1 |
- -------------------------------------------------------------------------- |
2 |
GENTOO LINUX SECURITY ANNOUNCEMENT |
3 |
- -------------------------------------------------------------------------- |
4 |
|
5 |
PACKAGE :openssh |
6 |
SUMMARY :vulnerable to a off-by-one error in the channel code |
7 |
DATE :2002-04-7 18:02:00 |
8 |
|
9 |
- -------------------------------------------------------------------------- |
10 |
|
11 |
OVERVIEW |
12 |
|
13 |
|
14 |
A bug exists in the channel code of OpenSSH versions 2.0 - 3.0.2 |
15 |
Users with an existing user account can abuse this bug to |
16 |
gain root privileges. Exploitability without an existing |
17 |
user account has not been proven but is not considered |
18 |
impossible. A malicious ssh server could also use this bug |
19 |
to exploit a connecting vulnerable client. |
20 |
|
21 |
|
22 |
DETAIL |
23 |
|
24 |
http://www.pine.nl/advisories/pine-cert-20020301.txt |
25 |
|
26 |
|
27 |
SOLUTION |
28 |
|
29 |
|
30 |
It is recommended that all openssh users apply the update |
31 |
|
32 |
Portage Auto: |
33 |
|
34 |
emerge rsync |
35 |
emerge update |
36 |
emerge update --world |
37 |
|
38 |
|
39 |
Portage by hand: |
40 |
|
41 |
emerge rsync |
42 |
emerge net-misc/openssh |
43 |
|
44 |
Manually: |
45 |
|
46 |
Download the new openssh package here and follow in file instructions: |
47 |
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.1p1.tar.gz |
48 |
|
49 |
- -------------------------------------------------------------------------- |
50 |
Ferry Meyndert |
51 |
m0rpheus@g.o |
52 |
- -------------------------------------------------------------------------- |