Gentoo Archives: gentoo-announce

From: Ferry Meyndert <m0rpheus@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [GLSA] Updated openssh version 3.1 that fixes off-by-one error that can cause a local root vulnerability
Date: Thu, 07 Mar 2002 11:32:53
Message-Id: 20020307182924.11fd215e.m0rpheus@gentoo.org
- --------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE        :openssh
SUMMARY        :vulnerable to a off-by-one error in the channel code
DATE           :2002-04-7 18:02:00

- --------------------------------------------------------------------------

OVERVIEW

 
 A bug exists in the channel code of OpenSSH versions 2.0 - 3.0.2
 Users with an existing user account can abuse this bug to
 gain root privileges. Exploitability without an existing
 user account has not been proven but is not considered
 impossible. A malicious ssh server could also use this bug 
 to exploit a connecting vulnerable client.


DETAIL

 http://www.pine.nl/advisories/pine-cert-20020301.txt


SOLUTION

 
 It is recommended that all openssh users apply the update

 Portage Auto:

 emerge rsync
 emerge update
 emerge update --world


 Portage by hand:

 emerge rsync
 emerge net-misc/openssh

 Manually:

 Download the new openssh package here and follow in file instructions:
 ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.1p1.tar.gz

- --------------------------------------------------------------------------
Ferry Meyndert
m0rpheus@g.o
- --------------------------------------------------------------------------