106867401ca625df5511956ec89e RPMS/openssh-3.4p1-1_imnx_12.i386.rpm 958aee6627cbe50c0ce77b553d3c0d2a RPMS/openssh-askpass-3.4p1-1_imnx_12.i386.rpm a89fe92691bc73af6b27a6e22eb6eb5e RPMS/openssh-clients-3.4p1-1_imnx_12.i386.rpm 4416576af8942a58a8e7ccd35eb56881 RPMS/openssh-server-3.4p1-1_imnx_12.i386.rpm 460ea11ab2dbfc1fc2e18fb0f24e09fb SRPMS/openssh-3.4p1-1_imnx_12.src.rpm GPG verification: Our public keys are available at http://download.immunix.org/GPG_KEY Immunix, Inc., has changed policy with GPG keys. We maintain several keys now: C53B2B53 for Immunix 7+ package signing, D3BA6C17 for Immunix 7.3 package signing, and 1B7456DA for general security issues. NOTE: Ibiblio is graciously mirroring our updates, so if the links above are slow, please try: ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/ or one of the many mirrors available at: http://www.ibiblio.org/pub/Linux/MIRRORS.html ImmunixOS 6.2 is no longer officially supported. ImmunixOS 7.0 is no longer officially supported. Contact information: To report vulnerabilities, please contact security@immunix.com. Immunix attempts to conform to the RFP vulnerability disclosure protocol http://www.wiretrip.net/rfp/policy.html. (Log in to post comments)
|
|||||||||||||