Gentoo Archives: gentoo-announce

From: Seemant Kulleen <seemant@g.o>
To: gentoo-announce@g.o, lwn@×××.net
Subject: [gentoo-announce] GLSA: OpenSSH
Date: Wed, 26 Jun 2002 21:07:18
Message-Id: 20020626190717.29362e2c.seemant@gentoo.org
- -----------------------------------------------------------------------
GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT
- -----------------------------------------------------------------------
PACKAGE         : OpenSSH
SUMMARY         : security vulnerability in openssh
DATE            : Thu Jun 27 02:03:04 UTC 2002
- -----------------------------------------------------------------------

OVERVIEW

This bug can be exploited remotely if ChallengeResponseAuthentication
is enabled in sshd_config, allowing attackers to gain superuser access.

DETAIL

A vulnerability exists within the "challenge-response" authentication
mechanism in the OpenSSH daemon (sshd). This mechanism, part of the SSH2
protocol, verifies a user's identity by generating a challenge and
forcing the user to supply a number of responses. It is possible for a
remote attacker to send a specially-crafted reply that triggers an
overflow.  Remote attackers can therefore gain superuser priveleges.

http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-06-29/0
http://openssh.org/txt/preauth.adv
http://openssh.org/txt/iss.adv

Affected versions are: openssh-3.3_p1 and earlier.


SOLUTION

It is recommended that all Gentoo Linux users who are running openssh
update their systems as follows.

emerge --clean rsync
emerge openssh
emerge clean

- ------------------------------------------------------------------------
lostlogic@g.o
woodchip@g.o
seemant@g.o
drobbins@g.o
- ------------------------------------------------------------------------