[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] openssh pubkey bug

To: linux-security
Subject: [linux-security] openssh pubkey bug
From: Martin Siegert <siegert@sfu.ca>
Date: Fri, 19 Oct 2001 12:48:37 -0700
User-Agent: Mutt/1.2.5i

Topic
=====
access restrictions can be bypassed in openssh.

Problem Description
===================
In some circumstances, the sshd server may not honor the "from=" option
that can be associated with a key in a user's ~/.ssh/authorized_keys2
file if multiple keys are listed.  This could allow key-based logins
from hosts which should not be allowed access.

Affected Versions
=================
OpenSSH versions 2.5.x <= version < 2.9.9
if using 'from=' key file option in combination with
both RSA and DSA keys in ~/.ssh/authorized_keys2.

Solution
========
Upgrade to version openssh-2.9.9

RedHat 6.x
----------
RedHat 6.x did not come with openssh. If you installed rpms provided at
the openssh web site (www.openssh.com) or on sphinx in SFU's contrib directory
for RedHat 6.2 (/vol/vol1/distrib/redhat/6.2/contrib), then your are
almost certainly affected by this bug. New rpms have been provided on
sphinx (these are rpms compiled for RH 6.2 that are equivalent to the
RH 7.1 rpms (see below) that contain the patch). I would appreciate 
if you would send me an email if you have problems with these rpms.
Assuming that you have mounted the sphinx distribution at /mnt/redhat, e.g.,

mount -t nfs sphinx.sfu.ca:/vol/vol1/distrib/redhat/6.2 /mnt/redhat

you can install those rpms in the following way:

cd /mnt/redhat/contrib
rpm -Fvh openssh-2.9p2-8.6.x.i386.rpm \
         openssh-clients-2.9p2-8.6.x.i386.rpm \
         openssh-server-2.9p2-8.6.x.i386.rpm \
         openssh-askpass-2.9p2-8.6.x.i386.rpm \
         openssh-askpass-gnome-2.9p2-8.6.x.i386.rpm

RedHat 7.x
----------
rpm -Fvh openssh-2.9p2-8.7.i386.rpm \
         openssh-clients-2.9p2-8.7.i386.rpm \
         openssh-server-2.9p2-8.7.i386.rpm \
         openssh-askpass-2.9p2-8.7.i386.rpm \
         openssh-askpass-gnome-2.9p2-8.7.i386.rpm

Mandrake 7.1
------------
rpm -Fvh openssh-2.9.9p2-2.4mdk.i586.rpm \
         openssh-clients-2.9.9p2-2.4mdk.i586.rpm \
         openssh-server-2.9.9p2-2.4mdk.i586.rpm \
         openssh-askpass-2.9.9p2-2.4mdk.i586.rpm \
         openssh-askpass-gnome-2.9.9p2-2.4mdk.i586.rpm

Mandrake 7.2
------------
rpm -Fvh openssh-2.9.9p2-2.3mdk.i586.rpm \
         openssh-clients-2.9.9p2-2.3mdk.i586.rpm \
         openssh-server-2.9.9p2-2.3mdk.i586.rpm \
         openssh-askpass-2.9.9p2-2.3mdk.i586.rpm \
         openssh-askpass-gnome-2.9.9p2-2.3mdk.i586.rpm

Mandrake 8.0
------------
rpm -Fvh openssh-2.9.9p2-2.2mdk.i586.rpm \
         openssh-clients-2.9.9p2-2.2mdk.i586.rpm \
         openssh-server-2.9.9p2-2.2mdk.i586.rpm \
         openssh-askpass-2.9.9p2-2.2mdk.i586.rpm \
         openssh-askpass-gnome-2.9.9p2-2.2mdk.i586.rpm

Mandrake 8.1
------------
rpm -Fvh openssh-2.9.9p2-2.1mdk.i586.rpm \
         openssh-clients-2.9.9p2-2.1mdk.i586.rpm \
         openssh-server-2.9.9p2-2.1mdk.i586.rpm \
         openssh-askpass-2.9.9p2-2.1mdk.i586.rpm \
         openssh-askpass-gnome-2.9.9p2-2.1mdk.i586.rpm

Follow-Ups:
- Re: [linux-security] openssh pubkey bug
  - From: Martin Siegert <siegert@sfu.ca>

Prev by Date: [linux-security] updated version of check-rpms
Next by Date: Re: [linux-security] openssh pubkey bug
Prev by thread: Re: [linux-security] another local root exploit in the Linux kernel
Next by thread: Re: [linux-security] openssh pubkey bug
Index(es):
- Date
- Thread