Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2005.0753 -- RHSA-2005:550-01 Low: openssh security update 30 September 2005 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openssh Publisher: Red Hat Operating System: Red Hat Enterprise Linux AS/ES/WS 3 Red Hat Desktop 3 UNIX variants Impact: Denial of Service Access: Remote/Unauthenticated CVE Names: CAN-2004-2069 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-550.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: openssh security update Advisory ID: RHSA-2005:550-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-550.html Issue date: 2005-09-28 Updated on: 2005-09-28 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-2069 - - --------------------------------------------------------------------- 1. Summary: Updated openssh packages that fix a potential security vulnerability and various other bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This includes the core files necessary for both the OpenSSH client and server. A bug was found in the way the OpenSSH server handled the MaxStartups and LoginGraceTime configuration variables. A malicious user could connect to the SSH daemon in such a way that it would prevent additional logins from occuring until the malicious connections are closed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-2069 to this issue. Additionally, the following issues are resolved with this update: - - - The -q option of the ssh client did not suppress the banner message sent by the server, which caused errors when used in scripts. - - - The sshd daemon failed to close the client connection if multiple X clients were forwarded over the connection and the client session exited. - - - The sftp client leaked memory if used for extended periods. - - - The sshd daemon called the PAM functions incorrectly if the user was unknown on the system. All users of openssh should upgrade to these updated packages, which contain backported patches and resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 129289 - [PATCH] SSH -q flag does not suppress banner text 151080 - sftp over a persistent connection (days/weeks) develops a memory leak. 156996 - CAN-2004-2069 openssh DoS issue 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssh-3.6.1p2-33.30.6.src.rpm f514321c6f738324ef5aa4df64a6e1c2 openssh-3.6.1p2-33.30.6.src.rpm i386: 52e87b68f36f459088903be25e4dc9fd openssh-3.6.1p2-33.30.6.i386.rpm 4352bdb2f2c165818bb72723840bc96e openssh-askpass-3.6.1p2-33.30.6.i386.rpm bccb045b7834a86051d4be555034f048 openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm 4cda57abc7d85f321900d568a95c5480 openssh-clients-3.6.1p2-33.30.6.i386.rpm b807bb89e975f7c6afe6f8270d1d5357 openssh-server-3.6.1p2-33.30.6.i386.rpm ia64: 26481121cb896b726c8e891b801ef3d6 openssh-3.6.1p2-33.30.6.ia64.rpm 2f8aa489e8d9744cbafcd45730794395 openssh-askpass-3.6.1p2-33.30.6.ia64.rpm fbdd53c3bf2288409aa0687f3717ea5b openssh-askpass-gnome-3.6.1p2-33.30.6.ia64.rpm d60c195299c8e07e4c5e100f18e2145b openssh-clients-3.6.1p2-33.30.6.ia64.rpm a0b7c2e40c942f7996003b3d33dc7094 openssh-server-3.6.1p2-33.30.6.ia64.rpm ppc: 3e29708efad159fa8cc254662b6ff505 openssh-3.6.1p2-33.30.6.ppc.rpm 5c6363576c83399dfa948aa45d8f185e openssh-askpass-3.6.1p2-33.30.6.ppc.rpm bea38750538bd370e65406b5b1eabf33 openssh-askpass-gnome-3.6.1p2-33.30.6.ppc.rpm fc65f08b4c2e6ede36e0f7762140aa5c openssh-clients-3.6.1p2-33.30.6.ppc.rpm ddb0d4bbf471f2c9a60ac8d928a1733e openssh-server-3.6.1p2-33.30.6.ppc.rpm s390: a09e96711d0f9e6527193eb3a3660ce1 openssh-3.6.1p2-33.30.6.s390.rpm 8fde7e1acc7593ba0048836f88c9548f openssh-askpass-3.6.1p2-33.30.6.s390.rpm 35e1caa39539fbdd1bd38f17ad66103d openssh-askpass-gnome-3.6.1p2-33.30.6.s390.rpm c6f91623373358c892fcb36c7785d1c6 openssh-clients-3.6.1p2-33.30.6.s390.rpm d13ba0dee80f74ac42eb2594fb1582cd openssh-server-3.6.1p2-33.30.6.s390.rpm s390x: c953f6bebbffc2c5e888a4b59c4cee7a openssh-3.6.1p2-33.30.6.s390x.rpm 3938bf4cb26335f471f494fd455427a0 openssh-askpass-3.6.1p2-33.30.6.s390x.rpm 06561eab8bd1a67fec7747c9b4ace426 openssh-askpass-gnome-3.6.1p2-33.30.6.s390x.rpm 42df2d392e3741527b820edb6e7fe8c0 openssh-clients-3.6.1p2-33.30.6.s390x.rpm 2bc0b74d772c4fea91ba835b23e86fae openssh-server-3.6.1p2-33.30.6.s390x.rpm x86_64: 2778b91c7cb7735c4b60fac710a4e602 openssh-3.6.1p2-33.30.6.x86_64.rpm ed944f1bdecb361ee6cf8e9429ccbc52 openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm 252f1926456af7e2749fa34eafd91cec openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm 9d788669ff55c53e49e35e1f0919c0ce openssh-clients-3.6.1p2-33.30.6.x86_64.rpm 3552034cbb2d541408fe82faf821a42f openssh-server-3.6.1p2-33.30.6.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssh-3.6.1p2-33.30.6.src.rpm f514321c6f738324ef5aa4df64a6e1c2 openssh-3.6.1p2-33.30.6.src.rpm i386: 52e87b68f36f459088903be25e4dc9fd openssh-3.6.1p2-33.30.6.i386.rpm 4352bdb2f2c165818bb72723840bc96e openssh-askpass-3.6.1p2-33.30.6.i386.rpm bccb045b7834a86051d4be555034f048 openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm 4cda57abc7d85f321900d568a95c5480 openssh-clients-3.6.1p2-33.30.6.i386.rpm b807bb89e975f7c6afe6f8270d1d5357 openssh-server-3.6.1p2-33.30.6.i386.rpm x86_64: 2778b91c7cb7735c4b60fac710a4e602 openssh-3.6.1p2-33.30.6.x86_64.rpm ed944f1bdecb361ee6cf8e9429ccbc52 openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm 252f1926456af7e2749fa34eafd91cec openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm 9d788669ff55c53e49e35e1f0919c0ce openssh-clients-3.6.1p2-33.30.6.x86_64.rpm 3552034cbb2d541408fe82faf821a42f openssh-server-3.6.1p2-33.30.6.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssh-3.6.1p2-33.30.6.src.rpm f514321c6f738324ef5aa4df64a6e1c2 openssh-3.6.1p2-33.30.6.src.rpm i386: 52e87b68f36f459088903be25e4dc9fd openssh-3.6.1p2-33.30.6.i386.rpm 4352bdb2f2c165818bb72723840bc96e openssh-askpass-3.6.1p2-33.30.6.i386.rpm bccb045b7834a86051d4be555034f048 openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm 4cda57abc7d85f321900d568a95c5480 openssh-clients-3.6.1p2-33.30.6.i386.rpm b807bb89e975f7c6afe6f8270d1d5357 openssh-server-3.6.1p2-33.30.6.i386.rpm ia64: 26481121cb896b726c8e891b801ef3d6 openssh-3.6.1p2-33.30.6.ia64.rpm 2f8aa489e8d9744cbafcd45730794395 openssh-askpass-3.6.1p2-33.30.6.ia64.rpm fbdd53c3bf2288409aa0687f3717ea5b openssh-askpass-gnome-3.6.1p2-33.30.6.ia64.rpm d60c195299c8e07e4c5e100f18e2145b openssh-clients-3.6.1p2-33.30.6.ia64.rpm a0b7c2e40c942f7996003b3d33dc7094 openssh-server-3.6.1p2-33.30.6.ia64.rpm x86_64: 2778b91c7cb7735c4b60fac710a4e602 openssh-3.6.1p2-33.30.6.x86_64.rpm ed944f1bdecb361ee6cf8e9429ccbc52 openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm 252f1926456af7e2749fa34eafd91cec openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm 9d788669ff55c53e49e35e1f0919c0ce openssh-clients-3.6.1p2-33.30.6.x86_64.rpm 3552034cbb2d541408fe82faf821a42f openssh-server-3.6.1p2-33.30.6.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssh-3.6.1p2-33.30.6.src.rpm f514321c6f738324ef5aa4df64a6e1c2 openssh-3.6.1p2-33.30.6.src.rpm i386: 52e87b68f36f459088903be25e4dc9fd openssh-3.6.1p2-33.30.6.i386.rpm 4352bdb2f2c165818bb72723840bc96e openssh-askpass-3.6.1p2-33.30.6.i386.rpm bccb045b7834a86051d4be555034f048 openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm 4cda57abc7d85f321900d568a95c5480 openssh-clients-3.6.1p2-33.30.6.i386.rpm b807bb89e975f7c6afe6f8270d1d5357 openssh-server-3.6.1p2-33.30.6.i386.rpm ia64: 26481121cb896b726c8e891b801ef3d6 openssh-3.6.1p2-33.30.6.ia64.rpm 2f8aa489e8d9744cbafcd45730794395 openssh-askpass-3.6.1p2-33.30.6.ia64.rpm fbdd53c3bf2288409aa0687f3717ea5b openssh-askpass-gnome-3.6.1p2-33.30.6.ia64.rpm d60c195299c8e07e4c5e100f18e2145b openssh-clients-3.6.1p2-33.30.6.ia64.rpm a0b7c2e40c942f7996003b3d33dc7094 openssh-server-3.6.1p2-33.30.6.ia64.rpm x86_64: 2778b91c7cb7735c4b60fac710a4e602 openssh-3.6.1p2-33.30.6.x86_64.rpm ed944f1bdecb361ee6cf8e9429ccbc52 openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm 252f1926456af7e2749fa34eafd91cec openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm 9d788669ff55c53e49e35e1f0919c0ce openssh-clients-3.6.1p2-33.30.6.x86_64.rpm 3552034cbb2d541408fe82faf821a42f openssh-server-3.6.1p2-33.30.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2069 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDOrmeXlSAg2UNWIIRAuF5AJ4lKY89ZylrKmOfz6MPg76isA4TBgCfTgWH e1YnMwvvi28iiE9DO9zfGKc= =dqOJ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQzycOyh9+71yA2DNAQK0HQP7BJc/BheFspowwItkKnfxTrxqDma9ZxTy WLqekbijnMFpNsjDrnlwFtxbOkg/+AdoNeY0e23vH6J8rRaYoD6Ke2hOSmYpOBKV UmBYviYRAw0ojYcp2Mht0z1WzcGXUUDZkZa5gxJBVx08mNJHgUzHu3exc2TV7Ojg YLfnGpwkRus= =aUk2 -----END PGP SIGNATURE-----