[ale] OpenSSH root vulnerability

Glenn C. Lasher Jr. glasher at nycap.rr.com
Sun Mar 10 11:24:48 EST 2002 


Thanks for posting this.  I saw it on /. also, but I didn't think to act
on it when I saw it.  I have now upgraded all of my machines to 3.1.

Thanks again.

On Thu, 7 Mar 2002, Transam wrote:

> Recent versions of OpenSSH -- including the newest -- have a just reported
> vulnerability that allow local users to make themselves root.  If one uses
> OpenSSH to connect into a malevolent or compromised SSH server then root
> access to the client system can be gained as well.  The possibility of
> a remote root vulnerability on any OpenSSH server system has not been
> ruled out.
>
> If you are not sure what version of SSH you are using and you are running
> on the server side, just do
>
>      telnet yourself.com 22
>
> If you see
>
>      SSH-1.99-OpenSSH_2.9p2
>
> or anything similar that includes "OpenSSH" then you are in danger.
>
> On the client side you can do
>
>      ssh -V
>
> Either of these techniques also are supported for the non-Open version too.
>
> Consider using /etc/hosts.allow or IP Chains or IP Tables to limit
> access to your SSH server  to trusted systems or simply turn off the
> server if not needed.  Frankly, the Open version of SSH has suffered
> a lot of serious security vulnerabilities in the past 18 months or so
> and I must recommend against it in favor of the commercial version at
> http://www.ssh.com.  Note that this latter version is free on Linux and
> they were the people who created SSH.  They also have a nifty GUI-based
> Windows and Mac client that I am told is rather nice and only USD 99.
>
> This problem has been patched in OpenSSH 3.1, which has been released
> today (March 7, 2002).  It appears that neither Red Hat nor Slackware
> have yet integrated this patch into their trees.
>
>
> * Flaw weakens Linux security software
> March 1st, 2002
>
> Programmers have found a vulnerability in Linux that could allow
> protective firewall software to grant malicious computer users access to
> protected networks. The flaw, which affects versions 2.4.14 through
> 2.4.18-pre9 of the Linux kernel, is in a component of the Netfilter
> firewall software.
>
> http://www.linuxsecurity.com/articles/firewalls_article-4527.html
>
>
> A Datamation Magazine survey of IT execs & SysAdmins picks the best
> software and hardware.  This mag is not specific to any platform or
> hardware.  The best product of 2001 was RH 7.2 as a Desktop.  No
> Microsoft product even made the list.  Point this out to your higher
> ups and associates:
>
> http://Security.ITtoolbox.com/browse.asp?c=SecurityNews&r=/news/dispnews.asp?i=65198
>
>
> Bob Toxen
> transam at cavu.com                       [Bob's ALE Bulk email]
> bob at cavu.com                           [Please use for email to me]
> http://www.cavu.com                    [Network&Linux/Unix security consulting]
> http://www.realworldlinuxsecurity.com/ [My 5* book:"Real World Linux Security"]
> http://www.cavu.com/sunset.html        [Sunset Computer]
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> sent to listmaster at ale dot org.
>

glasher at nycap.rr.com
You've been programmed by the Illuminati not to see the word "".


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list