Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:921339
HistoryJan 08, 2008 - 12:00 a.m.

SSH Tectia Client and Server ssh-signer local privilege escalation

2008-01-0800:00:00
www.kb.cert.org
21

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

Overview

The SSH Communications Security Tectia Client and Server products are vulnerable to privilege escalation, which may allow a local user to gain root access.

Description

The SSH Tectia Client and Server products contain an unspecified privilege escalation vulnerability in ssh-signer. A local user may be able to obtain root access. According to SSH Communications Security:

AFFECTED PRODUCTS

  • SSH Tectia client and SSH Tectia Server 5.0, 5.1, 5.2 and 5.3 up to 5.2.3 and 5.3.5 (all Linux and Unix)

NOT AFFECTED PRODUCTS

  • 4.x or older SSH Tectia client/server solution versions are NOT affected.
  • Any version of SSH Tectia client/server solution for IBM mainframes is NOT affected.
  • Any version of SSH Tectia client/server solution for Windows is NOT affected.

Impact

A local user may be able to obtain root access.

Solution

Apply an update

This issue is addressed in SSH Tectia Client/Server solution 5.2.4 and 5.3.6.

Remove ssh-signer

This vulnerability can be mitigated by removing the ssh-signer binary, which is located in /opt/tectia/``libexec``/. Note that this will disable host-based authentication of the SSH Tectia Client. This will have no adverse effect on SSH Tectia Server.

Vendor Information

921339

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

SSH Communications Security Corp __ Affected

Updated: January 08, 2008

Status

Affected

Vendor Statement

Immediate work-around is to remove the ssh-signer binary which is located in /opt/tectia/libexec/.

Note that this will disable host-based authentication of the SSH Tectia Client.
This has no adverse effect on SSH Tectia Server installation.
You can also update your system to SSH Tectia client/server solution 5.2.4 or 5.3.6, which will fix the vulnerability.
Once the update has been made, you can safely use the product again.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Tuomas Siren for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

CVE IDs: CVE-2007-5616
Severity Metric: 2.25 Date Public:

Related

cve 1
prion 1
nvd 1
cvelist 1
cve
cve
CVE-2007-5616
2008-01-09 21:46:00
prion
prion
Design/Logic Flaw
2008-01-09 21:46:00
nvd
nvd
CVE-2007-5616
2008-01-09 21:46:00
cvelist
cvelist
CVE-2007-5616
2008-01-09 21:00:00

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON
Related for VU:921339
cve1prion1nvd1cvelist1