OpenSSH Vulnerabilities: June 27

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

eddie5659

Thread Starter
Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,270
Hiya

There are two related vulnerabilities in the challenge response handling code in OpenSSH versions 2.3.1p1 through 3.3. They may allow a remote intruder to execute arbitrary code as the user running sshd (often root). The first vulnerability affects OpenSSH versions 2.9.9 through 3.3 that have the challenge response option enabled and that use SKEY or BSD_AUTH authentication. The second vulnerability affects PAM modules using interactive keyboard authentication in OpenSSH versions 2.3.1p1 through 3.3, regardless of the challenge response option setting. Additionally, a number of other possible security problems have been corrected in OpenSSH version 3.4.

Systems Affected

OpenSSH versions 2.3.1p1 through 3.3

http://www.cert.org/advisories/CA-2002-18.html

Regards

eddie
 

eddie5659

Thread Starter
Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,270
July 02, 2002: Added Juniper Networks vendor statement.
July 02, 2002: Added Unisphere vendor statement.
July 02, 2002: Added Sun Microsystems vendor statement.
July 02, 2002: Added FreeBSD vendor statement.
July 02, 2002: Added Apple Computer Inc statement.

http://www.cert.org/advisories/CA-2002-18.html

Regards

eddie
 

eddie5659

Thread Starter
Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,270
July 16, 2002: Updated FreeBSD vendor statement.
July 16, 2002: Updated Hewlett Packard vendor statement.
July 16, 2002: Updated Nortel Networks vendor statement.
July 16, 2002: Updated Compaq vendor statement.
July 17, 2002: Added F5 Networks vendor statement.
July 17, 2002: Added Slackware vendor statement.
July 17, 2002: Added Trustix vendor statement.
July 17, 2002: Added OpenPKG vendor statement.


http://www.cert.org/advisories/CA-2002-18.html

eddie
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top