Lucene search

DebianDEBIAN:DSA-1189-1:26174

HistoryOct 04, 2006 - 7:32 p.m.

[SECURITY] [DSA 1189-1] New openssh-krb5 packages fix denial of service and potential execution of arbitrary code

2006-10-0419:32:23

lists.debian.org

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.725 High

EPSS

Percentile

98.0%

JSON

Debian Security Advisory DSA 1189-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
October 4th, 2006 http://www.debian.org/security/faq

Package : openssh-krb5
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-4924 CVE-2006-5051

Several remote vulnerabilities have been discovered in OpenSSH, a free
implementation of the Secure Shell protocol, which may lead to denial of
service and potentially the execution of arbitrary code. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-4924

Tavis Ormandy of the Google Security Team discovered a denial of
service vulnerability in the mitigation code against complexity
attacks, which might lead to increased CPU consumption until a
timeout is triggered. This is only exploitable if support for 
SSH protocol version 1 is enabled.

CVE-2006-5051

Mark Dowd discovered that insecure signal handler usage could
potentially lead to execution of arbitrary code through a double
free. The Debian Security Team doesn&#x27;t believe the general openssh
package without Kerberos support to be exploitable by this issue.
However, due to the complexity of the underlying code we will
issue an update to rule out all eventualities.

For the stable distribution (sarge) these problems have been fixed in
version 3.8.1p1-7sarge1.

For the unstable distribution (sid) these problems have been fixed in
version 4.3p2-4 of openssh. openssh-krb5 will soon be converted towards
a transitional package against openssh.

We recommend that you upgrade your openssh-krb5 packages.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.8.1p1-7sarge1.dsc
  Size/MD5 checksum:      693 d0a8ac5b868c5f84fd372c9ef597f3a6
http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.8.1p1-7sarge1.diff.gz
  Size/MD5 checksum:   167076 1fcdbc92c7a0992711b2dc67b9923ba7
http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.8.1p1.orig.tar.gz
  Size/MD5 checksum:   795948 9ce6f2fa5b2931ce2c4c25f3af9ad50d

Alpha architecture:

http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_alpha.deb
  Size/MD5 checksum:   909896 44611f5a619acf0bccdeb366d76f39c5

AMD64 architecture:

http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_amd64.deb
  Size/MD5 checksum:   773658 dc8335560cead18af3fa4eb52911af92

ARM architecture:

http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_arm.deb
  Size/MD5 checksum:   689752 18e79d4e27c0ec313147e0951ef6082a

HP Precision architecture:

http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_hppa.deb
  Size/MD5 checksum:   780142 5e692daa057c38f1fa1f0f877824e991

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_i386.deb
  Size/MD5 checksum:   706910 a4eda3cc320f77d2dc1065976086c31f

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_ia64.deb
  Size/MD5 checksum:  1004916 91f89e80f1a27f942bd5fe9e7ae2ba3e

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_m68k.deb
  Size/MD5 checksum:   651232 8f41b159434ef7bf3187cd4954e816cc

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_mips.deb
  Size/MD5 checksum:   790716 cbc586aa73bcf295cd61f1c09e8015d8

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_mipsel.deb
  Size/MD5 checksum:   793644 3364603438fceb21bffdd3efb4887e0e

PowerPC architecture:

http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_powerpc.deb
  Size/MD5 checksum:   757954 ddb9cbba0e84f84da8e60fcbcbaddbae

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_s390.deb
  Size/MD5 checksum:   771520 2148d40fa59dc98b94ac6a03ed2c444f

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_sparc.deb
  Size/MD5 checksum:   694800 9c059e2e4ba232774a522da0a2757f06

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

OSVersionArchitecturePackageVersionFilename
Debian3.1i386openssh-server-udeb< 1:3.8.1p1-8.sarge.6openssh-server-udeb_1:3.8.1p1-8.sarge.6_i386.deb
Debian4mipselopenssh-client-udeb< 1:4.3p2-9etch3openssh-client-udeb_1:4.3p2-9etch3_mipsel.deb
Debian3.1hppassh< 1:3.8.1p1-8.sarge.6ssh_1:3.8.1p1-8.sarge.6_hppa.deb
Debian4amd64openssh-server< 1:4.3p2-9etch3openssh-server_1:4.3p2-9etch3_amd64.deb
Debian3.1amd64ssh< 1:3.8.1p1-8.sarge.6ssh_1:3.8.1p1-8.sarge.6_amd64.deb
Debian4mipselopenssh-server< 1:4.3p2-9etch3openssh-server_1:4.3p2-9etch3_mipsel.deb
Debian4alphaopenssh-client< 1:4.3p2-9etch3openssh-client_1:4.3p2-9etch3_alpha.deb
Debian4alphaopenssh-client-udeb< 1:4.3p2-9etch3openssh-client-udeb_1:4.3p2-9etch3_alpha.deb
Debian4mipsssh-askpass-gnome< 1:4.3p2-9etch3ssh-askpass-gnome_1:4.3p2-9etch3_mips.deb
Debian3.1mipsssh-askpass-gnome< 1:3.8.1p1-8.sarge.6ssh-askpass-gnome_1:3.8.1p1-8.sarge.6_mips.deb

OS	Version	Architecture	Package	Version	Filename
Debian	3.1	i386	openssh-server-udeb	< 1:3.8.1p1-8.sarge.6	openssh-server-udeb_1:3.8.1p1-8.sarge.6_i386.deb
Debian	4	mipsel	openssh-client-udeb	< 1:4.3p2-9etch3	openssh-client-udeb_1:4.3p2-9etch3_mipsel.deb
Debian	3.1	hppa	ssh	< 1:3.8.1p1-8.sarge.6	ssh_1:3.8.1p1-8.sarge.6_hppa.deb
Debian	4	amd64	openssh-server	< 1:4.3p2-9etch3	openssh-server_1:4.3p2-9etch3_amd64.deb
Debian	3.1	amd64	ssh	< 1:3.8.1p1-8.sarge.6	ssh_1:3.8.1p1-8.sarge.6_amd64.deb
Debian	4	mipsel	openssh-server	< 1:4.3p2-9etch3	openssh-server_1:4.3p2-9etch3_mipsel.deb
Debian	4	alpha	openssh-client	< 1:4.3p2-9etch3	openssh-client_1:4.3p2-9etch3_alpha.deb
Debian	4	alpha	openssh-client-udeb	< 1:4.3p2-9etch3	openssh-client-udeb_1:4.3p2-9etch3_alpha.deb
Debian	4	mips	ssh-askpass-gnome	< 1:4.3p2-9etch3	ssh-askpass-gnome_1:4.3p2-9etch3_mips.deb
Debian	3.1	mips	ssh-askpass-gnome	< 1:3.8.1p1-8.sarge.6	ssh-askpass-gnome_1:3.8.1p1-8.sarge.6_mips.deb