TUCoPS :: Unix :: General :: n-158.txt

CERT Portable OpenSSH server PAM vulnerability (CIAC N-158) 


             __________________________________________________________

                       The U.S. Department of Energy
                   Computer Incident Advisory Capability
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

                CERT: Portable OpenSSH server PAM Vulnerability
                         [Vulnerability Note VU#209807]

September 30, 2003 18:00 GMT                                      Number N-158
______________________________________________________________________________
PROBLEM:       A vulnerability in the Portable OpenSSH server that may corrupt 
               the PAM conversion stack. 
PLATFORM:      OpenSSH 3.7.1p1 (portable) 
DAMAGE:        The complete impact of this vulnerability is not yet known, but 
               may lead to privilege escalation, or a denial of service. 
SOLUTION:      Change the config file or apply upgrades. 
               (Note--changing the config file for CIAC N-157 CERT OpenSSH 
               PAM challenge authentication failure, fixes this.) 
______________________________________________________________________________
VULNERABILITY  The risk is MEDIUM. The complete impact of this vulnerability 
ASSESSMENT:    is not yet known, but may lead to privilege escalation, or a 
               denial of service. 
______________________________________________________________________________
LINKS: 
 CIAC BULLETIN:      http://www.ciac.org/ciac/bulletins/n-158.shtml 
 ORIGINAL BULLETIN:  http://www.kb.cert.org/vuls/id/209807 
______________________________________________________________________________

[***** Start Vulnerability Note VU#209807 *****]

Vulnerability Note VU#209807

Portable OpenSSH server PAM conversion stack corruption

Overview

There is a vulnerability in the Portable OpenSSH server that may corrupt the PAM 
conversion stack. 

I. Description

The Portable OpenSSH server contains a vulnerability that may permit an attacker to 
corrupt the PAM conversion stack. Versions 3.7p1 and 3.7.1p1 are affected. Note that 
the OpenBSD-specific releases are not affected by this issue. 

II. Impact

The complete impact of this vulnerability is not yet known, but may lead to privilege 
escalation, or a denial of service.

III. Solution

OpenSSH has announced version 3.7.1p2 to resolve this issue. 

This issue can be mitigated by not using PAM. Set "UsePAM no" in sshd_config. 

Systems Affected

Vendor Status Date Updated 
OpenSSH Vulnerable 24-Sep-2003 

References

http://marc.theaimsgroup.com/?l=openbsd-misc&m=106432248311634&w=2
http://www.openssh.com/txt/sshpam.adv 

Credit

Thanks to OpenSSH for reporting this vulnerability. 

This document was written by Jason A Rafail. 

Other Information

Date Public 09/23/2003 
Date First Published 09/24/2003 11:06:09 AM 
Date Last Updated 09/24/2003 
CERT Advisory   
CVE Name CAN-2003-0787 
Metric 1.50 
Document Revision 2 

[***** End Vulnerability Note VU#209807 *****]

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH