Lucene search

K
certCERTVU:333628
HistorySep 16, 2003 - 12:00 a.m.

OpenSSH contains buffer management errors

2003-09-1600:00:00
www.kb.cert.org
24

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.628 Medium

EPSS

Percentile

97.8%

Overview

Versions of the OpenSSH server prior to 3.7.1 contain buffer management errors. While the full impact of these vulnerabilities are unclear, they may lead to memory corruption and a denial-of-service situation.

Description

Versions of OpenSSH prior to 3.7.1 contain errors in the general handling of buffers. These vulnerabilities appear to occur due to some buffer management errors. Specifically, this is an issue with freeing the appropriate memory size on the heap. In certain cases, the memory cleared is too large and might cause heap corruption.

Various network and embedded systems may use OpenSSH or derived code. These systems may also be affected by this issue.

We have seen reports of exploitation that may be related to this issue.


Impact

The full impact of these vulnerabilities is unclear. The most likely impact is that the heap may be corrupted leading to a denial of service.
If it is possible to exploit this vulnerability in a manner that would allow the execution of arbitrary code then an attacker may be able to so with the privileges of the user running the sshd process, usually root. The impact may be limited on systems using the privilege separation feature available in OpenSSH for some systems.


Solution

Apply patches
The OpenSSH developement team has developed patches and an advisory for this issue. More details will be available at

<http://www.openssh.com/txt/buffer.adv&gt;
Users of systems that include OpenSSH software are encouraged to check the vendors section of this document for more information.


Disable or limit access to the ssh service

For those systems that do not require ssh to be enabled, we encourage users to disable the service. If the service cannot be disabled and patches cannot be applied, we recommend using a packet filter to limit access to the vulnerable service from only trusted hosts.


Vendor Information

333628

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

AppGate Network Security AB __ Affected

Updated: October 01, 2003

Status

Affected

Vendor Statement

AppGate versions from 4.0 up to and including 5.3.1 do include the vulnerable code. Patches are available from the appgate support pages at <http://www.appgate.com>.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Apple Computer, Inc. __ Affected

Notified: September 16, 2003 Updated: October 01, 2003

Status

Affected

Vendor Statement

Apple: Mac OS X 10.2.8 contains the patches to address CVE CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682. On Mac OS X versions prior to 10.2.8, the vulnerability is limited to a denial of service from the possibility of causing sshd to crash. Each login session has its own sshd, so established connections are preserved up to the point where system resources are exhausted by an attack.

To deliver the update in a rapid and reliable manner, only the patches for CVE IDs listed above were applied, and not the entire set of patches for OpenSSH 3.7.1. Thus, the OpenSSH version in Mac OS X 10.2.8, as obtained via the “ssh -V” command, is:

OpenSSH_3.4p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL 0x0090609f
Mac OS X 10.2.8 is available as a free update for customers running Mac OS X 10.2.x. It is available from:

Mac OS X Client (updating from 10.2 - 10.2.5):
<http://www.info.apple.com/kbnum/n120244&gt;

Mac OS X Client (updating from 10.2.6 - 10.2.7):
<http://www.info.apple.com/kbnum/n120245&gt;

Mac OS X Server (updating from 10.2 - 10.2.5):
<http://www.info.apple.com/kbnum/n120246&gt;

Mac OS X Server (updating from 10.2.6 - 10.2.7):
<http://www.info.apple.com/kbnum/n120247&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Cisco Systems, Inc. __ Affected

Notified: September 16, 2003 Updated: September 17, 2003

Status

Affected

Vendor Statement

Cisco has some products which are vulnerable to this issue. Cisco’s response is now published at <http://www.cisco.com/warp/public/707/cisco-sa-20030917-openssh.shtml&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Cray Inc. __ Affected

Notified: September 16, 2003 Updated: September 16, 2003

Status

Affected

Vendor Statement

Cray Inc. supports OpenSSH through its Cray Open Software (COS) package. Cray is vulnerable to this buffer management error and is in the process of compiling OpenSSH 3.7. The new version will be made available in the next COS release.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Cyclades Corporation __ Affected

Updated: September 22, 2003

Status

Affected

Vendor Statement

Cyclades Corporation Position:

Our Cyclades-TS and AlterPath ACS families have been updated against this vulnerability. Please go to Cyclades download page at:

<http://www.cyclades.com/support/downloads.php&gt;
All other Cyclades products are not affected by this advisory.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Debian Linux __ Affected

Notified: September 16, 2003 Updated: September 17, 2003

Status

Affected

Vendor Statement

Debian has issued DSA 382 and DSA 383 for these issues.

<http://www.debian.org/security/2003/dsa-382&gt;
<http://www.debian.org/security/2003/dsa-383&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

F-Secure __ Affected

Notified: September 16, 2003 Updated: September 18, 2003

Status

Affected

Vendor Statement

This vulnerability does not affect any version of F-Secure SSH software that utilizes ssh protocol version 2. The non-affected versions have been available since 1998.

This vulnerability only affects the following F-Secure SSH server versions: F-Secure SSH for Unix versions 1.3.14 and earlier.

More information is available from

<http://www.f-secure.com/support/technical/ssh/ssh1_openssh_buffer_management.shtml&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Foundry Networks Inc. __ Affected

Notified: September 16, 2003 Updated: October 15, 2003

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see <<http://www.foundrynet.com/solutions/advisories/openssh333628.html&gt;&gt;.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

FreeBSD, Inc. __ Affected

Notified: September 16, 2003 Updated: September 18, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

============================================================================= FreeBSD-SA-03:12 Security Advisory
FreeBSD, Inc.
Topic: OpenSSH buffer management error
Category: core, ports Module: openssh, ports_openssh, openssh-portable Announced: 2003-09-16 Credits: The OpenSSH Project &lt;[email protected]&gt; Affects: All FreeBSD releases after 4.0-RELEASE
FreeBSD 4-STABLE prior to the correction date openssh port prior to openssh-3.6.1_3 openssh-portable port prior to openssh-portable-3.6.1p2_3
Corrected: 2003-09-17 16:24:02 UTC (RELENG_4, 4.9-PRERELEASE) 2003-09-17 14:46:58 UTC (RELENG_5_1, 5.1-RELEASE-p4) 2003-09-17 14:50:14 UTC (RELENG_5_0, 5.0-RELEASE-p13) 2003-09-17 14:51:09 UTC (RELENG_4_8, 4.8-RELEASE-p6) 2003-09-17 14:51:37 UTC (RELENG_4_7, 4.7-RELEASE-p16) 2003-09-17 14:52:08 UTC (RELENG_4_6, 4.6-RELEASE-p19) 2003-09-17 14:52:42 UTC (RELENG_4_5, 4.5-RELEASE-p31) 2003-09-17 14:57:32 UTC (RELENG_4_4, 4.4-RELEASE-p41) 2003-09-17 14:58:56 UTC (RELENG_4_3, 4.3-RELEASE-p37) 2003-09-17 16:07:48 UTC (ports/security/openssh) 2003-09-17 16:07:48 UTC (ports/security/openssh-portable)
CVE: CAN-2003-0693, CAN-2003-0695, CAN-2003-0682 FreeBSD only: NO
0. Revision History
v1.0 2003-09-16 Initial release v1.1 2003-09-17 Typo in instructions for restarting sshd
Additional buffer management errors corrected
I. Background
OpenSSH is a free version of the SSH protocol suite of network connectivity tools. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods. ssh’ is the client application,
while sshd' is the server.
II. Problem Description
Several operations within OpenSSH require dynamic memory allocation or reallocation. Examples are: the receipt of a packet larger than available space in a currently allocated buffer; creation of additional channels beyond the currently allocated maximum; and allocation of new sockets beyond the currently allocated maximum. Many of these operations can fail either due to out of memory’ or
due to explicit checks for ridiculously sized requests. However, the
failure occurs after the allocation size has already been updated, so
that the bookkeeping data structures are in an inconsistent state (the
recorded size is larger than the actual allocation). Furthermore,
the detection of these failures causes OpenSSH to invoke several
fatal_cleanup' handlers, some of which may then attempt to use these inconsistent data structures. For example, a handler may zero and free a buffer in this state, and as a result memory outside of the allocated area will be overwritten with NUL bytes.
III. Impact
A remote attacker can cause OpenSSH to crash. The bug is not believed to be exploitable for code execution on FreeBSD.
IV. Workaround
Do one of the following:
1) Disable the base system sshd by executing the following command as root:

# kill cat /var/run/sshd.pid
Be sure that sshd is not restarted when the system is restarted by adding the following line to the end of /etc/rc.conf:

sshd_enable="NO"
AND
Deinstall the openssh or openssh-portable ports if you have one of them installed.

V. Solution
Do one of the following:
[For OpenSSH included in the base system]
1) Upgrade your vulnerable system to 4-STABLE or to the RELENG_5_1, RELENG_4_8, or RELENG_4_7 security branch dated after the correction date (5.1-RELEASE-p3, 4.8-RELEASE-p5, or 4.7-RELEASE-p15, respectively).

2) FreeBSD systems prior to the correction date:
The following patches have been verified to apply to FreeBSD 4.x and FreeBSD 5.x systems prior to the correction date.
Download the appropriate patch and detached PGP signature from the following locations, and verify the signature using your PGP utility.
`[FreeBSD 4.3 and 4.4]

fetch &lt;ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer44.patch&gt;

fetch &lt;ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer44.patch.asc&gt;

[FreeBSD 4.5]

fetch &lt;ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer45.patch&gt;

fetch &lt;ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer45.patch.asc&gt;

[FreeBSD 4.6 and later, FreeBSD 5.0 and later]

fetch &lt;ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer46.patch&gt;

fetch &lt;ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer46.patch.asc&gt;

Execute the following commands as root:
# cd /usr/src

patch < /path/to/sshd.patch

cd /usr/src/secure/lib/libssh

make depend && make all install

cd /usr/src/secure/usr.sbin/sshd

make depend && make all install

cd /usr/src/secure/usr.bin/ssh

make depend && make all install

Be sure to restart sshd' after updating.
# kill cat /var/run/sshd.pid`

/usr/sbin/sshd

[For the OpenSSH ports]
One of the following:
1) Upgrade your entire ports collection and rebuild the OpenSSH port.
2) Deinstall the old package and install a new package obtained from
the following directory:
[i386]
&lt;ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/&gt;
[other platforms]
Packages are not automatically generated for other platforms at this
time due to lack of build resources.
3) Download a new port skeleton for the openssh or openssh-portable
port from:
<http://www.freebsd.org/ports/&gt;``
and use it to rebuild the port.
4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
<ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz&gt;``
&lt;ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz&gt;
Be sure to restart sshd' after updating.
# kill cat /var/run/sshd.pid`

test -x /usr/local/etc/rc.d/sshd.sh && sh /usr/local/etc/rc.d/sshd.sh start

VI. Correction details
The following list contains the revision numbers of each file that was
corrected in the FreeBSD base system and ports collection.
Branch Revision
Path - -------------------------------------------------------------------------
[Base system]
RELENG_4 src/crypto/openssh/buffer.c 1.1.1.1.2.7
src/crypto/openssh/channels.c 1.1.1.1.2.10
src/crypto/openssh/deattack.c 1.1.1.1.2.5
src/crypto/openssh/misc.c 1.1.1.1.2.3
src/crypto/openssh/session.c 1.4.2.18
src/crypto/openssh/ssh-agent.c 1.2.2.11
src/crypto/openssh/version.h 1.1.1.1.2.12 RELENG_5_1
src/UPDATING 1.251.2.5
src/crypto/openssh/buffer.c 1.1.1.6.4.2
src/crypto/openssh/channels.c 1.15.2.1
src/crypto/openssh/deattack.c 1.1.1.5.4.1
src/crypto/openssh/misc.c 1.1.1.4.2.1
src/crypto/openssh/session.c 1.40.2.1
src/crypto/openssh/ssh-agent.c 1.18.2.1
src/crypto/openssh/version.h 1.20.2.2
src/sys/conf/newvers.sh 1.50.2.6 RELENG_5_0
src/UPDATING 1.229.2.19
src/crypto/openssh/buffer.c 1.1.1.6.2.2
src/crypto/openssh/channels.c 1.13.2.1
src/crypto/openssh/deattack.c 1.1.1.5.2.1
src/crypto/openssh/misc.c 1.1.1.3.2.1
src/crypto/openssh/session.c 1.38.2.1
src/crypto/openssh/ssh-agent.c 1.16.2.1
src/crypto/openssh/version.h 1.18.2.2
src/sys/conf/newvers.sh 1.48.2.14 RELENG_4_8
src/UPDATING 1.73.2.80.2.8
src/crypto/openssh/buffer.c 1.1.1.1.2.4.4.2
src/crypto/openssh/channels.c 1.1.1.1.2.8.2.1
src/crypto/openssh/deattack.c 1.1.1.1.2.4.4.1
src/crypto/openssh/misc.c 1.1.1.1.2.2.4.1
src/crypto/openssh/session.c 1.4.2.17.2.1
src/crypto/openssh/ssh-agent.c 1.2.2.10.2.1
src/crypto/openssh/version.h 1.1.1.1.2.10.2.2
src/sys/conf/newvers.sh 1.44.2.29.2.7 RELENG_4_7
src/UPDATING 1.73.2.74.2.19
src/crypto/openssh/buffer.c 1.1.1.1.2.4.2.2
src/crypto/openssh/channels.c 1.1.1.1.2.7.2.1
src/crypto/openssh/deattack.c 1.1.1.1.2.4.2.1
src/crypto/openssh/misc.c 1.1.1.1.2.2.2.1
src/crypto/openssh/session.c 1.4.2.16.2.1
src/crypto/openssh/ssh-agent.c 1.2.2.8.2.1
src/crypto/openssh/version.h 1.1.1.1.2.9.2.2
src/sys/conf/newvers.sh 1.44.2.26.2.18 RELENG_4_6
src/UPDATING 1.73.2.68.2.47
src/crypto/openssh/buffer.c 1.1.1.1.2.3.4.3
src/crypto/openssh/channels.c 1.1.1.1.2.6.2.2
src/crypto/openssh/deattack.c 1.1.1.1.2.3.4.2
src/crypto/openssh/misc.c 1.1.1.1.2.1.4.2
src/crypto/openssh/session.c 1.4.2.12.2.2
src/crypto/openssh/ssh-agent.c 1.2.2.7.4.2
src/crypto/openssh/version.h 1.1.1.1.2.8.2.3
src/sys/conf/newvers.sh 1.44.2.23.2.36 RELENG_4_5
src/UPDATING 1.73.2.50.2.48
src/crypto/openssh/buffer.c 1.1.1.1.2.3.2.2
src/crypto/openssh/channels.c 1.1.1.1.2.5.2.2
src/crypto/openssh/deattack.c 1.1.1.1.2.3.2.1
src/crypto/openssh/scp.c 1.1.1.1.2.4.2.1
src/crypto/openssh/session.c 1.4.2.11.2.1
src/crypto/openssh/ssh-agent.c 1.2.2.7.2.1
src/crypto/openssh/version.h 1.1.1.1.2.7.2.3
src/sys/conf/newvers.sh 1.44.2.20.2.32 RELENG_4_4
src/UPDATING 1.73.2.43.2.49
src/crypto/openssh/buffer.c 1.1.1.1.2.2.4.2
src/crypto/openssh/channels.c 1.1.1.1.2.4.4.2
src/crypto/openssh/deattack.c 1.1.1.1.2.2.4.1
src/crypto/openssh/scp.c 1.1.1.1.2.3.4.1
src/crypto/openssh/session.c 1.4.2.8.4.2
src/crypto/openssh/ssh-agent.c 1.2.2.6.4.1
src/crypto/openssh/version.h 1.1.1.1.2.5.2.4
src/sys/conf/newvers.sh 1.44.2.17.2.40 RELENG_4_3
src/UPDATING 1.73.2.28.2.36
src/crypto/openssh/buffer.c 1.1.1.1.2.2.2.2
src/crypto/openssh/channels.c 1.1.1.1.2.4.2.2
src/crypto/openssh/deattack.c 1.1.1.1.2.2.2.1
src/crypto/openssh/scp.c 1.1.1.1.2.3.2.1
src/crypto/openssh/session.c 1.4.2.8.2.2
src/crypto/openssh/ssh-agent.c 1.2.2.6.2.1
src/crypto/openssh/version.h 1.1.1.1.2.4.2.4
src/sys/conf/newvers.sh 1.44.2.14.2.26 [Ports]
ports/security/openssh-portable/Makefile 1.75
ports/security/openssh-portable/files/patch-buffer.c 1.2
ports/security/openssh-portable/files/patch-deattack.c 1.1
ports/security/openssh-portable/files/patch-misc.c 1.3
ports/security/openssh-portable/files/patch-session.c 1.16
ports/security/openssh-portable/files/patch-ssh-agent.c 1.1
ports/security/openssh/Makefile 1.122
ports/security/openssh/files/patch-buffer.c 1.2
ports/security/openssh/files/patch-deattack.c 1.1
ports/security/openssh/files/patch-misc.c 1.3
ports/security/openssh/files/patch-session.c 1.15
ports/security/openssh/files/patch-ssh-agent.c 1.1 - -------------------------------------------------------------------------
Branch Version string


HEAD OpenSSH_3.6.1p1 FreeBSD-20030917
RELENG_4 OpenSSH_3.5p1 FreeBSD-20030917
RELENG_5_1 OpenSSH_3.6.1p1 FreeBSD-20030917
RELENG_4_8 OpenSSH_3.5p1 FreeBSD-20030917
RELENG_4_7 OpenSSH_3.4p1 FreeBSD-20030917
RELENG_4_6 OpenSSH_3.4p1 FreeBSD-20030917
RELENG_4_5 OpenSSH_2.9 FreeBSD localisations 20030917
RELENG_4_4 OpenSSH_2.3.0 FreeBSD localisations 20030917
RELENG_4_3 OpenSSH_2.3.0 [email protected] 20030917


To view the version string of the OpenSSH server, execute the
following command:
% /usr/sbin/sshd -?
The version string is also displayed when a client connects to the
server.
To view the version string of the OpenSSH client, execute the
following command:
% /usr/bin/ssh -V
VII. References
<URL:&lt;http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html&gt;>
<URL:&lt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0693&gt;>
<URL:&lt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0695&gt;>
<URL:&lt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0682&gt;> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQE/aKuVFdaIBMps37IRAj/nAJ9x7UQj1Mp0vTAZBHnjGsp/9LQLlQCfVybJ
AVHLwTVUmQXV9S2naBBX14I=
=JhlR
-----END PGP SIGNATURE-----`

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Guardian Digital Inc. __ Affected

Notified: September 16, 2003 Updated: September 18, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

+------------------------------------------------------------------------+ | Guardian Digital Security Advisory September 18, 2003 | | ``&lt;http://www.guardiandigital.com&gt;`` ESA-20030918-024 | | | | Packages: openssh, openssh-clients, openssh-server | | Summary: additional buffer management bugs. | +------------------------------------------------------------------------+
EnGarde Secure Linux is an enterprise class Linux platform engineered to enable corporations to quickly and cost-effectively build a complete and secure Internet presence while preventing Internet threats.

`OVERVIEW

  • -------- After the release of ESA-20030916-023, the OpenSSH team discovered more
    buffer management bugs (fixed in OpenSSH 3.7.1) of the same type.`

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0695 to this issue.

Additionally, Solar Designer fixed additional bugs of this class. His fixes are included in this update.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0682 to this issue.

Guardian Digital products affected by this issue include:
EnGarde Secure Community v1.0.1 EnGarde Secure Community 2 EnGarde Secure Professional v1.1 EnGarde Secure Professional v1.2 EnGarde Secure Professional v1.5

It is recommended that all users apply this update as soon as possible.
`SOLUTION

  • -------- Guardian Digital Secure Network subscribers may automatically update
    affected systems by accessing their account from within the Guardian
    Digital WebTool.`

To modify your GDSN account and contact preferences, please go to:
&lt;https://www.guardiandigital.com/account/&gt;``
Below are MD5 sums for the updated EnGarde Secure Linux 1.0.1 packages:
Source Packages:
SRPMS/openssh-3.4p1-1.0.24.src.rpm MD5 Sum: 99fe7fb778502a2052bf77820c98e75f

Binary Packages:
i386/openssh-3.4p1-1.0.24.i386.rpm MD5 Sum: 47c27d82dedff376039757b982a64354

i386/openssh-clients-3.4p1-1.0.24.i386.rpm MD5 Sum: 033b6c372912ead498da72e61b726af5

i386/openssh-server-3.4p1-1.0.24.i386.rpm MD5 Sum: 9b9564ca3cbf8dd6f9a56fb19c2bbb7a

i686/openssh-3.4p1-1.0.24.i686.rpm MD5 Sum: 62b9c11f36e8ce38221d5eb31bf5e7f3

i686/openssh-clients-3.4p1-1.0.24.i686.rpm MD5 Sum: b3b382a4b4a5923b02f5eac7a1d35290

i686/openssh-server-3.4p1-1.0.24.i686.rpm MD5 Sum: 513893fc0ad8eda5ffdfc2f79c820e45

`REFERENCES

OpenSSH's Official Web Site: ``&lt;http://www.openssh.com/&gt;

Guardian Digital Advisories: ``&lt;http://infocenter.guardiandigital.com/advisories/&gt;

Security Contact: [email protected]
- -------------------------------------------------------------------------- Author: Ryan W. Maple &lt;[email protected]&gt; Copyright 2003, Guardian Digital, Inc.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/acadHD5cqd57fu0RAm6kAJ9Mri+Rq56dr8cwm82tcyOLDcZQJACgjE+A T+zQmXJeR4nmKZ4JfffjNyw= =01Ez -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

IBM Corporation __ Affected

Notified: September 16, 2003 Updated: October 01, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

The AIX Security Team is aware of the issues discussed in CERT Vulnerability Note VU#333628 and CERT Advisory CA-2003-24.
OpenSSH is available for AIX via the AIX Toolbox for Linux or the Bonus Pack.
OpenSSH 3.4p1, revision 9 contains fixes for this issue for the AIX Toolbox for Linux. For more information about the AIX Toolbox for Linux or to download OpenSSH 3.4p1 revision 9, please see:
&lt;http://www-1.ibm.com/servers/aix/products/aixos/linux/download.html&gt;``
Please note that AIX Toolbox for Linux is available "as-is" and is unwarranted.
Patched versions of OpenSSH for the Bonus Pack on AIX 5.1 and 5.2 are available Please see:
&lt;http://oss.software.ibm.com/developerworks/projects/opensshi&gt;`` -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32)
iD8DBQE/caebcnMXzUg7txIRAgOJAJ0Y6J/hQbjj55RfRv3cEzBhuNbN6wCdGghw JuV94jCMTXFz9xzJD3b5qo4= =Uhli -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

IBM eServer __ Affected

Notified: September 16, 2003 Updated: September 22, 2003

Status

Affected

Vendor Statement

For information related to this and other published CERT Advisories that may relate to the IBM eServer Platforms (xSeries, iSeries, pSeries, and zSeries) please go to

https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID=3D

In order to access this information you will require a Resource Link ID. To subscribe to Resource Link go to <http://app-06.www.ibm.com/servers/resourcelink&gt; and follow the steps for registration.

All questions should be refered to [email protected].

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Ingrian Networks, Inc. __ Affected

Notified: September 16, 2003 Updated: October 01, 2003

Status

Affected

Vendor Statement

Ingrian Networks Security Advisory ING-2003-05

Revision 1.0

Dated: 9/22/2003

Posted: <https://www.ingrian.com/support/iwsc/security.php&gt;

Summary

The Ingrian DataSecure platform secures business applications and data.

This advisory describes a vulnerabilty in all Ingrian platforms.
This vulnerability is in the SSH server, which is used for secure
access to the command line interface (CLI). There are buffer overflow
bugs in the SSH server that could allow an attacker who can connect to the
ssh port to crash the SSH server. At this time there are no
known exploits, nor are there any known attacks that exploit the
buffer overflow to obtain access to an Ingrian device.

There is a workaround: block access to port 22 (ssh) at the firewall.

Applying the appropriate patch from those listed below will
fix the vulnerability. The patches are available at
<https://www.ingrian.com/support/iwsc/security.php&gt;

Affected Products

All releases of the IngrianOS.

Details

Sshd, prior to version 3.71, contains buffer overflow bugs that
can allow an attacker to crash the program.

This vulnerability was announced in CERT advisory CA-2003-24
(<http://www.cert.org/advisories/CA-2003-24.html&gt;)

Impact

An attacker could use this vulnerability to perform a denial-of-service
attack on an Ingrian device. Since the Ingrian watches and restarts
critical services, even if the vulnerability were exploited on an
Ingrian device, the period that service would be denied is short.
If attackers develop exploits that put the attacker’s code on the
stack, it would be possible for them to obtain access to the
affected machines.

Ingrian is not aware of any exploits currently in the field.

Software Versions and Fixes

This vulnerability is fixed in these patches:

2.6.3p02
2.8.2p02
2.9.0p07

These patches are released as “untested” patches, meaning that they
have gone through an acceptance test but have not yet passed the
full QA cycle. Fully tested patches will be released shortly.
Please contact your Ingrian representative.

Obtaining A Fix

Customers with service contracts should go through the regular
update channels to obtain the software upgrades identified in this
advisory. For most customers with service contracts, this means
that upgrades should be obtained through the Ingrian Support Center
at <https://www.ingrian.com/suppport&gt;

Workarounds

This vulnerability exists only when attackers can access the
ssh port, port 22. Disabling access to port 22 at the outer
firewall prevents the attack. See your firewall vendors’
documentation for details.

Another workaround is to disable SSH Administration.
To do this, select Maintenance, then Services. Click on
‘SSH Administration’ and then click the ‘disable startup’ button.
Then click ‘Stop’.

Source

This vulnerability was reported in CERT announcement CA-2003-24.

Revision History

Version 1.0, dated 9/19/2003

Copyright

This advisory is copyright 2003 by Ingrian Networks, Inc. This advisory
may be redistributed freely, provided that redistributed copies are
complete and unmodified, including all date and version information.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Juniper Networks, Inc. __ Affected

Notified: September 16, 2003 Updated: September 22, 2003

Status

Affected

Vendor Statement

Juniper Networks has identified this vulnerability in all shipping versions of JUNOS and coded a software fix. The fix will be included in all releases of JUNOS Internet software built on or after September 17. Customers with current support contracts should contact JTAC to obtain the fix for this vulnerability.

JUNOSe and SDX are not vulnerable to this issue.

Contract customers can review the details at:

https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2003-09-007&actionBtn=Search

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Mandriva, Inc. __ Affected

Notified: September 16, 2003 Updated: September 18, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

`- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT


PACKAGE : openssh
SUMMARY : Remote vulnerabilities
DATE : 2003-09-17 18:48:00
ID : CLA-2003:741
RELEVANT
RELEASES : 7.0, 8, 9
- -------------------------------------------------------------------------
DESCRIPTION
OpenSSH[1] is a very popular and versatile tool that uses encrypted
connections between hosts and is commonly used for remote
administration.`

This update fixes new vulnerabilities found in the code that handles buffers in OpenSSH. These vulnerabilities are similiar to the ones fixed in the CLSA-2003:739 announcement[2] (CAN-2003-0693) and can be exploited by a remote attacker to cause a denial of service condition and potentially execute arbitrary code (although there is still no concrete evidence of that).

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0695 to this additional issue[3].

The OpenSSH team released the version 3.7.1 which fixes this vulnerability[4]. This update contains the versions originally distributed with Conectiva Linux added of backported patches.

Additionally, patches made by Solar Designer to fix memory bugs in other parts of the code are being added. Althought it is unlikely that these bugs are exploitable, they are being treatead as security fixes by now and have the name CAN-2003-0682 assigned[5] by The Common Vulnerabilities and Exposures project (cve.mitre.org).

SOLUTION It is recommended that all OpenSSH users upgrade their packages.

The ssh service will be automatically restarted during the upgrade if it is already running. Current ssh sessions will remain open during the restart.

REFERENCES: 1.http://www.openssh.org 2.http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000739&idioma=en 3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0695 4.http://www.openssh.com/txt/buffer.adv 5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0682

UPDATED PACKAGES ``&lt;ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-3.4p1-1U70_3cl.i386.rpm&gt;`` ``&lt;ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-askpass-3.4p1-1U70_3cl.i386.rpm&gt;`` ``&lt;ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-askpass-gnome-3.4p1-1U70_3cl.i386.rpm&gt;`` ``&lt;ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-clients-3.4p1-1U70_3cl.i386.rpm&gt;`` ``&lt;ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-server-3.4p1-1U70_3cl.i386.rpm&gt;`` ``&lt;ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/openssh-3.4p1-1U70_3cl.src.rpm&gt;`` ``&lt;ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-3.4p1-1U80_3cl.i386.rpm&gt;`` ``&lt;ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-askpass-3.4p1-1U80_3cl.i386.rpm&gt;`` ``&lt;ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-askpass-gnome-3.4p1-1U80_3cl.i386.rpm&gt;`` ``&lt;ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-clients-3.4p1-1U80_3cl.i386.rpm&gt;`` ``&lt;ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-server-3.4p1-1U80_3cl.i386.rpm&gt;`` ``&lt;ftp://atualizacoes.conectiva.com.br/8/SRPMS/openssh-3.4p1-1U80_3cl.src.rpm&gt;`` ``&lt;ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-3.5p1-27767U90_2cl.i386.rpm&gt;`` ``&lt;ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-askpass-3.5p1-27767U90_2cl.i386.rpm&gt;`` ``&lt;ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-askpass-gnome-3.5p1-27767U90_2cl.i386.rpm&gt;`` ``&lt;ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-clients-3.5p1-27767U90_2cl.i386.rpm&gt;`` ``&lt;ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-server-3.5p1-27767U90_2cl.i386.rpm&gt;`` ``&lt;ftp://atualizacoes.conectiva.com.br/9/SRPMS/openssh-3.5p1-27767U90_2cl.src.rpm&gt;``

ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades:

`- run: apt-get update

  • after that, execute: apt-get upgrade`

Detailed instructions reagarding the use of apt and upgrade examples can be found at ``&lt;http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en&gt;

- ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at ``&lt;http://distro.conectiva.com.br/seguranca/chave/?idioma=en&gt;`` Instructions on how to check the signatures of the RPM packages can be found at ``&lt;http://distro.conectiva.com.br/seguranca/politica/?idioma=en&gt;``
- ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at ``&lt;http://distro.conectiva.com.br/atualizacoes/?idioma=en&gt;``
- ------------------------------------------------------------------------- Copyright (c) 2003 Conectiva Inc. ``&lt;http://www.conectiva.com&gt;``
- ------------------------------------------------------------------------- subscribe: [email protected] unsubscribe: [email protected] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see ``&lt;http://www.gnupg.org&gt;``
iD8DBQE/aNbu42jd0JmAcZARAnByAJ4la1+ZTsDPuuQoFcu4ygjk406b5wCg11KG KWI0pS7VlyuaHtgastTIZrA= =QKv8 -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Mandriva, Inc. __ Affected

Notified: September 16, 2003 Updated: September 17, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

________________________________________________________________________
`Mandrake Linux Security Update Advisory


Package name: openssh
Advisory ID: MDKSA-2003:090-1
Date: September 17th, 2003
Original Advisory Date: September 16th, 2003
Affected versions:8.2, 9.0, 9.1, Corporate Server 2.1, Multi Network Firewall 8.2


Problem Description:
A buffer management error was discovered in all versions of openssh
prior to version 3.7. According to the OpenSSH team’s advisory:
“It is uncertain whether this error is potentially exploitable,
however, we prefer to see bugs fixed proactively.” There have also
been reports of an exploit in the wild.`

MandrakeSoft encourages all users to upgrade to these patched openssh packages immediately and to disable sshd until you are able to upgrade if at all possible.

Update:
The OpenSSH developers discovered more, similar, problems and revised the patch to correct these issues. These new packages have the latest patch fix applied.
________________________________________________________________________
References:
&lt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0693&gt;`` ``&lt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0695&gt;`` ``&lt;http://www.kb.cert.org/vuls/id/333628&gt;`` ``&lt;http://www.openssh.com/txt/buffer.adv&gt;
________________________________________________________________________
Updated Packages:
Corporate Server 2.1: e4dd6a2be580feeceddb7bf702646992 corporate/2.1/RPMS/openssh-3.6.1p2-1.2.90mdk.i586.rpm b643425ed773606865f31797db73b6d5 corporate/2.1/RPMS/openssh-askpass-3.6.1p2-1.2.90mdk.i586.rpm bf403b678dd74c14c489bf5a32939e80 corporate/2.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.2.90mdk.i586.rpm c4ec1f56320d69a37455d4f74da30d2d corporate/2.1/RPMS/openssh-clients-3.6.1p2-1.2.90mdk.i586.rpm 0252fc0a7273c7c2ebbe4ae92fe492c6 corporate/2.1/RPMS/openssh-server-3.6.1p2-1.2.90mdk.i586.rpm 8909a7349c3e18993784900e1c501dc8 corporate/2.1/SRPMS/openssh-3.6.1p2-1.2.90mdk.src.rpm

Corporate Server 2.1/x86_64: 7a297d5ad1cf8f266a7045e5ed6407b4 x86_64/corporate/2.1/RPMS/openssh-3.6.1p2-1.2.90mdk.x86_64.rpm 0e1047d7ac87e4cb2fc83f51156f89e8 x86_64/corporate/2.1/RPMS/openssh-askpass-3.6.1p2-1.2.90mdk.x86_64.rpm 09592be1376bff2acb58577eb22927e5 x86_64/corporate/2.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.2.90mdk.x86_64.rpm cb39634d5cb6811a53e833a566dca625 x86_64/corporate/2.1/RPMS/openssh-clients-3.6.1p2-1.2.90mdk.x86_64.rpm 2e49b64404318ee3c10f7088781f36da x86_64/corporate/2.1/RPMS/openssh-server-3.6.1p2-1.2.90mdk.x86_64.rpm 8909a7349c3e18993784900e1c501dc8 x86_64/corporate/2.1/SRPMS/openssh-3.6.1p2-1.2.90mdk.src.rpm

Mandrake Linux 8.2: 862ccaea668653af1dd98d4f4cba388e 8.2/RPMS/openssh-3.6.1p2-1.2.82mdk.i586.rpm abb351c902abd9bcfc7eefd0d8e56b43 8.2/RPMS/openssh-askpass-3.6.1p2-1.2.82mdk.i586.rpm 614a6bd4680be732689f5bd1e791a351 8.2/RPMS/openssh-askpass-gnome-3.6.1p2-1.2.82mdk.i586.rpm baa534caf5c7121741a7089e11cd169e 8.2/RPMS/openssh-clients-3.6.1p2-1.2.82mdk.i586.rpm 6f0b03ff0dd99857159177d3e797e916 8.2/RPMS/openssh-server-3.6.1p2-1.2.82mdk.i586.rpm d6fd51341f521dc7fc2086915dcaec20 8.2/SRPMS/openssh-3.6.1p2-1.2.82mdk.src.rpm

Mandrake Linux 8.2/PPC: c453de5cac92707c112c9245663fd25c ppc/8.2/RPMS/openssh-3.6.1p2-1.2.82mdk.ppc.rpm 48211a23e464b38ebd4e7deed7347f48 ppc/8.2/RPMS/openssh-askpass-3.6.1p2-1.2.82mdk.ppc.rpm 77d27118abff6a1d6c0f57c167fefb52 ppc/8.2/RPMS/openssh-askpass-gnome-3.6.1p2-1.2.82mdk.ppc.rpm b58b03854614f14c861f42121d165a2b ppc/8.2/RPMS/openssh-clients-3.6.1p2-1.2.82mdk.ppc.rpm 9c477dda47eab7cad24839d0ea43e6a4 ppc/8.2/RPMS/openssh-server-3.6.1p2-1.2.82mdk.ppc.rpm d6fd51341f521dc7fc2086915dcaec20 ppc/8.2/SRPMS/openssh-3.6.1p2-1.2.82mdk.src.rpm

Mandrake Linux 9.0: e4dd6a2be580feeceddb7bf702646992 9.0/RPMS/openssh-3.6.1p2-1.2.90mdk.i586.rpm b643425ed773606865f31797db73b6d5 9.0/RPMS/openssh-askpass-3.6.1p2-1.2.90mdk.i586.rpm bf403b678dd74c14c489bf5a32939e80 9.0/RPMS/openssh-askpass-gnome-3.6.1p2-1.2.90mdk.i586.rpm c4ec1f56320d69a37455d4f74da30d2d 9.0/RPMS/openssh-clients-3.6.1p2-1.2.90mdk.i586.rpm 0252fc0a7273c7c2ebbe4ae92fe492c6 9.0/RPMS/openssh-server-3.6.1p2-1.2.90mdk.i586.rpm 8909a7349c3e18993784900e1c501dc8 9.0/SRPMS/openssh-3.6.1p2-1.2.90mdk.src.rpm

Mandrake Linux 9.1: 2f657dd739f51adad400b75e627db53a 9.1/RPMS/openssh-3.6.1p2-1.2.91mdk.i586.rpm 2284741fdae6b3809b85f1f193dc9c7b 9.1/RPMS/openssh-askpass-3.6.1p2-1.2.91mdk.i586.rpm 3462362cb6364701bfe536541f24d349 9.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.2.91mdk.i586.rpm 5a8b2d3763dfc4dd77c7705401b4155e 9.1/RPMS/openssh-clients-3.6.1p2-1.2.91mdk.i586.rpm 508f52a1bc06e57b5176c31dc7d1674b 9.1/RPMS/openssh-server-3.6.1p2-1.2.91mdk.i586.rpm 4d9c124f212d3ad840bc19f6579784fc 9.1/SRPMS/openssh-3.6.1p2-1.2.91mdk.src.rpm

Mandrake Linux 9.1/PPC: bf558d8fba0c8f779f73e8a3f75956d8 ppc/9.1/RPMS/openssh-3.6.1p2-1.2.91mdk.ppc.rpm ca0ff77a847d5485cf03e4abb1fc7a88 ppc/9.1/RPMS/openssh-askpass-3.6.1p2-1.2.91mdk.ppc.rpm 4c45f30751958b8347713b818a55caf1 ppc/9.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.2.91mdk.ppc.rpm e7912e06b6bf2579badac32f583d8511 ppc/9.1/RPMS/openssh-clients-3.6.1p2-1.2.91mdk.ppc.rpm 809424b2dd19bd2f654fdf4743fc5a8b ppc/9.1/RPMS/openssh-server-3.6.1p2-1.2.91mdk.ppc.rpm 4d9c124f212d3ad840bc19f6579784fc ppc/9.1/SRPMS/openssh-3.6.1p2-1.2.91mdk.src.rpm

Multi Network Firewall 8.2: 862ccaea668653af1dd98d4f4cba388e mnf8.2/RPMS/openssh-3.6.1p2-1.2.82mdk.i586.rpm baa534caf5c7121741a7089e11cd169e mnf8.2/RPMS/openssh-clients-3.6.1p2-1.2.82mdk.i586.rpm 6f0b03ff0dd99857159177d3e797e916 mnf8.2/RPMS/openssh-server-3.6.1p2-1.2.82mdk.i586.rpm d6fd51341f521dc7fc2086915dcaec20 mnf8.2/SRPMS/openssh-3.6.1p2-1.2.82mdk.src.rpm
________________________________________________________________________
`Bug IDs fixed (see &lt;https://qa.mandrakesoft.com&gt; for more information):


To upgrade automatically, use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
A list of FTP mirrors can be obtained from:
<http://www.mandrakesecure.net/en/ftp.php&gt;``
All packages are signed by MandrakeSoft for security. You can obtain
the GPG public key of the Mandrake Linux Security Team by executing:
gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrake Linux at:
<http://www.mandrakesecure.net/en/advisories/&gt;``
MandrakeSoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:
<http://www.mandrakesecure.net/en/mlist.php&gt;``
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE/aIYrmqjQ0CJFipgRAkuzAKCZtNMVd9LqiR0CVbkz9XILvIB4hACeIlqv
LB/u5JclV/2Ny+Cao90MLTc=
=0Nsc
-----END PGP SIGNATURE-----`

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Mirapoint __ Affected

Notified: September 16, 2003 Updated: September 18, 2003

Status

Affected

Vendor Statement

Mirapoint released a patch (D3_SSH_CA_2003_24) last night to fix the first reported vulnerability and will release D3_SSH_CA_2003_24_1 to cover the second.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

NetBSD __ Affected

Notified: September 16, 2003 Updated: September 17, 2003

Status

Affected

Vendor Statement

The NetBSD Security Advisory on the OpenSSH buffer management issue is available here:

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-012.txt.asc

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Network Appliance __ Affected

Notified: September 16, 2003 Updated: August 12, 2008

Status

Affected

Vendor Statement

This issue applies only to SecureAdmin on Data ONTAP versions earlier than 6.4.3, and SecureAdmin for NetCache releases earlier than 5.5R2.

All current releases (NetCache 5.6, 6.0 and 6.1, and Filer 6.5, 7.0, 7.1, 7.2, 7.3 and 10.0) have been secured against this issue.

If you have an affected release:

Disable the SSH server on the filer or NetCache appliance, or if it must remain enabled, ensure that the ssh.access option (config.admin.trusted_hosts in NetCache) is used to restrict ssh connections to authorized administrative hosts.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Nokia __ Affected

Notified: September 16, 2003 Updated: September 18, 2003

Status

Affected

Vendor Statement

Nokia confirms that IPSO and IPSO-SX are affected by the vulnerability described in CERT Coordination Center Vulnerability Note VU#333628. We are currently backporting the patches provided by the OpenSSH team into the OpenSSH versions deployed within IPSO and IPSO-SX.

According to CERT/CC, the most likely impact of the vulnerability is the potential for a DoS attack if an exploit script is repeatedly executed against the same device. This potential can be eliminated by restricting access to SSH, allowing access only from trusted workstations by using either Access Control Lists (ACLs) or firewall rules to restrict access to TCP port 22.

To prevent automated scanners from successfully exploiting this vulnerability, ensure that the SSH server does not run on the default port of TCP 22 and is running on an alternate port, preferably above port 1024. In IPSO, this can be done by going to the “Security and Access Configuration” section in Voyager and selecting “SSH (Secure Shell),” then click on the “Go to the advanced server options page” link. From here, under the “Configure Server Protocol Details” heading, the TCP port number for the SSH service can be changed to a different value.

We expect to provide updated releases of IPSO and IPSO-SX the week of September 22, 2003.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

OpenPKG __ Affected

Updated: September 17, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

________________________________________________________________________
`OpenPKG Security Advisory The OpenPKG Project
&lt;http://www.openpkg.org/security.html&gt; &lt;http://www.openpkg.org&gt;
[email protected] [email protected]
OpenPKG-SA-2003.040 17-Sep-2003


Package: openssh
Vulnerability: arbitrary code execution
OpenPKG Specific: no
Affected Releases: Affected Packages: Corrected Packages:
OpenPKG CURRENT <= openssh-3.7p1-20030916 >= openssh-3.7.1p1-20030917
OpenPKG 1.3 <= openssh-3.6.1p2-1.3.1 >= openssh-3.6.1p2-1.3.2
OpenPKG 1.2 <= openssh-3.5p1-1.2.3 >= openssh-3.5p1-1.2.4
Dependent Packages: none
Description:
According to an OpenSSH [1] Security Advisory [0], 2nd revision, all
versions of OpenSSH’s sshd(8) prior to version 3.7.1 contain buffer
management errors. The discovery of additional similar errors by
Solar Designer show that version 3.7.1 is affected, too. Those errors
may allow remote attackers to execute arbitrary code by causing an
incorrect amount of memory to be cleared and corrupting the heap on
fatal cleanups.`

The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2003-0693 [2] to the problem, as initially explained in the 1st revision of the OpenSSH Security Advisory [0]. In the current 2nd revision, similar problems were described and fixed, too. Additionally, Solaris Designer found 4 more problematic instances of similar memory management errors. The corrected OpenPKG packages (see versions above) contain the collected bug fixes for all of those errors.

Please check whether you are affected by running "&lt;prefix&gt;/bin/rpm -q openssh". If you have the "openssh" package installed and its version is affected (see above), we recommend that you immediately upgrade it (see Solution). [3][4]

Notice that the previous package versions openssh-3.7p1-20030916, openssh-3.6.1p2-1.3.1 and openssh-3.5p1-1.2.3 contain the bug fixes from the OpenSSH Security Advisory [0], 1st revision, only. You are strongly advised to upgrade to the latest package versions because of the contained additional bug fixes.

Solution: Select the updated source RPM appropriate for your OpenPKG release [5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror location, verify its integrity [9], build a corresponding binary RPM from it [3] and update your OpenPKG installation by applying the binary RPM [4]. For the current release OpenPKG 1.3, perform the following operations to permanently fix the security problem (for other releases adjust accordingly).

`$ ftp ftp.openpkg.org
ftp> bin
ftp> cd release/1.3/UPD
ftp> get openssh-3.6.1p2-1.3.2.src.rpm
ftp> bye
$ <prefix>/bin/rpm -v --checksig openssh-3.6.1p2-1.3.2.src.rpm
$ <prefix>/bin/rpm --rebuild openssh-3.6.1p2-1.3.2.src.rpm
$ su -

<prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/openssh-3.6.1p2-1.3.2.*.rpm`

________________________________________________________________________
References: [0] ``&lt;http://www.openssh.com/txt/buffer.adv&gt;`` [1] ``&lt;http://www.openssh.com/&gt;`` [2] ``&lt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0693&gt;`` [3] ``&lt;http://www.openpkg.org/tutorial.html#regular-source&gt;`` [4] ``&lt;http://www.openpkg.org/tutorial.html#regular-binary&gt;`` [5] ``&lt;ftp://ftp.openpkg.org/release/1.3/UPD/openssh-3.6.1p2-1.3.2.src.rpm&gt;`` [6] ``&lt;ftp://ftp.openpkg.org/release/1.2/UPD/openssh-3.5p1-1.2.4.src.rpm&gt;`` [8] ``&lt;ftp://ftp.openpkg.org/release/1.3/UPD/&gt;`` [7] ``&lt;ftp://ftp.openpkg.org/release/1.2/UPD/&gt;`` [9] ``&lt;http://www.openpkg.org/security.html#signature&gt;
________________________________________________________________________
`For security reasons, this advisory was digitally signed with the
OpenPGP public key “OpenPKG <[email protected]>” (ID 63C4CB9F) of the
OpenPKG project which you can retrieve from &lt;http://pgp.openpkg.org&gt; and
hkp://pgp.openpkg.org. Follow the instructions on &lt;http://pgp.openpkg.org/&gt;
for details on how to verify the integrity of this advisory.


-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <[email protected]>
iD8DBQE/aBsSgHWT4GPEy58RAuzEAJ9nHSDAWuei8cKha78J96d80capfgCgk+o7
4tYQRFxKe/DU86lAynKHRpo=
=i3sR
-----END PGP SIGNATURE-----`

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

OpenSSH __ Affected

Notified: September 16, 2003 Updated: September 17, 2003

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

This issue is resolved in version 3.7.1. Please see the OpenSSH advisory at: <http://www.openssh.com/txt/buffer.adv&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Openwall GNU/*/Linux __ Affected

Notified: September 16, 2003 Updated: September 18, 2003

Status

Affected

Vendor Statement

The OpenSSH package in Openwall GNU/*/Linux did contain the buffer / memory management errors. As of 2003/09/17, we have included the fixes from OpenSSH 3.7.1 as well as 4 additional fixes to other such real or potential errors based on an exhaustive review of the OpenSSH source code for uses of *realloc() functions. At this time, it is uncertain whether and which of these bugs are exploitable. If exploits are possible, due to privilege separation, the worst direct impact should be limited to arbitrary code execution under the sshd pseudo-user account restricted within the chroot jail /var/empty, or under the logged in user account

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Red Hat, Inc. __ Affected

Notified: September 16, 2003 Updated: September 18, 2003

Status

Affected

Vendor Statement

Red Hat Linux and Red Hat Enterprise Linux ship with an OpenSSL package vulnerable to these issues. Updated OpenSSL packages are available along with our advisory at the URLs below. Users of the Red Hat Network can update their systems using the ‘up2date’ tool.

Red Hat Linux:

<http://rhn.redhat.com/errata/RHSA-2003-279.html&gt;
Red Hat Enterprise Linux:

<http://rhn.redhat.com/errata/RHSA-2003-280.html&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Riverstone Networks __ Affected

Notified: September 16, 2003 Updated: October 01, 2003

Status

Affected

Vendor Statement

Riverstone Networks has issued an advisory on this issue at <http://www.riverstonenet.com/support/tb0265-9.html&gt;.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

SCO __ Affected

Notified: September 16, 2003 Updated: October 07, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

______________________________________________________________________________
SCO Security Advisory
`Subject:OpenServer 5.0.7 : OpenSSH: multiple buffer handling problems
Advisory number: CSSA-2003-SCO.24
Issue date: 2003 October 1
Cross reference: sr884749 fz528324 erg712436 CERT VU#33362 CERT VU#602204 CAN-2003-0693 CAN-2003-0786 CAN-2003-0695 CAN-2003-0682


`

1. Problem Description
Several buffer management errors and memory bugs are corrected by this patch.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to these issues. CAN-2003-0693, CAN-2003-0695, CAN-2003-0682, CAN-2003-0786.

The CERT Coordination Center has assigned the following names VU#333628, and VU#602204.

CERT VU#333628 / CAN-2003-0693: A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CAN-2003-0695

CAN-2003-0695: Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CAN-2003-0693.

CAN-2003-0682: "Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CAN-2003-0693 and CAN-2003-0695.

CERT VU#602204 / CAN-2003-0786: Portable OpenSSH versions 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the new PAM code. At least one of these bugs is remotely exploitable (under a non-standard configuration, with privsep disabled). OpenServer is not configured to use PAM, so is not vulnerable.

2. Vulnerable Supported Versions
`SystemBinaries

OpenServer 5.0.7 OpenSSH Distribution`

3. Solution
The proper solution is to install the latest packages.

4. OpenServer 5.0.7
4.1 Location of Fixed Binaries
&lt;ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.24&gt;``
4.2 Verification
MD5 (VOL.000.000) = f36194ca559c850794874f9c7a0b2a18 MD5 (VOL.000.001) = 02b76bd551a0a95f2544b8999c6fbcbf MD5 (VOL.000.002) = 6818513c946dbcd43a3f34fc19ef79fc MD5 (VOL.000.003) = 8149c475968c3d7318eda33f30ce8045

md5 is available for download from ``&lt;ftp://ftp.sco.com/pub/security/tools&gt;

4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download the VOL* files to the /tmp directory
2) Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images.

5. References
Specific references for this advisory: ``&lt;http://www.openssh.com/txt/buffer.adv&gt;`` ``&lt;http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html&gt;`` ``&lt;http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/security/openssh/files/patch-buffer.c&gt;`` ``[http://marc.theaimsgroup.com/?l=openbsd-misc&m=106371592604940](&lt;http://marc.theaimsgroup.com/?l=openbsd-misc&m=106371592604940&gt;)`` ``[http://marc.theaimsgroup.com/?l=openbsd-security-announce&m=106375582924840](&lt;http://marc.theaimsgroup.com/?l=openbsd-security-announce&m=106375582924840&gt;)

SCO security resources: ``&lt;http://www.sco.com/support/security/index.html&gt;

This security fix closes SCO incidents sr884749 fz528324 erg712436.

6. Disclaimer
SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)
iD8DBQE/eyW6aqoBO7ipriERAugiAJwP8ehQ81QNC7EuX8NEkINrtvII0gCfTbZl HrkB1nNF8uxgUSgnWHR61O4= =p5ga -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

SUSE Linux __ Affected

Notified: September 16, 2003 Updated: September 18, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________
SuSE Security Announcement
Package: openssh (second release) Announcement-ID: SuSE-SA:2003:039 Date: Thursday, Sep 18 2003 20:00 MEST Affected products: 7.2, 7.3, 8.0, 8.1, 8.2
SuSE Linux Database Server, SuSE eMail Server III, 3.1 SuSE Linux Enterprise Server 7, 8 SuSE Linux Firewall on CD/Admin host SuSE Linux Connectivity Server SuSE Linux Office Server SuSE Linux Standard Server 8
Vulnerability Type: potential remote privilege escalation Severity (1-10): 8 SuSE default package: yes Cross References: ``&lt;http://www.openssh.com/txt/buffer.adv&gt;
CERTVU#333628 ``&lt;http://www.kb.cert.org/vuls/id/333628&gt;`` CVE CAN-2003-0693 CVE CAN-2003-0695 CVE CAN-2003-0682

`Content of this advisory:

  1. security vulnerability resolved: openssh problem description, discussion, solution and upgrade information
  2. pending vulnerabilities, solutions, workarounds: - mysql
  3. standard appendix (further information)`

______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
The openssh package is the most widely used implementation of the secure shell protocol family (ssh). It provides a set of network connectivity tools for remote (shell) login, designed to substitute the traditional BSD-style r-protocols (rsh, rlogin). openssh has various authentification mechanisms and many other features such as TCP connection and X11 display forwarding over the fully encrypted network connection as well as file transfer facilities.

This is a new release of SuSE Security Announcement (openssh), ID SuSE-SA:2003:038. A set of new bugs were addressed by the openssh development team. These bugs are fixed in the new 3.7.1 upstream release of the openssh package; we have added the necessary changes to our packages preserving the package version to avoid the risk of incompatible behaviour of the software.

Specifics about the errors found: (Topic for SuSE Security Announcement SuSE-SA:2003:038:) A programming error has been found in code responsible for buffer management. If exploited by a (remote) attacker, the error may lead to unauthorized access to the system, allowing the execution of arbitrary commands. The error is known as the buffer_append_space()-bug and is assigned the Common Vulnerabilities and Exposures (CVE) name CAN-2003-0693. The error was cause for the upstream release openssh-3.7.

(Topic for SuSE Security Announcement SuSE-SA:2003:039 (this announcement):) Programming errors of a similar kind as described above have been found in other portions of the code, with similar effects. These errors are known as "buffer.c/channels.c bug", the CVE name for these errors is CAN-2003-0695. This set of errors was cause for the upstream release openssh-3.7.1. In addition to the fixes for the buffer.c/channels.c bugs we have added some changes that have been assembled by Solar Designer during his review of the source code. These fixes are considered a precautious measure and are not believed to have a significant effect on the security of the openssh code.

At the time of writing this announcement, we believe that at least one set of errors as described above is exploitable by a remote attacker. As a reminder, at the time of writing the SuSE Security Announcement SuSE-SA:2003:038 it was unclear if the bug addressed with the announcement (buffer_append_space()-bug) is exploitable. An increasing amount of TCP connection attempts to port 22 as observed in the internet during the past days may indicate that there exists an exploit for the error in the public.

Please note that we have disabled the Privilege Separation feature in the ssh daemon (sshd) with this update. The PrivSep feature is designed to have parts of the ssh daemon's work running under lowered privileges, thereby limiting the effect of a possible vulnerability in the code. The PrivSep feature is turned on/off by the UsePrivilegeSeparation keyword in sshd's configuration file /etc/ssh/sshd_config. The feature is held responsible for malfunctions in PAM (Pluggable Authentification Modules). The update mechanism will not overwrite configuration files that have been altered after the package installation.

`SPECIAL INSTALL INSTRUCTIONS:

After the update has been successfully applied, the ssh daemon (sshd)
must be restarted for update package to become effective. To restart the
ssh daemon after the update, please run the following command as root:`

rcsshd restart

Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web.

Intel i386 Platform:
SuSE-8.2: ``&lt;ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/openssh-3.5p1-107.i586.rpm&gt;
e030b0803481d0f29f576e3b4726284f patch rpm(s): ``&lt;ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/openssh-3.5p1-107.i586.patch.rpm&gt;
d022894363b99e6bd03e9b2109c2244c source rpm(s): ``&lt;ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/openssh-3.5p1-107.src.rpm&gt;
3f7f5ed43c7d795c63fe06148874944a
SuSE-8.1: ``&lt;ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/openssh-3.4p1-215.i586.rpm&gt;
91cdd33a4149756b8f6371aa3177a5f4 patch rpm(s): ``&lt;ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/openssh-3.4p1-215.i586.patch.rpm&gt;
3b7c44819c8fed5e33514481d99d4ab7 source rpm(s): ``&lt;ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/openssh-3.4p1-215.src.rpm&gt;
6c3694fc75bcf185035547b85abbc491
SuSE-8.0: ``&lt;ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec1/openssh-3.4p1-215.i386.rpm&gt;
c61781b97767188cc3a39795535307ff patch rpm(s): ``&lt;ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec1/openssh-3.4p1-215.i386.patch.rpm&gt;
c222aef79a8fef6d44d8d61fc075efc5 source rpm(s): ``&lt;ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/openssh-3.4p1-215.src.rpm&gt;
bc327a4150058c9d1216cb96712973a5
SuSE-7.3: ``&lt;ftp://ftp.suse.com/pub/suse/i386/update/7.3/sec1/openssh-2.9.9p2-156.i386.rpm&gt;
c9928c04b03cb292aa96ad6890a5ee38 source rpm(s): ``&lt;ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/openssh-2.9.9p2-156.src.rpm&gt;
28aa82be9233e3ba93b94eb138c9ea04
SuSE-7.2: ``&lt;ftp://ftp.suse.com/pub/suse/i386/update/7.2/sec1/openssh-2.9.9p2-156.i386.rpm&gt;
b369724a788a2c6bd70a448a49530f69 source rpm(s): ``&lt;ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/openssh-2.9.9p2-156.src.rpm&gt;
98b8b7281fe04aab8c8838adcf195697

Sparc Platform:
SuSE-7.3: ``&lt;ftp://ftp.suse.com/pub/suse/sparc/update/7.3/sec1/openssh-2.9.9p2-53.sparc.rpm&gt;
97cb0218e9354b8cc062e44a0d6fb19f source rpm(s): ``&lt;ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/openssh-2.9.9p2-53.src.rpm&gt;
8cddb96e633864469d7ba08d3cf7436a

PPC Power PC Platform:
SuSE-7.3: ``&lt;ftp://ftp.suse.com/pub/suse/ppc/update/7.3/sec1/openssh-2.9.9p2-109.ppc.rpm&gt;
37b1e82a3971f5c4c427ce37227b11e0 source rpm(s): ``&lt;ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/openssh-2.9.9p2-109.src.rpm&gt;
7a19424887772b86d14bacbf5add9628

______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- A buffer overflow vulnerability has been found in the mysql package, an Open Source relational database system. The error may allow a remote attacker to execute arbitrary code with the privileges of the database process. We are in the process of building and testing the update packages and will release them with a SuSE Security Announcement as soon as possible.

______________________________________________________________________________
3) standard appendix: authenticity verification, additional information
- Package authenticity verification:
`SuSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:

  1. md5sums as provided in the (cryptographically signed) announcement.
  2. using the internal gpg signatures of the rpm package.`

1) execute the command md5sum &lt;name-of-the-file.rpm&gt;
after you downloaded the file from a SuSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key [email protected]), the checksums show proof of the authenticity of the package. We disrecommend to subscribe to security lists which cause the email message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless.

2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command
rpm -v --checksig &lt;file.rpm&gt; to verify the signature of the package, where &lt;file.rpm&gt; is the filename of the rpm package that you have downloaded. Of course, package authenticity verification can only target an un-installed rpm package file. Prerequisites:
a) gpg is installed b) The package is signed using a certain key. The public part of this
key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SuSE in rpm packages for SuSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root):
gpg --batch; gpg &lt; announcement.txt | gpg --import SuSE Linux distributions version 7.1 and thereafter install the key "[email protected]" upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at ``&lt;ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de&gt;`` .

- SuSE runs two security mailing lists to which any interested party may subscribe:

`[email protected]

  • general/linux/SuSE security discussion. All SuSE security announcements are sent to this list.
    To subscribe, send an email to <[email protected]>.
    [email protected]
  • SuSE’s announce-only mailing list. Only SuSE’s security announcements are sent to this list.
    To subscribe, send an email to <[email protected]>.
    For general information or the frequently asked questions (faq)
    send mail to: <[email protected]> or
    <[email protected]> respectively.`

===================================================================== SuSE's security contact is &lt;[email protected]&gt; or &lt;[email protected]&gt;. The &lt;[email protected]&gt; public key is listed below. =====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, it is desired that the clear-text signature shows proof of the authenticity of the text. SuSE Linux AG makes no warranties of any kind whatsoever with respect to the information contained in this security advisory.

Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team &lt;[email protected]&gt; pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key &lt;[email protected]&gt;
- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see ``&lt;http://www.gnupg.org&gt;``
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
`Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC

  • -----END PGP PUBLIC KEY BLOCK-----
    Roman Drahtmüller,
    SuSE Security.
  • - -
    | Roman Drahtmüller <[email protected]> // “You don’t need eyes to see, | SuSE Linux AG - Security Phone: // you need vision!”
    | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.7 (GNU/Linux)
    iQEVAwUBP2n2qXey5gA9JdPZAQHLjAgAkiNLQzgEp8lIZVsbFdL66oMhogQjJaF6
    kd9X1BQmx7Ad9ANs87ur68jZ3an0sIxTi63KkSiE83GsX69tubmQTn6myA11b95T
    AfjXAaZxCPaQF7AZzR9M8cX9aKDNkybyyszkcXXG5DjlrkHZTSLH7UcBsTMdOo+o
    5i4iIVNeQorKE/PEiRIA0xv2yJjbhzZ5bRQ1GdTetfo5ffaOKgMhuDBA5szGkHtQ
    MgLdZpwCOTptDChZZV4mWsN6GuGELhE5GvzeyUGnAWYAp/KUN3w7QJOx3u0T5X5x
    9Wsc9UThtkSdHYtDAngEtL+bcJLXAm79Rt8e1OoBhscqu6xpJNpKag==
    =/e0m
    -----END PGP SIGNATURE-----
    `

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Slackware __ Affected

Updated: September 16, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

[slackware-security] OpenSSH Security Advisory (SSA:2003-259-01)
`Upgraded OpenSSH packages are available for Slackware 8.1, 9.0 and

  • -current. These fix a buffer management error found in versions of
    OpenSSH earlier than 3.7. The possibility exists that this error
    could allow a remote exploit, so we recommend all sites running
    OpenSSH upgrade to the new OpenSSH package immediately.
    `

Here are the details from the Slackware 9.0 ChangeLog: +--------------------------+ Tue Sep 16 11:13:05 PDT 2003 patches/packages/openssh-3.7p1-i386-1.tgz: Upgraded to openssh-3.7p1.
From the OpenSSH Security Advisory (``&lt;http://www.openssh.com/txt/buffer.adv&gt;``):
"All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively."
(* Security fix *) +--------------------------+

WHERE TO FIND THE NEW PACKAGES: +-----------------------------+
Updated package for Slackware 8.1: ``&lt;ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssh-3.7p1-i386-1.tgz&gt;``
Updated package for Slackware 9.0: ``&lt;ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssh-3.7p1-i386-1.tgz&gt;``
Updated package for Slackware -current: ``&lt;ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-3.7p1-i486-1.tgz&gt;``

MD5 SIGNATURES: +-------------+
Slackware 8.1 package: a86d410e47fe8ab4a8e9f04293a94093 openssh-3.7p1-i386-1.tgz
Slackware 9.0 package: ca1d0b1e658c5391067f2a9cf11fc239 openssh-3.7p1-i386-1.tgz
Slackware -current package: c58003eaaf4362c8475f0f5a77f2adbb openssh-3.7p1-i486-1.tgz

INSTALLATION INSTRUCTIONS: +------------------------+
(This procedure is safe to do while logged in through OpenSSH)
`Upgrade using upgradepkg (as root):

upgradepkg openssh-3.7p1-i386-1.tgz

Restart OpenSSH:
. /etc/rc.d/rc.sshd restart
`

+-----+
Slackware Linux Security Team ``&lt;http://slackware.com/gpg-key&gt;`` [email protected]
+------------------------------------------------------------------------+ | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | +------------------------------------------------------------------------+ | Send an email to [email protected] with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! | +------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/Z1e9akRjwEAQIjMRAmufAJ9LzlDM92HI9GHUD6VBb7XszGvnQwCfd9cf REvURD6OFDRCs4EhBQUsnuk= =7iqn -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Sun Microsystems, Inc. __ Affected

Notified: September 16, 2003 Updated: January 16, 2007

Status

Affected

Vendor Statement

The Solaris Secure Shell in Solaris 9 is impacted by this issue described in CERT Vulnerability Note VU#333628. Sun has published Sun Alert 56861 available here:

<http://sunsolve.sun.com/search/document.do?assetkey=1-26-56861-1&gt;

which details the impact, contributing factors, workaround options, and resolution. This issue does not affect the Solaris Secure Shell in Solaris 10.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

TFS Technology Affected

Updated: September 17, 2003

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Trustix Secure Linux __ Affected

Updated: September 17, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

- -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2003-0033
Package name: openssh Summary: Buffer Management error Date: 2003-09-17 Affected versions: TSL 1.2, 1.5, 2.0
- -------------------------------------------------------------------------- Package description:
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to seperate libraries (OpenSSL).

Problem description: Taken from the announcement of openssh 3.7.1:

All versions of OpenSSH's sshd prior to 3.7.1 contain buffer management errors. It is uncertain whether these errors are potentially exploitable, however, we prefer to see bugs fixed proactively.

OpenSSH 3.7 fixed one of these bugs.
OpenSSH 3.7.1 fixes more similar bugs.
The TSL team has choosen to backport these fixes into the various versions of openssh packaged in TSL.

Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system.

Location: All TSL updates are available from &lt;URI:``&lt;http://www.trustix.net/pub/Trustix/updates/&gt;``&gt; &lt;URI:``&lt;ftp://ftp.trustix.net/pub/Trustix/updates/&gt;``&gt;

About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater.

Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'.

Users of TSL 1.2 can get SWUP from: &lt;URI:``&lt;ftp://ftp.trustix.net/pub/Trustix/software/swup/&gt;``&gt; (In later versions of TSL, SWUP is included in the default installation.)

Public testing: These packages have been available for public testing for some time. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at &lt;URI:``&lt;http://www.trustix.net/pub/Trustix/testing/&gt;``&gt; &lt;URI:``&lt;ftp://ftp.trustix.net/pub/Trustix/testing/&gt;``&gt;

You may also use swup for public testing of updates for TSL 2.0 and later:
site { class = 0 location = "``&lt;http://snow.trustix.org/cloud/rdfs/latest.rdf&gt;``" regexp = ".*"
}

Questions? Check out our mailing lists: &lt;URI:``&lt;http://www.trustix.net/support/&gt;``&gt;

Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key is available from: &lt;URI:``&lt;http://www.trustix.net/TSL-GPG-KEY&gt;``&gt;

The advisory itself is available from the errata pages at &lt;URI:``&lt;http://www.trustix.net/errata/trustix-1.2/&gt;``&gt;, &lt;URI:``&lt;http://www.trustix.net/errata/trustix-1.5/&gt;``&gt; and &lt;URI:``&lt;http://www.trustix.net/errata/trustix-2.0/&gt;``&gt; or directly at &lt;URI:``&lt;http://www.trustix.net/errata/misc/2003/TSL-2003-0033-openssh.asc.txt&gt;``&gt;

`MD5sums of the packages:


55d636ae51c9e355e02fd9988c78471f ./2.0/SRPMS/openssh-3.6.1p2-4tr.src.rpm
3855df802a31aef02312537c44f24d5f ./2.0/RPMS/openssh-server-config-3.6.1p2-4tr.i586.rpm
3b99832e6d4ee04058c69b4f8767feab ./2.0/RPMS/openssh-server-3.6.1p2-4tr.i586.rpm
68ac388fc68fe725cb6cdd8207017c1f ./2.0/RPMS/openssh-clients-3.6.1p2-4tr.i586.rpm
1bb394fdf22f158a4c5ce154a5284318 ./2.0/RPMS/openssh-3.6.1p2-4tr.i586.rpm
abe0f77d98845e40d14548be63f7341c ./1.5/SRPMS/openssh-3.1.0p1-6tr.src.rpm
9af4176b0919f9ee54e83df88248a9dd ./1.5/RPMS/openssh-server-3.1.0p1-6tr.i586.rpm
877030c628b6986e034474068c41e139 ./1.5/RPMS/openssh-clients-3.1.0p1-6tr.i586.rpm
d97d217516f01761d7bc610dfd07e51e ./1.5/RPMS/openssh-3.1.0p1-6tr.i586.rpm
abe0f77d98845e40d14548be63f7341c ./1.2/SRPMS/openssh-3.1.0p1-6tr.src.rpm
32a74b28d709f09e4752daeb52113cb3 ./1.2/RPMS/openssh-server-3.1.0p1-6tr.i586.rpm
568a01beee4559b803d6457555850507 ./1.2/RPMS/openssh-clients-3.1.0p1-6tr.i586.rpm
925a2a23976c90b5f046c4966c7df80b ./1.2/RPMS/openssh-3.1.0p1-6tr.i586.rpm


`

Trustix Security Team
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/aFQAwRTcg4BxxS0RAmeyAJ0eRmlx+/K3fDBQ5dRDnBxCTfZBaACfQjac D1B4ib580D4o0FLThRTc1X8= =zIeb -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

VMware __ Affected

Updated: October 01, 2003

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see, <http://www.vmware.com/download/esx/esx152-patch5.html&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Bitvise __ Not Affected

Notified: September 16, 2003 Updated: September 16, 2003

Status

Not Affected

Vendor Statement

Our software shares no codebase with the OpenSSH implementation, therefore we believe that, in our products, this problem does not exist.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Fujitsu __ Not Affected

Notified: September 16, 2003 Updated: September 22, 2003

Status

Not Affected

Vendor Statement

Fujitsu’s UXP/V o.s. is not affected by the problem in VU#333628 because it does not support the SSH.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Hitachi __ Not Affected

Notified: September 16, 2003 Updated: October 07, 2003

Status

Not Affected

Vendor Statement

Hitachi HI-UX/WE2 is NOT vulnerable, because it does not support OpenSSH.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Microsoft Corporation Not Affected

Notified: September 16, 2003 Updated: September 16, 2003

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Pragma Systems __ Not Affected

Notified: September 16, 2003 Updated: October 01, 2003

Status

Not Affected

Vendor Statement

We have tested our code and double checked for the code vulnerability and we have found that our code is NOT vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Putty __ Not Affected

Notified: September 16, 2003 Updated: September 16, 2003

Status

Not Affected

Vendor Statement

PuTTY is not based on the OpenSSH code base, so it should not be vulnerable to any OpenSSH-specific attacks.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

SSH Communications Security __ Not Affected

Updated: September 17, 2003

Status

Not Affected

Vendor Statement

SSH Secure Shell products do not contain the buffer management error. SSH Communications Security products have different code base than OpenSSH.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Secure Computing Corporation __ Not Affected

Updated: September 22, 2003

Status

Not Affected

Vendor Statement

Sidewinder® and Sidewinder G2 Firewall™ (including all appliances)

Not Vulnerable.

Sidewinder v5.x & Sidewinder G2 v6.x’s embedded Type Enforcement® technology strictly limits the capabilities of Secure Computing’s modified version of the OpenSSH daemon code integrated into the firewall’s SecureOS operating system. Any attempt to exploit this vulnerability in the OpenSSH daemon code running on the firewalls results in an automatic termination of the attacker’s connection and multiple Type Enforcement alarms.
Gauntlet™ & e-ppliance

Not Vulnerable.

Gauntlet and e-ppliance do not include SSH server software, and are thus immune to this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Top Layer Networks __ Not Affected

Updated: September 18, 2003

Status

Not Affected

Vendor Statement

This notification is to inform you that Top Layer products are not susceptible to the recently announce OpenSSH vulnerability (versions prior to 3.7.1) which appear to occur as a result of buffer management errors. Specifically, this is an issue with freeing the appropriate memory size on the heap, where in certain cases, the memory cleared is too large and might cause heap corruption.

More detailed information about this vulnerability can be found at:

OpenSSH link:

<http://www.openssh.com/txt/buffer.adv&gt;
Top Layer Networks advises following best security practices by restricting the management of any Top Layer device to required address range and ports, as well as denying access to all protocols that are not required.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

VanDyke Software Inc. __ Not Affected

Notified: September 16, 2003 Updated: September 16, 2003

Status

Not Affected

Vendor Statement

No VanDyke products are affected by this vulnerability. VanDyke does not use any OpenSSH code.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

3Com Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

AT&T Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Alcatel Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Avaya Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Berkeley Software Design, Inc. Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

D-Link Systems Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

EMC Corporation Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Extreme Networks Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

F5 Networks, Inc. Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

FiSSH Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

FreSSH Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Hewlett-Packard Company __ Unknown

Notified: September 16, 2003 Updated: September 18, 2003

Status

Unknown

Vendor Statement

============================================== Hewlett-Packard Company

SOURCE: Hewlett-Packard Company Software Security Response Team (SSRT)

Date: 16 September, 2003 CROSS REFERENCE ID: SSRT3629

At the time of writing this document, Hewlett Packard is currently investigating the potential impact to HP released operating system software.

HP will provide notice of the availability of any necessary patches through standard security bulletin announcements and be available from your normal HP Services support channel.

To report any security issue for any HP software products send email to [email protected]
==============================================

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

IBM-zSeries Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Intel Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Intersoft International Inc. Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Lachman Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Lsh Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Lucent Technologies Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

MacSSH Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

MontaVista Software, Inc. Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Multi-Tech Systems Inc. Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

NEC Corporation Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

NETcomposite Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

NetApp Unknown

Notified: August 12, 2008 Updated: August 12, 2008

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NetScreen Technologies Inc. Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Nortel Networks, Inc. Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

OpenBSD Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Redback Networks Inc. Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

SGI Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Sequent Computer Systems, Inc. Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Sony Corporation Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

TTSSH/TeraTerm Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Unisys Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Wind River Systems, Inc. Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Wirex Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

Zyxel Unknown

Notified: September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23333628 Feedback>).

View all 78 vendors __View less vendors __

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to OpenSSH for information regarding this vulnerability.

This document was written by Jason A Rafail.

Other Information

CVE IDs: CVE-2003-0693
CERT Advisory: CA-2003-24 Severity Metric:

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.628 Medium

EPSS

Percentile

97.8%