[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] SCOSA-2006.11 OpenServer 5.0.6 OpenServer 5.0.7 : OpenSSH Multiple Vulnerabilities

To: security-announce@xxxxxxxxxxxx
Subject: [Full-disclosure] SCOSA-2006.11 OpenServer 5.0.6 OpenServer 5.0.7 : OpenSSH Multiple Vulnerabilities
From: SCO Security Advisories <security@xxxxxxx>
Date: Wed, 15 Mar 2006 09:31:16 -0800

-- 
Dr. Ronald Joe Record
Chief Security Officer
SCO
rr@xxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenServer 5.0.6 OpenServer 5.0.7 : OpenSSH Multiple 
Vulnerabilities
Advisory number:        SCOSA-2006.11
Issue date:             2006 March 15
Cross reference:        fz529677 fz529833 fz532920 fz532977
                        CVE-2004-0175 CVE-2005-2666 CVE-2005-2797
______________________________________________________________________________


1. Problem Description

        A vulnerability has been reported in the OpenSSH scp
        utilities.  This issue may permit a malicious scp server
        to corrupt files on a client system when files are copied.
        
        SSH, as implemented in OpenSSH before 4.0 and possibly other
        implementations, stores hostnames, IP addresses, and keys in
        plaintext in the known_hosts file, which makes it easier for
        an attacker that has compromised an SSH user's account to
        generate a list of additional targets that are more likely
        to have the same password or key.
        
        OpenSSH 4.0, and other versions before 4.2, does not properly
        handle dynamic port forwarding ("-D" option) when a listen
        address is not provided, which may cause OpenSSH to enable
        the GatewayPorts functionality.
        
        Only the first 8 characters of a password are significant
        in OpenSSH on SCO OpenServer 5.

        The Common Vulnerabilities and Exposures project
        (cve.mitre.org) has assigned the names CVE-2004-0175,
        CVE-2005-2666, and CVE-2005-2797 to these issues.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        OpenServer 5.0.6        OpenSSH utilities and libraries
        OpenServer 5.0.7        OpenSSH utilities and libraries


3. Solution

        The proper solution is to install the latest packages.


4. OpenServer 5.0.6

        4.1 Location of Fixed Binaries

        
ftp://ftp.sco.com/pub/openserver5/opensrc/openssh-4.2p1/openssh42p1_vol.tar


        4.2 Verification

        MD5 (openssh42p1_vol.tar) = cb92de31f9a0b8dbd3dfd82b19bc1d57

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        4.3 Installing Fixed Binaries

        See:
        
ftp://ftp.sco.com/pub/openserver5/opensrc/openssh-4.2p1/openssh-4.2p1.txt


5. OpenServer 5.0.7

        5.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar


        5.2 Verification

        MD5 (osr507mp4_vol.tar) = 4c87d840ff5b43221258547d19030228

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        5.3 Installing Fixed Binaries

        See the SCO OpenServer Release 5.0.7 Maintenance Pack 4 Release
        and Installation Notes:

        ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm


6. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0175
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2666
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2797
                http://www.securityfocus.com/bid/9986 
                http://nms.csail.mit.edu/projects/ssh/ 
                http://www.eweek.com/article2/0,1759,1815795,00.asp 
                http://secunia.com/advisories/16686

        SCO security resources:
                http://www.sco.com/support/security/index.html

        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents fz529677 fz529833 fz532920
        fz532977.


7. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.


______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (UnixWare)

iD8DBQFEGE2eaqoBO7ipriERAth5AJ9dtCzhv+ySjWmLAnpyzKxxyFeqpgCeNjfn
I8/86fBWJWJYKMPkUMSNOXQ=
=xy6d
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: RE: [Full-disclosure] my first question
Next by Date: [Full-disclosure] SCOSA-2006.12 OpenServer 6.0.0 : OpenSSH Multiple Vulnerabilities
Previous by thread: [Full-disclosure] Secunia Research: Adobe Document/Graphics Server File URI Resource Access
Next by thread: [Full-disclosure] SCOSA-2006.12 OpenServer 6.0.0 : OpenSSH Multiple Vulnerabilities
Index(es):
- Date
- Thread