December 20, 2001

Trustix: OpenSSH vulnerability

Author: JT Smith

Trustix: "A malicious local user can pass environment variables to the login process if the administrator enables the UseLogin option. This can be abused to bypass authentication and gain root access. Note that this option is not enabled by default on TSL."
From:	 Trustix Secure Linux Advisor <tsl@trustix.com>
To:	 tsl-announce@trustix.org
Subject: TSLSA-2001-0030 - openssh
Date:	 Thu, 20 Dec 2001 15:20:07 +0100
Cc:	 bugtraq@securityfocus.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2001-0030

Package name:      OpenSSH
Severity:          Local root exploit if UseLogin option enabled
Date:              2001-12-19
Affected versions: TSL 1.01, 1.1, 1.2, 1.5

- --------------------------------------------------------------------------

Problem description:
  A malicious local user can pass environment variables to the login
  process if the administrator enables the UseLogin option.  This can
  be abused to bypass authentication and gain root access.
  Note that this option is not enabled by default on TSL.


Action:
  We recommend that all systems with this package installed are upgraded.


Location:
  All TSL updates are available from
  <URI:http://www.trustix.net/pub/Trustix/updates/>
<URI:ftp://ftp.trustix.net/pub/Trustix/updates/>


Automatic updates:
  Users of the SWUP tool, can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Get SWUP from:
  <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.net/support/>


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key available from:
  <URI:http://www.trustix.net/TSL-GPG-KEY>

The advisory itself is available from the errata pages at
  <URI:http://www.trustix.net/errata/trustix-1.2/> and
  <URI:http://www.trustix.net/errata/trustix-1.5/>
or directly at
  <URI:http://www.trustix.net/errata/misc/2001/TSL-2001-0030-openssh.asc.txt>

MD5sums of the packages:
- --------------------------------------------------------------------------
71f9d80630a4c08f54aacfc49e0cfec7  ./1.5/SRPMS/openssh-3.0.2p1-1tr.src.rpm
55096b921e28b5af55785b8ba5535dc3  ./1.5/RPMS/openssh-server-3.0.2p1-1tr.i586.rpm
9b657aff2f8e0ac8fa5cbb46346bc72b  ./1.5/RPMS/openssh-clients-3.0.2p1-1tr.i586.rpm
6bb5b4e99d2e413ad88bff4a4e551c8b  ./1.5/RPMS/openssh-3.0.2p1-1tr.i586.rpm
71f9d80630a4c08f54aacfc49e0cfec7  ./1.2/SRPMS/openssh-3.0.2p1-1tr.src.rpm
16b64002dc47121a50eb744762db7f4b  ./1.2/RPMS/openssh-server-3.0.2p1-1tr.i586.rpm
e0abacbfe2eb860e75b9408873338953  ./1.2/RPMS/openssh-clients-3.0.2p1-1tr.i586.rpm
459b0715a16d4043211b1e4ad46acddf  ./1.2/RPMS/openssh-3.0.2p1-1tr.i586.rpm
71f9d80630a4c08f54aacfc49e0cfec7  ./1.1/SRPMS/openssh-3.0.2p1-1tr.src.rpm
8dc43857ecc5af0fc9459639a3b9d5c8  ./1.1/RPMS/openssh-server-3.0.2p1-1tr.i586.rpm
b611b85e0c30ecd5333ae30dd225d189  ./1.1/RPMS/openssh-clients-3.0.2p1-1tr.i586.rpm
a40338ee7d06e2eb9d7c73e4787e7dd9  ./1.1/RPMS/openssh-3.0.2p1-1tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8Ic5zwRTcg4BxxS0RAqdzAJ4kgDeENg3rKItgELWGfaKtA3D0QgCfUn6M
6wmPHCmvdysGL4JYsN8vzaE=
=M8lD
-----END PGP SIGNATURE-----

_______________________________________________
tsl-announce mailing list
tsl-announce@trustix.org
http://www.trustix.org/mailman/listinfo.cgi/tsl-announce

Category:

  • Linux
Click Here!