OpenSSH Remote Vulnerability Roundup
by Berislav Kucan - updated on 3 July 2002 with: Compaq Security Bulletin, revised Mandrake Linux and SuSE Linux advisories, new EnGarde Secure Linux advisory and OpenSSH kbd-interactive Buffer Overflow
Neither S/Key or BSDAUTH were enabled in previous RPMs released by SuSE (i.e. the OpenSSH 2.9.9p2 RPMs previously released on March 6, and the OpenSSH 3.0.2p1 RPMs released with SuSE Linux 8.0). Support for interactive keyboard mode is compiled in, and is off by default in recent RPMs. However, it can be enabled by the administrator.

Which means that, in the default configuration, SuSE Linux users are not affected by this vulnerability.

We will release another set of RPMs that fix this vulnerability soon.



03.07.2002 - OpenSSH kbd-interactive Buffer Overflow
by Global InterSec Research
Advisory: http://www.net-security.org/vuln.php?id=1839

It is the current belief of many that exploiting the recently disclosed vulnerabilities in OpenSSH's challenge-response routines is reliant upon a system's use of BSD's authentication mechanisms and therefore restricts the platforms on which this vulnerability may be exploited.

This is almost certainly due to various advisories posted to various fora by unnamed security companies.

Although it is widely known that all systems running versions of OpenSSH prior to 3.4 are affected by this vulnerability, many vendors have deemed their platforms invulnerable to exploitation.

In spite of this, our research has proven multiple platforms originally thought to be invulnerable to attack to be vulnerable.



Few vendors released security advisories that deal with this problem:

EnGarde Secure Linux Advisory - openssh introduce privilege separation into sshd
http://www.net-security.org/advisory.php?id=802

SuSE Security Announcement - openssh
http://www.net-security.org/advisory.php?id=803

SuSE Security Announcement - openssh (update)
http://www.net-security.org/advisory.php?id=833

Conectiva Linux Security Advisory - openssh
http://www.net-security.org/advisory.php?id=804

Debian Security Advisory - ssh
http://www.net-security.org/advisory.php?id=805

Debian Security Advisory - ssh (update 1)
http://www.net-security.org/advisory.php?id=806

Debian Security Advisory - ssh (update 2)
http://www.net-security.org/advisory.php?id=807

Debian Security Advisory - ssh (update 3)
http://www.net-security.org/advisory.php?id=811

Mandrake Linux Security Advisory - openssh
http://www.net-security.org/advisory.php?id=808

Mandrake Linux Security Advisory - openssh (update)
http://www.net-security.org/advisory.php?id=836

Conectiva Linux Security Advisory - openssh
http://www.net-security.org/advisory.php?id=813

Trustix Security Advisory - openssh
http://www.net-security.org/advisory.php?id=814

Caldera Security Advisory - OpenSSH Vulnerabilities in Challenge Response Handling
http://www.net-security.org/advisory.php?id=817

Red Hat Security Advisory - Updated OpenSSH packages fix various security issues
http://www.net-security.org/advisory.php?id=821

NetBSD Security Advisory - OpenSSH protocol version 2 challenge-response authentication vulnerability
http://www.net-security.org/advisory.php?id=823

CERT Advisory CA-2002-18 - OpenSSH Vulnerabilities in Challenge Response

Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Sep 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //