TUCoPS :: SCO :: cs2sco11.txt

Open UNIX, UnixWare: OpenSSH channel code vulnerability - Caldera Advisory CSSA-2002-SCO.11

To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca


___________________________________________________________________________

            Caldera International, Inc. Security Advisory

Subject:                Open UNIX, UnixWare: OpenSSH channel code vulnerability
Advisory number:        CSSA-2002-SCO.11
Issue date:             2002 March 12
Cross reference:        CSSA-2002-SCO.10
___________________________________________________________________________


1. Problem Description

        A  bug exists in the  channel code  of  OpenSSH  versions  2.0
        though 3.0.2.

        Existing users can use this bug  to gain root privileges.  The
        ability to exploit this vulnerability without an existing user
        account  has  not  yet  been  proven,  but  it  is  considered
        possible.  A  malicious ssh server could also  use this bug to
        exploit a connecting vulnerable client.
                                                

2. Vulnerable Supported Versions

        Operating System        Version         Affected Files
        ------------------------------------------------------------------
        UnixWare                7.1.1           all ssh distribution files
        Open UNIX               8.0.0           all ssh distribution files


3. Workaround

        None.


4. Open UNIX, UnixWare

  4.1 Location of Fixed Binaries

        ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/


  4.2 Verification

        MD5 (openssh-3.1p1.pkg) = 795ce670574cfad348996be551cd498e

        md5 is available for download from
                ftp://stage.caldera.com/pub/security/tools/


  4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following commands:

        Download openssh-3.1p1.pkg to the /tmp directory

        # pkgadd -d /tmp/openssh-3.1p1.pkg


5. References

        http://www.pine.nl/advisories/pine-cert-20020301.txt

        This and other advisories are located at
                http://stage.caldera.com/support/security

        This advisory addresses Caldera Security internal incidents
        sr861335, fz520314, erg711983.


6. Disclaimer

        Caldera International, Inc. is not  responsible for the misuse
        of  any of  the  information we provide on  our website and/or
        through our  security advisories. Our advisories are a service
        to  our customers  intended to promote secure installation and
        use of Caldera International products.


7. Acknowledgements

        Joost  Pol  <joost@pine.nl>  discovered  and  researched  this
        vulnerability.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH