OpenPKG Corporation → Security → Security Advisories

OpenPKG Security Advisory

OpenPKG-SA-2002.005

Publisher Name:          OpenPKG GmbH
Publisher Home:          http://openpkg.com/

Advisory Id (public):    OpenPKG-SA-2002.005
Advisory Type:           OpenPKG Security Advisory (SA)
Advisory Directory:      http://openpkg.com/go/OpenPKG-SA
Advisory Document:       http://openpkg.com/go/OpenPKG-SA-2002.005
Advisory Published:      2010-02-09 13:36 UTC

Issue Id (internal):     OpenPKG-SI-20020626.01
Issue First Created:     2002-06-26
Issue Last Modified:     2006-11-28
Issue Revision:          06


Subject Name:            OpenSSH
Subject Summary:         Secure Shell (SSH)
Subject Home:            http://www.openssh.com/
Subject Versions:        * <= 3.0.2p1

Vulnerability Id:        none
Vulnerability Scope:     global (not OpenPKG specific)

Attack Feasibility:      run-time
Attack Vector:           remote network
Attack Impact:           denial of service, privilege escalation

Description:
    According to an OpenSSH Security Advisory [5] and a corresponding
    Internet Security Systems (ISS) Security Advisory [6] there is a
    vulnerability within the "challenge-response" authentication mechanism
    in the OpenSSH daemon (sshd). This mechanism, part of the SSH2
    protocol, verifies a user's identity by generating a challenge and
    forcing the user to supply a number of responses. It is possible for
    a remote attacker to send a specially-crafted reply that triggers an
    overflow. This can result in a remote denial of service attack on the
    OpenSSH daemon or a complete remote compromise. The OpenSSH daemon
    runs with superuser privilege, so remote attackers can gain superuser
    access by exploiting this vulnerability.
    
    OpenSSH supports the SKEY and BSD_AUTH authentication options. These
    are compile-time options. At least one of these options must be
    enabled before the OpenSSH binaries are compiled for the vulnerable
    condition to be present. So OpenPKG's OpenSSH is *not* vulnerable
    by default, because the S/Key authentication option is disabled
    ("%define with_skey no") by default. But if users enabled this
    manually when building the OpenPKG "openssh" package, OpenPKG's
    OpenSSH is vulnerable,too.

References:
    [1] http://www.openpkg.org/security.html#signature
    [2] http://www.openpkg.org/tutorial.html#regular-source
    [3] ftp://ftp.openpkg.org/release/1.0/UPD/
    [4] ftp://ftp.openpkg.org/release/1.0/UPD/openssh-3.0.2p1-1.0.3.src.rpm
    [5] http://www.openssh.org/txt/preauth.adv
    [6] http://www.openssh.org/txt/iss.adv


Primary Package Name:    openssh
Primary Package Home:    http://openpkg.org/go/package/openssh

Affected Distribution:   Affected Branch:  Affected Package:
OpenPKG Community        1.0-SOLID         openssh-3.0.2p1-1.0.2

Corrected Distribution:  Corrected Branch: Corrected Package:
OpenPKG Community        1.0-SOLID         openssh-3.0.2p1-1.0.3

→ Plain Text Version

Latest Advisories:
2007.023 perl
2007.022 bind
2007.021 wordpress
2007.020 php
2007.019 php
2007.018 freetype
2007.017 ratbox
2007.016 gd
2007.015 quagga
2007.014 bind
→ more...

Validation: XHTML | CSS

Organisations
Products
- OpenPKG Community
- Features
- Technology Pitch
- Package Database
- Registration
  - Registration Overview
  - Registry Service
- Download
  - Download Policy
  - Download Service
- Sales
  - Request
Services
Security
Documentation
- Flyer
- Presentation
- Showcase
- Article
- Thesis
- Tutorial
- Packaging
- F.A.Q
Community
My OpenPKG