|
To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca ___________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: OpenServer: OpenSSH channel code vulnerability Advisory number: CSSA-2002-SCO.10 Issue date: 2002 March 12 Cross reference: ___________________________________________________________________________ 1. Problem Description A bug exists in the channel code of OpenSSH versions 2.0 though 3.0.2. Existing users can use this bug to gain root privileges. The ability to exploit this vulnerability without an existing user account has not yet been proven, but it is considered possible. A malicious ssh server could also use this bug to exploit a connecting vulnerable client. 2. Vulnerable Supported Versions Operating System Version Affected Files ------------------------------------------------------------------ OpenServer <= 5.0.6a all ssh distribution files 3. Workaround None. 4. OpenServer 4.1 Location of Fixed Binaries ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/ 4.2 Verification MD5 (openssh-3.1p1-VOLS.tar) = 8e99c00aa99c12b48cc4fcc4578c9923 md5 is available for download from ftp://stage.caldera.com/pub/security/tools/ 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following commands: Download openssh-3.1p1-VOLS.tar to the /tmp directory # cd /tmp # tar xvf openssh-3.1p1-VOLS.tar Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images. 5. References http://www.pine.nl/advisories/pine-cert-20020301.txt This and other advisories are located at http://stage.caldera.com/support/security This advisory addresses Caldera Security internal incidents sr861336, fz520315, erg711984. 6. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on our website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera International products. 7. Acknowledgements Joost Pol <joost@pine.nl> discovered and researched this vulnerability.