Gentoo Archives: gentoo-announce

From: Ferry Meyndert <m0rpheus@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [GLSA] Updated openssh version 3.1 that fixes off-by-one error that can cause a local root vulnerability
Date: Thu, 07 Mar 2002 11:32:53
Message-Id: 20020307182924.11fd215e.m0rpheus@gentoo.org
1 - --------------------------------------------------------------------------
2 GENTOO LINUX SECURITY ANNOUNCEMENT
3 - --------------------------------------------------------------------------
4
5 PACKAGE :openssh
6 SUMMARY :vulnerable to a off-by-one error in the channel code
7 DATE :2002-04-7 18:02:00
8
9 - --------------------------------------------------------------------------
10
11 OVERVIEW
12
13
14 A bug exists in the channel code of OpenSSH versions 2.0 - 3.0.2
15 Users with an existing user account can abuse this bug to
16 gain root privileges. Exploitability without an existing
17 user account has not been proven but is not considered
18 impossible. A malicious ssh server could also use this bug
19 to exploit a connecting vulnerable client.
20
21
22 DETAIL
23
24 http://www.pine.nl/advisories/pine-cert-20020301.txt
25
26
27 SOLUTION
28
29
30 It is recommended that all openssh users apply the update
31
32 Portage Auto:
33
34 emerge rsync
35 emerge update
36 emerge update --world
37
38
39 Portage by hand:
40
41 emerge rsync
42 emerge net-misc/openssh
43
44 Manually:
45
46 Download the new openssh package here and follow in file instructions:
47 ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.1p1.tar.gz
48
49 - --------------------------------------------------------------------------
50 Ferry Meyndert
51 m0rpheus@g.o
52 - --------------------------------------------------------------------------