[LUGOS-SEC] OpenSSH vulnerable (again)

Ales Mustar alesh at domenca.com
Thu Jun 27 11:13:10 CEST 2002 

Paketi za Slackware so sedaj res na voljo (glej spodaj).

Vendar, če uporabiš ta paket na kernelu 2.2.x sshd crashne on connectu z
fatal mmap... v syslogu.
Več o tem na: http://bugzilla.mindrot.org/show_bug.cgi?id=259 zraven je
tudi patch za to.

Rešitev brez patcha je možna tako, da se v sshd_config doda oz. spremeni
vrstica "UsePrivilegeSeparation no".
Če je vklopljeno - torej na yes, sshd crashne..., če je ni, isto.

Upam, da bo komu pomagalo,
Aleš



        	Slackware-8.1 ChangeLog Notice.
The following additions have been made to The ChangeLog.txt
-------------------------------------------------------------------
New Entry:  Wed Jun 26 12:03:06 PDT 2002
New Entry:  patches/packages/openssh-3.4p1-i386-1.tgz:  Upgraded to
openssh-3.4p1.
New Entry:    This version enables privilege separation by default.  The
README.privsep file
New Entry:    says this about it:
New Entry:  
New Entry:       Privilege separation, or privsep, is method in OpenSSH
by which operations
New Entry:       that require root privilege are performed by a separate
privileged monitor
New Entry:       process.  Its purpose is to prevent privilege
escalation by containing
New Entry:       corruption to an unprivileged process.  More
information is available at:
New Entry:         http://www.citi.umich.edu/u/provos/ssh/privsep.html
New Entry:  
New Entry:    Note that ISS has released an advisory on OpenSSH (OpenSSH
Remote Challenge
New Entry:    Vulnerability).  Slackware is not affected by this issue,
as we have never
New Entry:    included AUTH_BSD, S/KEY, or PAM.  Unless at least one of
these options is
New Entry:    compiled into sshd, it is not vulnerable.  Further note
that none of these
New Entry:    options are turned on in a default build from source code,
so if you have
New Entry:    built sshd yourself you should not be vulnerable unless
you've enabled one
New Entry:    of these options.
New Entry:  
New Entry:    Regardless, the security provided by privsep is
unquestionably better.
New Entry:    This time we (Slackware) were lucky, but next time we
might not be.
New Entry:    Therefore we recommend that all sites running the OpenSSH
daemon (sshd,
New Entry:    enabled by default in Slackware 8.1) upgrade to this new
openssh package.
New Entry:    After upgrading the package, restart the daemon like this:
New Entry:  
New Entry:    /etc/rc.d/rc.sshd restart
New Entry:  
New Entry:    We would like to thank Theo and the rest of the OpenSSH
team for
New Entry:    their quick handling of this issue, Niels Provos and
Markus Friedl for
New Entry:    implementing privsep, and Solar Designer for working out
issues with
New Entry:    privsep on 2.2 Linux kernels.
New Entry:  ----------------------------


-----Original Message-----
From: Stojan Rancic [mailto:stojan at aufbix.org] 
Sent: Tuesday, June 25, 2002 12:57 PM
To: lugos-sec at lugos.si
Subject: [LUGOS-SEC] OpenSSH vulnerable (again)


Hojla lugos-sec,

  Za Debian in Slackware so ze prisli ven novi paketi, ostali vendorji
  zgleda se malo spijo.. skratka, 3.3 je zadnja, recommended in
  preferred version to use..

  http://www.debian.org/security/2002/dsa-134 .



                              GreetZ, Stojan
---------------
Difference between Jane Fonda & Bill Clinton? Jane went to Vietnam

More information about the lugos-sec mailing list