[ASCII] (forw) [PINE-CERT-20020301] OpenSSH off-by-one

Alexander Stielau admins@buug.de
Thu, 7 Mar 2002 18:45:00 +0100 

--gE7i1rD7pdK0Ng3j
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Wegen des angeh=E4ngten SSH-Problems ist bis voraussichtlich morgen,
Freitag, 14:00 Uhr kein allgemeiner SSH-Zugang auf coredump.buug.de (dem
Buug-Rechner) m=F6glich.

Gr=FC=DFe,
Aleks

----- Forwarded message from Joost Pol <joost@pine.nl> -----

From: Joost Pol <joost@pine.nl>
To: bugtraq@securityfocus.com
Cc: vulnwatch@vulnwatch.org
Subject: [PINE-CERT-20020301] OpenSSH off-by-one
Date: Thu, 7 Mar 2002 13:25:20 +0000
Message-ID: <20020307132520.A5010@badcoding.org>
User-Agent: Mutt/1.2.5i

See attached advisory.

--=20
Joost Pol alias 'Nohican' <joost@pine.nl> PGP 584619BD
PGP fingerprint B1FA EE66 CFAA A492 D5F8 9A8A 0CDA D2CA 5846 19BD
PINE Internet BV - Tel +31-50-5731111 - Fax +31-70-3111011

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------=
----
 Pine Internet Security Advisory
- -------------------------------------------------------------------------=
----
 Advisory ID       : PINE-CERT-20020301
 Authors           : Joost Pol <joost@pine.nl>
 Issue date        : 2002-03-07
 Application       : OpenSSH
 Version(s)        : All versions between 2.0 and 3.0.2
 Platforms         : multiple
 Vendor informed   : 20020304
 Availability      : http://www.pine.nl/advisories/pine-cert-20020301.txt
- -------------------------------------------------------------------------=
----

Synopsis

        A bug exists in the channel code of OpenSSH versions 2.0 - 3.0.2

        Users with an existing user account can abuse this bug to
        gain root privileges. Exploitability without an existing
        user account has not been proven but is not considered
        impossible. A malicious ssh server could also use this bug=20
	to exploit a connecting vulnerable client.

Impact

        HIGH: Existing users will gain root privileges.

Description

        Simple off by one error. Patch included.

Solution

        The OpenSSH project will shortly release version 3.1.=20
=09
	Upgrading to this version is highly recommended.=20

	This version will be made available at http://www.openssh.com

	The FreeBSD port of OpenSSH has been updated to reflect the=20
	patches as supplied in this document.

	OpenSSH CVS has been updated, see
=09
	http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ \
	channels.c.diff?r1=3D1.170&r2=3D1.171

	Or apply the attached patch as provided by PINE Internet:

	http://www.pine.nl/advisories/pine-cert-20020301.patch


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjyHaKkACgkQDNrSylhGGb3p2ACfXZu3WShzGT4Mp/LgwA6AZStu
rtkAn3O83WzyNijdJ9+9OwLJxUcVj4Ld
=3Dj+Hz
-----END PGP SIGNATURE-----


----- End forwarded message -----

--=20
Alexander Stielau          Linux Information Systems AG
System Engineer            Fon +49 (0)30 72 62 38-19        Ehrenbergstr. 19
A.Stielau@Linux-AG.com     Fax +49 (0)30 72 62 38-99        D-10245 Berlin
Linux is our Business. ____________________________________ www.Linux-AG.co=
m __

Linux-Trainings bundesweit - Termine unter http://www.linux-ag.com/training

--gE7i1rD7pdK0Ng3j
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE8h6cbRHJT9Ar9DKgRAmb7AJ0WoqEI+12t+NMHKElMwaMuZqIfqgCgndWe
/wMJZYDEylZ1UReQ5ti+wqM=
=psF8
-----END PGP SIGNATURE-----

--gE7i1rD7pdK0Ng3j--