Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[gentoo-announce] GLSA: OpenSSH
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
Nitro
Bodhisattva
Bodhisattva


Joined: 08 Apr 2002
Posts: 661
Location: San Francisco

PostPosted: Thu Jun 27, 2002 2:35 am    Post subject: [gentoo-announce] GLSA: OpenSSH Reply with quote

Seemant Kulleen wrote:

OVERVIEW

This bug can be exploited remotely if ChallengeResponseAuthentication
is enabled in sshd_config, allowing attackers to gain superuser access.

DETAIL

A vulnerability exists within the "challenge-response" authentication
mechanism in the OpenSSH daemon (sshd). This mechanism, part of the SSH2
protocol, verifies a user's identity by generating a challenge and
forcing the user to supply a number of responses. It is possible for a
remote attacker to send a specially-crafted reply that triggers an
overflow. Remote attackers can therefore gain superuser priveleges.

http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-06-29/0
http://openssh.org/txt/preauth.adv
http://openssh.org/txt/iss.adv

Affected versions are: openssh-3.3_p1 and earlier.


SOLUTION

It is recommended that all Gentoo Linux users who are running openssh
update their systems as follows.

emerge --clean rsync
emerge openssh
emerge clean

Mailing list archive: http://lists.gentoo.org/pipermail/gentoo-announce/2002-June/000168.html

Also, I'd like to also mention the CERT Advisory: http://www.cert.org/advisories/CA-2002-18.html
_________________
- Kyle Manna

Please, please SEARCH before posting.

There are three kinds of people in the world: those who can count, and those who can't.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum