Operating System:

Published:

22 September 2003

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----

===========================================================================
             AUSCERT External Security Bulletin Redistribution

   ESB-2003.0661 -- Two Debian Security Advisories DSA-383-1, DSA-383-2
                       OpenSSH buffer management fix
                             22 September 2003

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:                ssh-krb5
Publisher:              Debian
Operating System:       Debian GNU/Linux 3.0
                        Linux
                        UNIX
Impact:                 Denial of Service
Access Required:        Remote
CVE Names:              CAN-2003-0693, CAN-2003-0695

Ref:                    AL-2003.16

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ------------------------------------------------------------------------
Debian Security Advisory DSA-383-1                   security@debian.org
http://www.debian.org/security/                         Wichert Akkerman
September 17, 2003
- - ------------------------------------------------------------------------


Package        : ssh-krb5
Vulnerability  : buffer handling
Problem type   : possible remote
Debian-specific: no
CVS references : CAN-2003-0693 CAN-2003-0695

Several bugs have been found in OpenSSH's buffer handling. It is not
known if these bugs are exploitable, but as a precaution an upgrade is
advised.

For the Debian stable distribution these bugs have been fixed in version
1:3.4p1-0woody3 .


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1.orig.tar.gz
      Size/MD5 checksum:   837668 459c1d0262e939d6432f193c7a4ba8a8
    http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1-0woody3.diff.gz
      Size/MD5 checksum:   120256 101711fd74f01e6e670c334752cafe44
    http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1-0woody3.dsc
      Size/MD5 checksum:      822 e39ebe0e44ae1998d5c47ddb45d6dbe8

  alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody3_alpha.deb
      Size/MD5 checksum:   888466 dd124b4ce632d30f00eed9409ea5b42a

  arm architecture (ARM)

    http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody3_arm.deb
      Size/MD5 checksum:   687666 9cc220113aadc19c647fb65f5f0d998b

  hppa architecture (HP PA RISC)

    http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody3_hppa.deb
      Size/MD5 checksum:   789256 a5bbdfbea796a3e2d6b979622466ab63

  i386 architecture (Intel ia32)

    http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody3_i386.deb
      Size/MD5 checksum:   671568 faa1fa7949a7cce9388057a485d98dc5

  ia64 architecture (Intel ia64)

    http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody3_ia64.deb
      Size/MD5 checksum:  1049956 51e568695ef150e6049e7b5b42d23891

  mipsel architecture (MIPS (Little Endian))

    http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody3_mipsel.deb
      Size/MD5 checksum:   759494 0aeeb07fe815b8a0e36e5ded2763d1ab

  powerpc architecture (PowerPC)

    http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody3_powerpc.deb
      Size/MD5 checksum:   711472 cf3efec05458df632179302cd78032f0

  s390 architecture (IBM S/390)

    http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody3_s390.deb
      Size/MD5 checksum:   749046 93cc4a83d9b3afded11ccc1a6a62d127

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody3_sparc.deb
      Size/MD5 checksum:   694616 b56ebfa782eb8645e34058facd3e9ca5
- - -- 
- - ----------------------------------------------------------------------------
Debian Security team <team@security.debian.org>
http://www.debian.org/security/
Mailing-List: debian-security-announce@lists.debian.org

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/aICCPLiSUC+jvC0RAs8CAJ4ibM/vFpJQu+O6IHry1yx113uM+gCfSK/S
JfZ0Fqf8SmCaOQJe0MkHr2c=
=AtV1
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ------------------------------------------------------------------------
Debian Security Advisory DSA-383-2                   security@debian.org
http://www.debian.org/security/                         Wichert Akkerman
September 21, 2003
- - ------------------------------------------------------------------------


Package        : ssh-krb5
Vulnerability  : buffer handling
Problem type   : possible remote
Debian-specific: no
CVE references : CAN-2003-0693 CAN-2003-0695 CAN-2003-0682

This advisory is an addition to the earlier DSA-383-1 advisory: Solar
Designer found four more bugs in OpenSSH that may be exploitable.

For the Debian stable distribution these bugs have been fixed in version
1:3.4p1-0woody4 .


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1-0woody4.dsc
      Size/MD5 checksum:     1357 d7f2f4b66a60aec2636aaa131a04ea86
    http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1.orig.tar.gz
      Size/MD5 checksum:   837668 459c1d0262e939d6432f193c7a4ba8a8
    http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1-0woody4.diff.gz
      Size/MD5 checksum:   120639 8c57caab816733519f2e764ff824ea2d

  alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_alpha.deb
      Size/MD5 checksum:   888572 addc35a6bc52711c42ae8a1e3cf86577

  arm architecture (ARM)

    http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_arm.deb
      Size/MD5 checksum:   687794 c1143d02c214f8cfe4bd60ef6b8aaac5

  hppa architecture (HP PA RISC)

    http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_hppa.deb
      Size/MD5 checksum:   789374 2bdbe110e4df220c91c927b06116c8ea

  i386 architecture (Intel ia32)

    http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_i386.deb
      Size/MD5 checksum:   671778 a4fe8e3f4de7c6a8048ec123f637838f

  ia64 architecture (Intel ia64)

    http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_ia64.deb
      Size/MD5 checksum:  1049908 c420b72bc0c9a5f6c6d9b658291b7dc5

  m68k architecture (Motorola Mc680x0)

    http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_m68k.deb
      Size/MD5 checksum:   640920 b1df32262d6fb5cd7a1eca52c66e412f

  mips architecture (MIPS (Big Endian))

    http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_mips.deb
      Size/MD5 checksum:   762850 211c9d9c0385314d49039ce8e651ea61

  powerpc architecture (PowerPC)

    http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_powerpc.deb
      Size/MD5 checksum:   711568 83acd76f1dd01ad7bba04f83e84e7b0e

  s390 architecture (IBM S/390)

    http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_s390.deb
      Size/MD5 checksum:   749104 e88e2b9601a057e9f45c6517b77701f7

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_sparc.deb
      Size/MD5 checksum:   694636 9cf84d70e306be2f4f94a86b8d41c857
- - -- 
- - ----------------------------------------------------------------------------
Debian Security team <team@security.debian.org>
http://www.debian.org/security/
Mailing-List: debian-security-announce@lists.debian.org

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/bfZrPLiSUC+jvC0RAjcUAKCDoLyZ7u5kzPDbKcyDR/Ic7XVKaQCgl9qQ
CBxj8Nr6AgjdI0pW0CoDM18=
=YvpS
- -----END PGP SIGNATURE-----


- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business 
                hours which are GMT+10:00 (AEST).  On call after hours 
                for member emergencies only.
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBP25JaCh9+71yA2DNAQGXOAQAhLY3Fb853kwvVIX583CFIB/qKCgAcEnX
GU4saTdK1GuVAm013EKAmAZPxyLhSPS+TJz/HmjXdzqMFaAf4jOcUbNof196hq5O
IJPXwnnrQT7F2WQUrQm4qPm7zcwnBZyuaD2tF1g0gN+kE+Mu5BrEQddcq2yIVss8
xwd8SJ01Lzw=
=ds5h
-----END PGP SIGNATURE-----