8108576 2002-03-07 11:38 -0500  /152 rader/ EnGarde Secure Linux <security@guardiandigital.com>
Sänt av: joel@lysator.liu.se
Importerad: 2002-03-07  23:44  av Brevbäraren
Extern mottagare: engarde-security@guardiandigital.com
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <21312>
Ärende: [ESA-20020307-007] Local vulnerability in OpenSSH's channel code.
------------------------------------------------------------
From: EnGarde Secure Linux <security@guardiandigital.com>
To: engarde-security@guardiandigital.com, bugtraq@securityfocus.com
Message-ID: <20020307163902.69F8E11D317@juggernaut.guardiandigital.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
+------------------------------------------------------------------------+
| EnGarde Secure Linux Security Advisory                  March 07, 2002 |
| http://www.engardelinux.org/                          ESA-20020307-007 |
|                                                                        |
| Packages: openssh, openssh-clients, openssh-server                     |
| Summary:  Local vulnerability in OpenSSH's channel code.               |
+------------------------------------------------------------------------+
  EnGarde Secure Linux is a secure distribution of Linux that
  features improved access control, host and network intrusion
  detection, Web based secure remote management, complete e-commerce
  using AllCommerce, and integrated open source security tools.
OVERVIEW
- --------
  There is a local vulnerability in the OpenSSH channel code which may
  allow a local, authenticated user to exploit the server.
DETAIL
- ------
  Joost Pol <joost@pine.nl> outlined this bug in Pine Internet Security
  Advisory PINE-CERT-20020301:
    http://www.pine.nl/advisories/pine-cert-20020301
    "Users with an existing user account can abuse this bug to
     gain root privileges. Exploitability without an existing
     user account has not been proven but is not considered
     impossible. A malicious ssh server could also use this bug
     to exploit a connecting vulnerable client."
  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the name CAN-2002-0083 to this issue.
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0083
SOLUTION
- --------
  All users should upgrade to the most recent version as outlined in
  this advisory.
  Guardian Digital recently made available the Guardian Digital Secure
  Network, a means to proactively keep systems secure and manage 
  system software. EnGarde users can automatically update their system
  using the Guardian Digital WebTool secure interface.
  If choosing to manually upgrade this package, updates can be
  obtained from:
    ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
    http://ftp.engardelinux.org/pub/engarde/stable/updates/
  Before upgrading the package, the machine must either:
    a) be booted into a "standard" kernel; or
    b) have LIDS disabled.
  To disable LIDS, execute the command:
    # /sbin/lidsadm -S -- -LIDS_GLOBAL
  To install the updated package, execute the command:
    # rpm -Uvh <filename>
  You must now update the LIDS configuration by executing the command:
    # /usr/sbin/config_lids.pl
  To re-enable LIDS (if it was disabled), execute the command:
    # /sbin/lidsadm -S -- +LIDS_GLOBAL
  To verify the signatures of the updated packages, execute the
command:
    # rpm -Kv <filename>
UPDATED PACKAGES
- ----------------
  These updated packages are only for EnGarde Secure Linux Community
  Edition.
  Source Packages:
    SRPMS/openssh-2.3.0p1-1.0.18.src.rpm
      MD5 Sum: 675ca26dd4cf1bddb3363b65433a8833
  i386 Binary Packages:
    i386/openssh-2.3.0p1-1.0.18.i386.rpm
      MD5 Sum: 8564be9e0d904b29bbea0ce743e14f51
    i386/openssh-clients-2.3.0p1-1.0.18.i386.rpm
      MD5 Sum: a42d161a88ad830abec45a13b2ee710c
    i386/openssh-server-2.3.0p1-1.0.18.i386.rpm
      MD5 Sum: 77cf681f7b0e530d98ab784edec3a76f
  i686 Binary Packages:
    i686/openssh-2.3.0p1-1.0.18.i686.rpm
      MD5 Sum: a703f0046b35d7d08ee3a6354dde25ea
    i686/openssh-clients-2.3.0p1-1.0.18.i686.rpm
      MD5 Sum: e0e8de4271d26f36c75b28c727906bb4
    i686/openssh-server-2.3.0p1-1.0.18.i686.rpm
      MD5 Sum: 96d91d85f116934737bd3e1419bd90c0
REFERENCES
- ----------
  Guardian Digital's public key:
    http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY
  Credit for the discovery of this bug goes to:
    Joost Pol <joost@pine.nl>
  OpenSSH's Official Web Site:
    http://www.openssh.org/
  Security Contact:    security@guardiandigital.com
  EnGarde Advisories:  http://www.engardelinux.org/advisories.html
- --------------------------------------------------------------------------
$Id: ESA-20020307-007-openssh,v 1.2 2002/03/07 16:27:48 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple, <ryan@guardiandigital.com> 
Copyright 2002, Guardian Digital, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8h5ekHD5cqd57fu0RAikiAJ4hBhPpIJlCi550HssJDCaNYtpfqACbB9lj
5Ddl3sDxMGN0dbatzTzSzUk=
=Bh8V
-----END PGP SIGNATURE-----
(8108576) /EnGarde Secure Linux <security@guardiandigital.com>/(Ombruten)
Kommentar i text 8110250 av Ryan W. Maple <ryan@guardiandigital.com>
8110250 2002-03-07 13:19 -0500  /42 rader/ Ryan W. Maple <ryan@guardiandigital.com>
Sänt av: joel@lysator.liu.se
Importerad: 2002-03-08  10:39  av Brevbäraren
Extern mottagare: engarde-security@guardiandigital.com
Extern kopiemottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <21318>
Kommentar till text 8108576 av EnGarde Secure Linux <security@guardiandigital.com>
Ärende: Re: [ESA-20020307-007] Local vulnerability in OpenSSH's channel code.
------------------------------------------------------------
From: "Ryan W. Maple" <ryan@guardiandigital.com>
To: engarde-security@guardiandigital.com
Cc: bugtraq@securityfocus.com
Message-ID: <20020307182004.1A48411D304@juggernaut.guardiandigital.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 7 Mar 2002, EnGarde Secure Linux wrote:
> REFERENCES
> ----------
>   Guardian Digital's public key:
>     http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY
> 
>   Credit for the discovery of this bug goes to:
>     Joost Pol <joost@pine.nl>
> 
>   OpenSSH's Official Web Site:
>     http://www.openssh.org/
> 
>   Security Contact:    security@guardiandigital.com
>   EnGarde Advisories:  http://www.engardelinux.org/advisories.html
Brian Hatch <bri@onsight.com> contacted us pointing out that OpenSSH's
official site is openssh.com, not openssh.org.  I apologize to the
OpenBSD and OpenSSH teams for this mistake.
Cheers,
Ryan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8h69SIwAIA9MpKWcRAtjYAJwIcwUwf0K/47E6R75LKAfj42BSngCdHkE8
Ho0rYqTD1bAkZTczqFGrA0o=
=PbJI
-----END PGP SIGNATURE-----
(8110250) /Ryan W. Maple <ryan@guardiandigital.com>/