Debian 3.4 OpenSSH DSA-134-4 Moderate: Remote Threat from Input Validation
debian
June 27, 2002
This advisory is an update to DSA-134-3: this advisory containsupdated information that is relevant to all Debian installations ofOpenSSH (the ssh package)
Summary
This advisory is an update to DSA-134-3: this advisory contains
updated information that is relevant to all Debian installations of
OpenSSH (the ssh package). DSA-134-4 supersedes previous versions of
DSA-134.
ISS X-Force released an advisory about an OpenSSH "Remote Challenge
Vulnerability". Unfortunately, the advisory was incorrect on some
points, leading to widespread confusion about the impact of this
vulnerability. No version of OpenSSH in Debian is affected by the
SKEY and BSD_AUTH authentication methods described in the ISS
advisory. However, Debian does include OpenSSH servers with the PAM
feature described as vulnerable in the later advisory by the OpenSSH
team. (This vulnerable feature is authentication using PAM via the
keyboard-interactive mechanism [kbdint].) This vulnerability affects
OpenSSH versions 2.3.1 through 3.3. No exploit is currently known for
the PAM/kbdint vulnerability, but the details are publicly known. All
of these vulnerabilities were corrected in OpenSSH 3.4.
In addi...
PREVIOUS
NEXT
Package: ssh
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!