Date: Tue, 12 Mar 2002 14:48:40 -0800
From: security@caldera.com
To: bugtraq@securityfocus.com, announce@lists.caldera.com,
Subject: Security Update: [CSSA-2002-SCO.10] OpenServer: OpenSSH channel code vulnerability
--v9Ux+11Zm5mwPlX6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.=
on.ca
___________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: OpenServer: OpenSSH channel code vulnerability
Advisory number: CSSA-2002-SCO.10
Issue date: 2002 March 12
Cross reference:
___________________________________________________________________________
1. Problem Description
A bug exists in the channel code of OpenSSH versions 2.0
though 3.0.2.
Existing users can use this bug to gain root privileges. The
ability to exploit this vulnerability without an existing user
account has not yet been proven, but it is considered
possible. A malicious ssh server could also use this bug to
exploit a connecting vulnerable client.
=09
2. Vulnerable Supported Versions
Operating System Version Affected Files
------------------------------------------------------------------
OpenServer <=3D 5.0.6a all ssh distribution files
3. Workaround
None.
4. OpenServer
4.1 Location of Fixed Binaries
ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/
4.2 Verification
MD5 (openssh-3.1p1-VOLS.tar) =3D 8e99c00aa99c12b48cc4fcc4578c9923
md5 is available for download from
ftp://stage.caldera.com/pub/security/tools/
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following commands:
Download openssh-3.1p1-VOLS.tar to the /tmp directory
# cd /tmp
# tar xvf openssh-3.1p1-VOLS.tar
Run the custom command, specify an install from media images,
and specify the /tmp directory as the location of the images.
5. References
http://www.pine.nl/advisories/pine-cert-20020301.txt
This and other advisories are located at
http://stage.caldera.com/support/security
This advisory addresses Caldera Security internal incidents
sr861336, fz520315, erg711984.
6. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.
7. Acknowledgements
Joost Pol <joost@pine.nl> discovered and researched this
vulnerability.
___________________________________________________________________________
--v9Ux+11Zm5mwPlX6
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjyOhcgACgkQaqoBO7ipriH5/ACfRAi22aRXekt7b5V/NiiCe37w
sHYAnjDlVeIjPWx5Wh/gAsHxwK86zKX4
=g6L0
-----END PGP SIGNATURE-----
--v9Ux+11Zm5mwPlX6--
