gstudios
March 7th, 2002, 09:10 PM
The text below is from - http://www.pine.nl/advisories/pine-cert-20020301.txt
Pine Internet Security Advisory
- -----------------------------------------------------------------------------
Advisory ID : PINE-CERT-20020301
Authors : Joost Pol <joost@pine.nl>
Issue date : 2002-03-07
Application : OpenSSH
Version(s) : All versions between 2.0 and 3.0.2
Platforms : multiple
Vendor informed : 20020304
Availability : http://www.pine.nl/advisories/pine-cert-20020301.txt
- -----------------------------------------------------------------------------
Synopsis
A bug exists in the channel code of OpenSSH versions 2.0 - 3.0.2
Users with an existing user account can abuse this bug to
gain root privileges. Exploitability without an existing
user account has not been proven but is not considered
impossible. A malicious ssh server could also use this bug
to exploit a connecting vulnerable client.
Impact
HIGH: Existing users will gain root privileges.
Description
Simple off by one error. Patch included.
Solution
The OpenSSH project will shortly release version 3.1.
Upgrading to this version is highly recommended.
This version will be made available at http://www.openssh.com
The FreeBSD port of OpenSSH has been updated to reflect the
patches as supplied in this document.
OpenSSH CVS has been updated, see
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ \
channels.c.diff?r1=1.170&r2=1.171
Or apply the attached patch as provided by PINE Internet:
http://www.pine.nl/advisories/pine-cert-20020301.patch
With that being said, you can download OpenSSH 3.1here (http://www.openssh.com/portable.html) the security hole is fixed in this release.
Pine Internet Security Advisory
- -----------------------------------------------------------------------------
Advisory ID : PINE-CERT-20020301
Authors : Joost Pol <joost@pine.nl>
Issue date : 2002-03-07
Application : OpenSSH
Version(s) : All versions between 2.0 and 3.0.2
Platforms : multiple
Vendor informed : 20020304
Availability : http://www.pine.nl/advisories/pine-cert-20020301.txt
- -----------------------------------------------------------------------------
Synopsis
A bug exists in the channel code of OpenSSH versions 2.0 - 3.0.2
Users with an existing user account can abuse this bug to
gain root privileges. Exploitability without an existing
user account has not been proven but is not considered
impossible. A malicious ssh server could also use this bug
to exploit a connecting vulnerable client.
Impact
HIGH: Existing users will gain root privileges.
Description
Simple off by one error. Patch included.
Solution
The OpenSSH project will shortly release version 3.1.
Upgrading to this version is highly recommended.
This version will be made available at http://www.openssh.com
The FreeBSD port of OpenSSH has been updated to reflect the
patches as supplied in this document.
OpenSSH CVS has been updated, see
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ \
channels.c.diff?r1=1.170&r2=1.171
Or apply the attached patch as provided by PINE Internet:
http://www.pine.nl/advisories/pine-cert-20020301.patch
With that being said, you can download OpenSSH 3.1here (http://www.openssh.com/portable.html) the security hole is fixed in this release.