FW: [ISN] Fix Is In for OpenSSH Flaw

This seems to be on topic.
Guess there is something to be said for RPM :)
If I just make;install should it overwrite the old stuff without any
problems?  It's a pretty generic RH7.3 install.

> -----Original Message-----
> From: InfoSec News [mailto:isn@xxxxxxx]
> Sent: Thursday, June 27, 2002 3:03 AM
> To: isn@xxxxxxxxxxxxx
> Subject: [ISN] Fix Is In for OpenSSH Flaw 
> 
> 
> http://www.eweek.com/article2/0,3959,284460,00.asp
> 
> June 26, 2002 
> By Chris Gonsalves 
> 
> A vulnerability in a popular, free implementation of the Secure Shell 
> protocols that prompted a warning from the suite's developers 
> has been 
> quickly capped. 
> 
> The vulnerability in OpenSSH versions 2.9.9 through 3.3 was 
> the result 
> of an input validation error that enabled an integer overflow and 
> privilege escalation, according to developers. OpenSSH, a free set of 
> network connectivity tools developed by the OpenBSD Project, is 
> frequently used in place of telnet, rlogin and ftp access and comes 
> bundled with OpenBSD and many other Unix operating systems, including 
> the recently released Solaris 9. 
> 
> The vulnerability was first disclosed on the OpenSSH Web site 
> Tuesday, 
> with a warning that users should enable privilege separation features 
> and prepare to upgrade to OpenSSH 3.4 on Monday, July 1. The security 
> threat was detailed by Internet Security Systems researchers on 
> Wednesday morning, however, prompting an early release on the new SSH 
> suite. 
> 
> According to the ISS advisory, the vulnerability exists within the 
> "challenge-response" authentication mechanism in the OpenSSH 
> daemon or 
> sshd. 
> 
> "This mechanism, part of the SSH2 protocol, verifies a user's 
> identity 
> by generating a challenge and forcing the user to supply a number of 
> responses. It is possible for a remote attacker to send a 
> specially-crafted reply that triggers an overflow," ISS researchers 
> wrote. "This can result in a remote denial of service attack on the 
> OpenSSH daemon or a complete remote compromise. The OpenSSH daemon 
> runs with superuser privilege, so remote attackers can gain superuser 
> access by exploiting this vulnerability." 
> 
> ISS researchers said they are aware of active development efforts to 
> exploit the vulnerability. 
> 
> The OpenSSH advisory and patch is at www.openssh.org/txt/preauth.adv. 
> 
> The initial vulnerability disclosure came just days after the release 
> of the Version 3.3 of the SSH package. 
> 
> "We believe we have the information contained. It is after all in 
> 27,000 lines of code," developer Theo de Raadt, founder of 
> the OpenBSD 
> and OpenSSH projects said late Tuesday. "If it does leak out, or a 
> parallel discovery of it happens, we will be ready with an immediate 
> patch." 
> 
> Even before the latest vulnerability was disclosed, OpenSSH 
> developers 
> have consistently suggested that users employ the tool's privilege 
> separation feature. The feature safeguards against any corruption in 
> the sshd, which could lead to root compromise, according to OpenSSH 
> developers. 
> 
> OpenSSH encrypts all traffic, including passwords, to thwart 
> eavesdropping, connection hijacking and other network-level attacks, 
> according to developers. In addition, OpenSSH provides secure 
> tunneling capabilities and a variety of authentication methods. 
> 
> In addition to OpenBSD and FreeBSD, OpenSSH works with dozens of 
> operating systems including most flavors of Linux; NetBSD; Computone; 
> Stallion; MacOS X Version 10.1; HP Procurve Switch 4108GL and 
> 2524/2512; and IBM AIX. 
>  
> 
> 
> -
> ISN is currently hosted by Attrition.org
> 
> To unsubscribe email majordomo@xxxxxxxxxxxxx with 'unsubscribe isn'
> in the BODY of the mail.
> 


-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
-
Forwarded by the Webmin mailing list at webadmin-list@xxxxxxxxxxxxxxxxxxxxx
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-list