[Upgrade immediately (or as immediately as your new OpenSSH package comes out). -- Raju]
This is an RFC 1153 digest. (1 message) ---------------------------------------------------------------------- Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="qDbXVdCdHGoSgWSk" Content-Disposition: inline Return-Path: <[EMAIL PROTECTED]> Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Message-ID: <[EMAIL PROTECTED]> User-Agent: Mutt/1.2.5i From: Joost Pol <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [PINE-CERT-20020301] OpenSSH off-by-one Date: Thu, 7 Mar 2002 13:25:20 +0000 --qDbXVdCdHGoSgWSk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline See attached advisory. -- Joost Pol alias 'Nohican' <[EMAIL PROTECTED]> PGP 584619BD PGP fingerprint B1FA EE66 CFAA A492 D5F8 9A8A 0CDA D2CA 5846 19BD PINE Internet BV - Tel +31-50-5731111 - Fax +31-70-3111011 --qDbXVdCdHGoSgWSk Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="pine-cert-20020301.txt.asc" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------------- Pine Internet Security Advisory - ----------------------------------------------------------------------------- Advisory ID : PINE-CERT-20020301 Authors : Joost Pol <[EMAIL PROTECTED]> Issue date : 2002-03-07 Application : OpenSSH Version(s) : All versions between 2.0 and 3.0.2 Platforms : multiple Vendor informed : 20020304 Availability : http://www.pine.nl/advisories/pine-cert-20020301.txt - ----------------------------------------------------------------------------- Synopsis A bug exists in the channel code of OpenSSH versions 2.0 - 3.0.2 Users with an existing user account can abuse this bug to gain root privileges. Exploitability without an existing user account has not been proven but is not considered impossible. A malicious ssh server could also use this bug to exploit a connecting vulnerable client. Impact HIGH: Existing users will gain root privileges. Description Simple off by one error. Patch included. Solution The OpenSSH project will shortly release version 3.1. Upgrading to this version is highly recommended. This version will be made available at http://www.openssh.com The FreeBSD port of OpenSSH has been updated to reflect the patches as supplied in this document. OpenSSH CVS has been updated, see http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ \ channels.c.diff?r1=1.170&r2=1.171 Or apply the attached patch as provided by PINE Internet: http://www.pine.nl/advisories/pine-cert-20020301.patch -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjyHaKkACgkQDNrSylhGGb3p2ACfXZu3WShzGT4Mp/LgwA6AZStu rtkAn3O83WzyNijdJ9+9OwLJxUcVj4Ld =j+Hz -----END PGP SIGNATURE----- --qDbXVdCdHGoSgWSk-- ------------------------------ End of this Digest ****************** -- Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/ It is the mind that moves ================================================ To subscribe, send email to [EMAIL PROTECTED] with subscribe in subject header To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject header Archives are available at http://www.mail-archive.com/ilugd%40wpaa.org =================================================
