TUCoPS :: SCO :: cs2sco10.txt

OpenServer: OpenSSH channel code vulnerability - Caldera Advisory CSSA-2002-SCO.10 

To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca

___________________________________________________________________________

            Caldera International, Inc. Security Advisory

Subject:                OpenServer: OpenSSH channel code vulnerability
Advisory number:        CSSA-2002-SCO.10
Issue date:             2002 March 12
Cross reference:
___________________________________________________________________________


1. Problem Description

        A  bug exists in the  channel code  of  OpenSSH  versions  2.0
        though 3.0.2.

        Existing users can use this bug  to gain root privileges.  The
        ability to exploit this vulnerability without an existing user
        account  has  not  yet  been  proven,  but  it  is  considered
        possible.  A  malicious ssh server could also  use this bug to
        exploit a connecting vulnerable client.
                                                

2. Vulnerable Supported Versions

        Operating System        Version         Affected Files
        ------------------------------------------------------------------
        OpenServer              <= 5.0.6a       all ssh distribution files


3. Workaround

        None.


4. OpenServer

  4.1 Location of Fixed Binaries

        ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/


  4.2 Verification

        MD5 (openssh-3.1p1-VOLS.tar) = 8e99c00aa99c12b48cc4fcc4578c9923

        md5 is available for download from
                ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        Download openssh-3.1p1-VOLS.tar to the /tmp directory

        # cd /tmp
        # tar xvf openssh-3.1p1-VOLS.tar

        Run the custom command, specify an install from media  images,
        and specify the /tmp directory as the location of the images.


5. References

        http://www.pine.nl/advisories/pine-cert-20020301.txt

        This and other advisories are located at
                http://stage.caldera.com/support/security

        This advisory addresses Caldera Security internal incidents
        sr861336, fz520315, erg711984.


6. Disclaimer

        Caldera International, Inc. is not  responsible for the misuse
        of  any of  the  information we provide on  our website and/or
        through our  security advisories. Our advisories are a service
        to  our customers  intended to promote secure installation and
        use of Caldera International products.


7. Acknowledgements

        Joost  Pol  <joost@pine.nl>  discovered  and  researched  this
        vulnerability.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH