OpenSSH Remote Vulnerability Roundup
by Berislav Kucan - updated on 3 July 2002 with: Compaq Security Bulletin, revised Mandrake Linux and SuSE Linux advisories, new EnGarde Secure Linux advisory and OpenSSH kbd-interactive Buffer Overflow
Neither S/Key or BSDAUTH were enabled in previous RPMs released by SuSE (i.e. the OpenSSH 2.9.9p2 RPMs previously released on March 6, and the OpenSSH 3.0.2p1 RPMs released with SuSE Linux 8.0). Support for interactive keyboard mode is compiled in, and is off by default in recent RPMs. However, it can be enabled by the administrator.

Which means that, in the default configuration, SuSE Linux users are not affected by this vulnerability.

We will release another set of RPMs that fix this vulnerability soon.

03.07.2002 - OpenSSH kbd-interactive Buffer Overflow
by Global InterSec Research

It is the current belief of many that exploiting the recently disclosed vulnerabilities in OpenSSH's challenge-response routines is reliant upon a system's use of BSD's authentication mechanisms and therefore restricts the platforms on which this vulnerability may be exploited.

This is almost certainly due to various advisories posted to various fora by unnamed security companies.

Although it is widely known that all systems running versions of OpenSSH prior to 3.4 are affected by this vulnerability, many vendors have deemed their platforms invulnerable to exploitation.

In spite of this, our research has proven multiple platforms originally thought to be invulnerable to attack to be vulnerable.

Few vendors released security advisories that deal with this problem:

EnGarde Secure Linux Advisory - openssh introduce privilege separation into sshd

SuSE Security Announcement - openssh

SuSE Security Announcement - openssh (update)

Conectiva Linux Security Advisory - openssh

Debian Security Advisory - ssh

Debian Security Advisory - ssh (update 1)

Debian Security Advisory - ssh (update 2)

Debian Security Advisory - ssh (update 3)

Mandrake Linux Security Advisory - openssh

Mandrake Linux Security Advisory - openssh (update)

Conectiva Linux Security Advisory - openssh

Trustix Security Advisory - openssh

Caldera Security Advisory - OpenSSH Vulnerabilities in Challenge Response Handling

Red Hat Security Advisory - Updated OpenSSH packages fix various security issues

NetBSD Security Advisory - OpenSSH protocol version 2 challenge-response authentication vulnerability

CERT Advisory CA-2002-18 - OpenSSH Vulnerabilities in Challenge Response


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th