SSH Tectia Client and Server ssh-signer local privilege escalation

2008-01-08T00:00:00
ID VU:921339
Type cert
Reporter CERT
Modified 2008-01-14T14:53:00

Description

Overview

The SSH Communications Security Tectia Client and Server products are vulnerable to privilege escalation, which may allow a local user to gain root access.

Description

The SSH Tectia Client and Server products contain an unspecified privilege escalation vulnerability in ssh-signer. A local user may be able to obtain root access. According to SSH Communications Security:

AFFECTED PRODUCTS
* SSH Tectia client and SSH Tectia Server 5.0, 5.1, 5.2 and 5.3 up to 5.2.3 and 5.3.5 (all Linux and Unix)

NOT AFFECTED PRODUCTS
4.x or older SSH Tectia client/server solution versions are NOT affected.
Any version of SSH Tectia client/server solution for IBM mainframes is NOT affected.
* Any version of SSH Tectia client/server solution for Windows is NOT affected.


Impact

A local user may be able to obtain root access.


Solution

Apply an update

This issue is addressed in SSH Tectia Client/Server solution 5.2.4 and 5.3.6.


Remove ssh-signer

This vulnerability can be mitigated by removing the ssh-signer binary, which is located in /opt/tectia/``libexec``/. Note that this will disable host-based authentication of the SSH Tectia Client. This will have no adverse effect on SSH Tectia Server.


Vendor Information

921339

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

SSH Communications Security Corp __ Affected

Updated: January 08, 2008

Status

Affected

Vendor Statement

Immediate work-around is to remove the ssh-signer binary which is located in /opt/tectia/libexec/.

Note that this will disable host-based authentication of the SSH Tectia Client.
This has no adverse effect on SSH Tectia Server installation.
You can also update your system to SSH Tectia client/server solution 5.2.4 or 5.3.6, which will fix the vulnerability.
Once the update has been made, you can safely use the product again.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | |
Temporal | |
Environmental | |

References

  • <http://www.ssh.com/products/client-server/>
  • <http://xforce.iss.net/xforce/xfdb/39569>
  • <http://www.securitytracker.com/id?1019167>
  • <http://secunia.com/advisories/28247/>
  • <http://www.securityfocus.com/bid/27191>

Acknowledgements

Thanks to Tuomas Siren for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

CVE IDs: | CVE-2007-5616
---|---
Severity Metric: | 2.25
Date Public: | 2008-01-08
Date First Published: | 2008-01-08
Date Last Updated: | 2008-01-14 14:53 UTC
Document Revision: | 6