LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-16-2003, 01:29 PM   #1
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,564
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
OpenSSH-3.7 released (fixes Buffer Management bug)


OpenSSH 3.7 released September 16, 2003.
OpenSSH 3.7 and newer are not vulnerable to "September 16, 2003: OpenSSH Buffer Management bug", OpenSSH Security Advisory: http://www.openssh.com/txt/buffer.adv:

Subject: OpenSSH Security Advisory: buffer.adv
This is the 1st revision of the Advisory.
This document can be found at: http://www.openssh.com/txt/buffer.adv

1. Versions affected:
All versions of OpenSSH's sshd prior to 3.7 contain a buffer
management error. It is uncertain whether this error is
potentially exploitable, however, we prefer to see bugs
fixed proactively.

2. Solution:
Upgrade to OpenSSH 3.7 or apply the following patch.
 
Old 09-16-2003, 02:19 PM   #2
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,483

Rep: Reputation: 2635Reputation: 2635Reputation: 2635Reputation: 2635Reputation: 2635Reputation: 2635Reputation: 2635Reputation: 2635Reputation: 2635Reputation: 2635Reputation: 2635
Just wanted to note. An exploit for this *seems* to be in the wild so patch your systems ASAP!

--jeremy
 
Old 09-16-2003, 09:07 PM   #3
seabass55
Member
 
Registered: Jan 2003
Location: 127.0.0.1
Distribution: Fedora&Gentoo
Posts: 207

Rep: Reputation: 30
Since the OpenSSH 3.7 thread is closed....

3.7.1 has been released....3.7 doesn't fix all problems. Patch up!
 
Old 09-16-2003, 09:21 PM   #4
smazzux
LQ Newbie
 
Registered: Sep 2003
Location: Italy
Distribution: Slackware 9.1, RedHat 6.2, RedHat 8.0, Fedora Core 1, FreeBSD 5.0, Coyote Linux
Posts: 15

Rep: Reputation: 0
i've found that it double every backslash in my banner file..
older versions didn't
it's not a big prob, but quite annoying..
 
Old 09-16-2003, 11:32 PM   #5
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,483

Rep: Reputation: 2635Reputation: 2635Reputation: 2635Reputation: 2635Reputation: 2635Reputation: 2635Reputation: 2635Reputation: 2635Reputation: 2635Reputation: 2635Reputation: 2635
Another note. Seems 3.7 didn't fix the bug. Time to upgrade to 3.7.1!

Quote:
Subject: OpenSSH Security Advisory: buffer.adv

This is the 2nd revision of the Advisory.

This document can be found at: http://www.openssh.com/txt/buffer.adv

1. Versions affected:

All versions of OpenSSH's sshd prior to 3.7.1 contain buffer
management errors. It is uncertain whether these errors are
potentially exploitable, however, we prefer to see bugs
fixed proactively.

Other implementations sharing common origin may also have
these issues.

2. Solution:

Upgrade to OpenSSH 3.7.1 or apply the following patch.
http://www.openssh.com/txt/buffer.adv

--jeremy
 
Old 09-17-2003, 07:42 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,564
Blog Entries: 54

Original Poster
Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
//moderator.note: thread opened, merges.

ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/ChangeLog snippet says:
Code:
20030917
 - (djm) OpenBSD Sync
   - markus@cvs.openbsd.org 2003/09/16 21:02:40
     [buffer.c channels.c version.h]
     more malloc/fatal fixes; ok millert/deraadt; ghudson at MIT.EDU
 - (djm) Crank RPM spec versions
 - (djm) Release 3.7.1p1
Thread wrt fatal() see: Full-Disclosure.

Btw, did anyone notice clientside directive problems with "VerifyHostKeyDNS"?
 
Old 09-23-2003, 11:48 PM   #7
markng
LQ Newbie
 
Registered: Jan 2002
Posts: 19

Rep: Reputation: 0
Hi guys,

I tried to patch my Redhat 8.0 box with the rpms downloaded from Redhats site and I get this error.

----------------
warning: openssh-3.4p1-7.i386.rpm: V3 DSA signature: NOKEY, key ID db42a60e
error: Failed dependencies:
openssh = 3.4p1-2 is needed by (installed) openssh-clients-3.4p1-2
openssh = 3.4p1-2 is needed by (installed) openssh-server-3.4p1-2

---------------

I've already stopped sshd. What am I missing here? Any help is greatly appreciated.

Thanks
 
Old 09-24-2003, 12:41 AM   #8
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
I believe you need to upgrade all the ssh-related packages, not just ssh itself. Go to: https://rhn.redhat.com/errata/RHSA-2003-279.html and download all the rpms for your specific redhat distro. So you'll need:

openssh-3.4p1-7.i386.rpm
openssh-askpass-3.4p1-7.i386.rpm
openssh-askpass-gnome-3.4p1-7.i386.rpm
openssh-clients-3.4p1-7.i386.rpm
openssh-server-3.4p1-7.i386.rpm

That should solve your dependency problems.
 
Old 09-24-2003, 12:49 AM   #9
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Looks like the most recent openSSH patch has a potentially remotely exploitable bug as well. However, only OpenSSH versions 3.7p1 and 3.7.1p1 are vulnerable (patched Redhat versions are alright) and that's only if you have turned on PAM-based authentication. Read the advisory here:

http://www.securityfocus.com/archive/121/338617
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
firefox 1.0.2 bug-fix released rgiggs Slackware 13 03-25-2005 06:09 AM
Mandrake 10.1 MAJOR fixes released! GO GET EM'! Micro420 Mandriva 18 11-06-2004 01:47 AM
bug management package dukeinlondon Linux - Software 0 06-11-2004 09:02 AM
bug fixes bu&(^*%%* up system??? Zarik Linux - Newbie 0 02-26-2004 03:36 PM
OpenSSH ssh-agent problems. Bug? darklogik_org Slackware 2 02-10-2004 06:25 PM


All times are GMT -5. The time now is 06:23 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration