Debian: 'ssh' Remote Vulnerability

    Date24 Jun 2002
    CategoryDebian
    2234
    Posted ByLinuxSecurity Advisories
    Theo de Raadt announced that the OpenBSD team is working with ISSon a remote exploit for OpenSSH. No details on the type of vulnerability are available at this time, but everyone is advised to upgrade to version 3.3.
    
    ------------------------------------------------------------------------
    Debian Security Advisory DSA-134-1                   This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/ Wichert Akkerman
    June 24, 2002
    ------------------------------------------------------------------------
    
    
    Package        : ssh
    Problem type   : remote exploit
    Debian-specific: no
    
    Theo de Raadt announced that the OpenBSD team is working with ISS
    on a remote exploit for OpenSSH (a free implementation of the
    Secure SHell protocol). They are refusing to provide any details on
    the vulnerability but instead are advising everyone to upgrade to
    the latest release, version 3.3.
    
    This version was released 3 days ago and introduced a new feature
    to reduce the effect of exploits in the network handling code
    called privilege separation.  Unfortunately this release has a few
    known problems: compression does not work on all operating systems
    since the code relies on specific mmap features, and the PAM
    support has not been completed. There may be other problems as
    well.
    
    The new privilege separation support from Niels Provos changes ssh
    to use a separate non-privileged process to handle most of the
    work. This means any vulnerability in this part of OpenSSH can
    never lead to a root compromise but only to access to a separate
    account restricted to a chroot.
    
    Theo made it very clear this new version does not fix the
    vulnerability, instead by using the new privilege separation code
    it merely reduces the risk since the attacker can only gain access
    to a special account restricted in a chroot.
    
    Since details of the problem have not been released we were forced
    to move to the latest release of OpenSSH portable, version 3.3p1.
    
    Due to the short time frame we have had we have not been able to
    update the ssh package for Debian GNU/Linux 2.2 / potato yet.
    Packages for the upcoming 3.0 release (woody) are available for
    most architectures.
    
    Please note that we have not had the time to do proper QA on these
    packages; they might contain bugs or break things unexpectedly. If
    you notice any such problems please file a bug-report so we can
    investigate.
    
    This package introduce a new account called `sshd' that is used in
    the privilege separation code. If no sshd account exists the
    package will try to create one. If the account already exists it
    will be re-used. If you do not want this to happen you will have
    to fix this manually.
    
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    
    Debian GNU/Linux 2.2 alias potato
    ---------------------------------
    
      Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
    
      Package for potato are not available at the moment
    
    
    Debian GNU/Linux 3.0 alias woody
    ---------------------------------
    
      Woody will be released for alpha, arm, hppa, i386, ia64, m68k, mips,
      mipsel, powerpc, s390 and sparc. Packages for m68k are not yet
      available at this moment.
    
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/o/openssh/openssh_3.3p1-0.0woody1.dsc
    Size/MD5 checksum:      751 2409524dc15e3de36ebfaa702c0311ea
         http://security.debian.org/pool/updates/main/o/openssh/openssh_3.3p1.orig.tar.gz
    Size/MD5 checksum:   831189 226fdde5498c56288e777c7a697996e0
         http://security.debian.org/pool/updates/main/o/openssh/openssh_3.3p1-0.0woody1.diff.gz
    Size/MD5 checksum:    33009 4850f4a167cb515cc20301288e751e27
    
      alpha architecture (DEC Alpha)
    
         http://security.debian.org/pool/updates/main/o/openssh/ssh_3.3p1-0.0woody1_alpha.deb
    Size/MD5 checksum:   844556 7ef1518babcb185b5ef61fde2bd881c5
         http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.3p1-0.0woody1_alpha.deb
    Size/MD5 checksum:    33422 ba9145a70719500ba56940e79e2cba02
    
      arm architecture (Arm)
    
         http://security.debian.org/pool/updates/main/o/openssh/ssh_3.3p1-0.0woody1_arm.deb
    Size/MD5 checksum:   653454 4b6553ed08622525c6f22e7dc488f7c6
         http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.3p1-0.0woody1_arm.deb
    Size/MD5 checksum:    32636 902f862c07059cdccb2ece3147f66282
    
      hppa architecture (HP PA RISC)
    
         http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.3p1-0.0woody1_hppa.deb
    Size/MD5 checksum:    33008 cdc5abf35a41df56be4780e251d203e8
         http://security.debian.org/pool/updates/main/o/openssh/ssh_3.3p1-0.0woody1_hppa.deb
    Size/MD5 checksum:   750862 d66d8707a30787b9995f9716fdd97811
    
      i386 architecture (Intel ia32)
    
         http://security.debian.org/pool/updates/main/o/openssh/ssh_3.3p1-0.0woody1_i386.deb
    Size/MD5 checksum:   637940 c3743ca590e7efd74cb97d5be98456be
         http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.3p1-0.0woody1_i386.deb
    Size/MD5 checksum:    32928 d8a53753324406f2d9a386451e02e40d
    
      ia64 architecture (Intel ia64)
    
         http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.3p1-0.0woody1_ia64.deb
    Size/MD5 checksum:    34374 a7f36c83b84a5d4ade7a8ee992ca92da
         http://security.debian.org/pool/updates/main/o/openssh/ssh_3.3p1-0.0woody1_ia64.deb
    Size/MD5 checksum:   998018 ff8346cfbcba7e156f825de86c440455
    
      mips architecture (SGI MIPS)
    
         http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.3p1-0.0woody1_mips.deb
    Size/MD5 checksum:    32926 afc0d38e2c49eb7ef8de86a935509af3
         http://security.debian.org/pool/updates/main/o/openssh/ssh_3.3p1-0.0woody1_mips.deb
    Size/MD5 checksum:   725414 22b6bc8d5fcfa09ba9391ed98ccf0851
    
      mipsel architecture (SGI MIPS (Little Endian))
    
         http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.3p1-0.0woody1_mipsel.deb
    Size/MD5 checksum:    32894 71bc788f883eb7caf3262fe8b685dfd3
         http://security.debian.org/pool/updates/main/o/openssh/ssh_3.3p1-0.0woody1_mipsel.deb
    Size/MD5 checksum:   722364 2ee3bfe9bdaa28b41dd6aaa6407e2fc6
    
      powerpc architecture (PowerPC)
    
         http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.3p1-0.0woody1_powerpc.deb
    Size/MD5 checksum:    32658 7f7fa405891087d0da0c54e0fd516d02
         http://security.debian.org/pool/updates/main/o/openssh/ssh_3.3p1-0.0woody1_powerpc.deb
    Size/MD5 checksum:   676954 4471019ed9c792bbaf6422394d7bb77c
    
      s390 architecture (IBM S/390)
    
         http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.3p1-0.0woody1_s390.deb
    Size/MD5 checksum:    33274 81ff83437d47fba8c62351e249e70a2d
         http://security.debian.org/pool/updates/main/o/openssh/ssh_3.3p1-0.0woody1_s390.deb
    Size/MD5 checksum:   666304 05666b9eb24bfb76bcd3c194912da912
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
         http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.3p1-0.0woody1_sparc.deb
    Size/MD5 checksum:    32720 8f03b2b054e9fcf47ad826802e1a0192
         http://security.debian.org/pool/updates/main/o/openssh/ssh_3.3p1-0.0woody1_sparc.deb
    Size/MD5 checksum:   681598 2d1413a153f3e51fafaaee9a8ad4682b
    
    
    --
    ----------------------------------------------------------------------------
    apt-get: deb  http://security.debian.org/ stable/updates main
    dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.