Author: JT Smith
Trustix: “A malicious local user can pass environment variables to the login process if the administrator enables the UseLogin option. This can be abused to bypass authentication and gain root access. Note that this option is not enabled by default on TSL.”
From: Trustix Secure Linux Advisor <tsl@trustix.com> To: tsl-announce@trustix.org Subject: TSLSA-2001-0030 - openssh Date: Thu, 20 Dec 2001 15:20:07 +0100 Cc: bugtraq@securityfocus.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2001-0030 Package name: OpenSSH Severity: Local root exploit if UseLogin option enabled Date: 2001-12-19 Affected versions: TSL 1.01, 1.1, 1.2, 1.5 - -------------------------------------------------------------------------- Problem description: A malicious local user can pass environment variables to the login process if the administrator enables the UseLogin option. This can be abused to bypass authentication and gain root access. Note that this option is not enabled by default on TSL. Action: We recommend that all systems with this package installed are upgraded. Location: All TSL updates are available from <URI:http://www.trustix.net/pub/Trustix/updates/> <URI:ftp://ftp.trustix.net/pub/Trustix/updates/> Automatic updates: Users of the SWUP tool, can enjoy having updates automatically installed using 'swup --upgrade'. Get SWUP from: <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/> Questions? Check out our mailing lists: <URI:http://www.trustix.net/support/> Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key available from: <URI:http://www.trustix.net/TSL-GPG-KEY> The advisory itself is available from the errata pages at <URI:http://www.trustix.net/errata/trustix-1.2/> and <URI:http://www.trustix.net/errata/trustix-1.5/> or directly at <URI:http://www.trustix.net/errata/misc/2001/TSL-2001-0030-openssh.asc.txt> MD5sums of the packages: - -------------------------------------------------------------------------- 71f9d80630a4c08f54aacfc49e0cfec7 ./1.5/SRPMS/openssh-3.0.2p1-1tr.src.rpm 55096b921e28b5af55785b8ba5535dc3 ./1.5/RPMS/openssh-server-3.0.2p1-1tr.i586.rpm 9b657aff2f8e0ac8fa5cbb46346bc72b ./1.5/RPMS/openssh-clients-3.0.2p1-1tr.i586.rpm 6bb5b4e99d2e413ad88bff4a4e551c8b ./1.5/RPMS/openssh-3.0.2p1-1tr.i586.rpm 71f9d80630a4c08f54aacfc49e0cfec7 ./1.2/SRPMS/openssh-3.0.2p1-1tr.src.rpm 16b64002dc47121a50eb744762db7f4b ./1.2/RPMS/openssh-server-3.0.2p1-1tr.i586.rpm e0abacbfe2eb860e75b9408873338953 ./1.2/RPMS/openssh-clients-3.0.2p1-1tr.i586.rpm 459b0715a16d4043211b1e4ad46acddf ./1.2/RPMS/openssh-3.0.2p1-1tr.i586.rpm 71f9d80630a4c08f54aacfc49e0cfec7 ./1.1/SRPMS/openssh-3.0.2p1-1tr.src.rpm 8dc43857ecc5af0fc9459639a3b9d5c8 ./1.1/RPMS/openssh-server-3.0.2p1-1tr.i586.rpm b611b85e0c30ecd5333ae30dd225d189 ./1.1/RPMS/openssh-clients-3.0.2p1-1tr.i586.rpm a40338ee7d06e2eb9d7c73e4787e7dd9 ./1.1/RPMS/openssh-3.0.2p1-1tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8Ic5zwRTcg4BxxS0RAqdzAJ4kgDeENg3rKItgELWGfaKtA3D0QgCfUn6M 6wmPHCmvdysGL4JYsN8vzaE= =M8lD -----END PGP SIGNATURE----- _______________________________________________ tsl-announce mailing list tsl-announce@trustix.org http://www.trustix.org/mailman/listinfo.cgi/tsl-announce
Category:
- Linux
