OpenSSH Remote Vulnerability Roundup
by Berislav Kucan - updated on 3 July 2002 with: Compaq Security Bulletin, revised Mandrake Linux and SuSE Linux advisories, new EnGarde Secure Linux advisory and OpenSSH kbd-interactive Buffer Overflow
Neither S/Key or BSDAUTH were enabled in previous RPMs released by SuSE (i.e. the OpenSSH 2.9.9p2 RPMs previously released on March 6, and the OpenSSH 3.0.2p1 RPMs released with SuSE Linux 8.0). Support for interactive keyboard mode is compiled in, and is off by default in recent RPMs. However, it can be enabled by the administrator.

Which means that, in the default configuration, SuSE Linux users are not affected by this vulnerability.

We will release another set of RPMs that fix this vulnerability soon.



03.07.2002 - OpenSSH kbd-interactive Buffer Overflow
by Global InterSec Research
Advisory: http://www.net-security.org/vuln.php?id=1839

It is the current belief of many that exploiting the recently disclosed vulnerabilities in OpenSSH's challenge-response routines is reliant upon a system's use of BSD's authentication mechanisms and therefore restricts the platforms on which this vulnerability may be exploited.

This is almost certainly due to various advisories posted to various fora by unnamed security companies.

Although it is widely known that all systems running versions of OpenSSH prior to 3.4 are affected by this vulnerability, many vendors have deemed their platforms invulnerable to exploitation.

In spite of this, our research has proven multiple platforms originally thought to be invulnerable to attack to be vulnerable.



Few vendors released security advisories that deal with this problem:

EnGarde Secure Linux Advisory - openssh introduce privilege separation into sshd
http://www.net-security.org/advisory.php?id=802

SuSE Security Announcement - openssh
http://www.net-security.org/advisory.php?id=803

SuSE Security Announcement - openssh (update)
http://www.net-security.org/advisory.php?id=833

Conectiva Linux Security Advisory - openssh
http://www.net-security.org/advisory.php?id=804

Debian Security Advisory - ssh
http://www.net-security.org/advisory.php?id=805

Debian Security Advisory - ssh (update 1)
http://www.net-security.org/advisory.php?id=806

Debian Security Advisory - ssh (update 2)
http://www.net-security.org/advisory.php?id=807

Debian Security Advisory - ssh (update 3)
http://www.net-security.org/advisory.php?id=811

Mandrake Linux Security Advisory - openssh
http://www.net-security.org/advisory.php?id=808

Mandrake Linux Security Advisory - openssh (update)
http://www.net-security.org/advisory.php?id=836

Conectiva Linux Security Advisory - openssh
http://www.net-security.org/advisory.php?id=813

Trustix Security Advisory - openssh
http://www.net-security.org/advisory.php?id=814

Caldera Security Advisory - OpenSSH Vulnerabilities in Challenge Response Handling
http://www.net-security.org/advisory.php?id=817

Red Hat Security Advisory - Updated OpenSSH packages fix various security issues
http://www.net-security.org/advisory.php?id=821

NetBSD Security Advisory - OpenSSH protocol version 2 challenge-response authentication vulnerability
http://www.net-security.org/advisory.php?id=823

CERT Advisory CA-2002-18 - OpenSSH Vulnerabilities in Challenge Response

Spotlight

Almost 1 in 10 Android apps are now malware

Posted on 28 July 2014.  |  Cheetah Mobile Threat Research Labs analyzed trends in mobile viruses for Q1 and Q2 of 2014. Pulling 24.4 million sample files they found that 2.2 million files had viruses. This is a 153% increase from the number of infected files in 2013.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //