Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2006.0169 -- [RedHat] Low: openssh security update 8 March 2006 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openssh Publisher: Red Hat Operating System: Red Hat Enterprise Linux AS/ES/WS 4 Red Hat Enterprise Linux Desktop 4 Impact: Execute Arbitrary Code/Commands Access: Existing Account CVE Names: CVE-2006-0225 Ref: ESB-2006.0094 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2006-0044.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: openssh security update Advisory ID: RHSA-2006:0044-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0044.html Issue date: 2006-03-07 Updated on: 2006-03-07 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-0225 - - --------------------------------------------------------------------- 1. Summary: Updated openssh packages that fix bugs in sshd and add auditing of user logins are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server. An arbitrary command execution flaw was discovered in the way scp copies files locally. It is possible for a local attacker to create a file with a carefully crafted name that could execute arbitrary commands as the user running scp to copy files locally. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-0225 to this issue. The following issue has also been fixed in this update: * If the sshd service was stopped using the sshd init script while the main sshd daemon was not running, the init script would kill other sshd processes, such as the running sessions. For example, this could happen when the 'service sshd stop' command was issued twice. Additionally, this update implements auditing of user logins through the system audit service. All users of openssh should upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 170466 - CVE-2006-0225 local to local copy uses shell expansion twice 170468 - init script kills all running sshd's if listening server is stopped 170568 - add audit message to sshd 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssh-3.9p1-8.RHEL4.12.src.rpm 2578e547e59c73fdca370de8e98c5503 openssh-3.9p1-8.RHEL4.12.src.rpm i386: 21757cc7559d10b6c0d129ad09f7457b openssh-3.9p1-8.RHEL4.12.i386.rpm d8f08434752602146534024a54d8597e openssh-askpass-3.9p1-8.RHEL4.12.i386.rpm 73f9af460966644a1996be486cbd2cfc openssh-askpass-gnome-3.9p1-8.RHEL4.12.i386.rpm d753e37401a9a8bc837232c8c04565fe openssh-clients-3.9p1-8.RHEL4.12.i386.rpm ed7c9a6d9dcdb8104da21f65fb318c8f openssh-server-3.9p1-8.RHEL4.12.i386.rpm ia64: 4e7aa26129bf1905d97faf99b8e116b4 openssh-3.9p1-8.RHEL4.12.ia64.rpm 9d66c16e57e3c21b3678dd12d1851f10 openssh-askpass-3.9p1-8.RHEL4.12.ia64.rpm 11ff74898dfe0ace6fc2f0ff5e89c24c openssh-askpass-gnome-3.9p1-8.RHEL4.12.ia64.rpm 70fc3a2a4b8f641203673b1f62282c33 openssh-clients-3.9p1-8.RHEL4.12.ia64.rpm de9c83fa4b93dea3f8d42b4df4fd569a openssh-server-3.9p1-8.RHEL4.12.ia64.rpm ppc: 46b6e719c56a74aa46e191c2f36999e3 openssh-3.9p1-8.RHEL4.12.ppc.rpm 7cd82332e39423ba4698875b31e43623 openssh-askpass-3.9p1-8.RHEL4.12.ppc.rpm 387227b69d7a1be97fa3368c84907f41 openssh-askpass-gnome-3.9p1-8.RHEL4.12.ppc.rpm 8e3c9db269da8a446baa6e0f61faf43c openssh-clients-3.9p1-8.RHEL4.12.ppc.rpm dd99de85e9e030b6624fb698e3775322 openssh-server-3.9p1-8.RHEL4.12.ppc.rpm s390: 6f17b04da53dd4deba4c6a43983e94af openssh-3.9p1-8.RHEL4.12.s390.rpm 48ef2ac4db2a7d9596de43f9dc27cdff openssh-askpass-3.9p1-8.RHEL4.12.s390.rpm 9a2d946cecb4fd484c769ebd54541b2e openssh-askpass-gnome-3.9p1-8.RHEL4.12.s390.rpm f9f5373f55575664a575caf776ffde43 openssh-clients-3.9p1-8.RHEL4.12.s390.rpm 6a79297b27544cc7fc7d971d5979fccd openssh-server-3.9p1-8.RHEL4.12.s390.rpm s390x: ca31fdbf5a061487d602174f9fe23f48 openssh-3.9p1-8.RHEL4.12.s390x.rpm cddba42d826ab7825058d1a07b0cee80 openssh-askpass-3.9p1-8.RHEL4.12.s390x.rpm eff616e124743dc63d2d9f3789f4da18 openssh-askpass-gnome-3.9p1-8.RHEL4.12.s390x.rpm 579853e1cd8415e7f24c4c477ea919e6 openssh-clients-3.9p1-8.RHEL4.12.s390x.rpm 0cd9686cdfa1f751fc7c39783fbf29ae openssh-server-3.9p1-8.RHEL4.12.s390x.rpm x86_64: 538abab594c138be17494e21eef0f8c0 openssh-3.9p1-8.RHEL4.12.x86_64.rpm 74fb1a3069203034430479b873e229e5 openssh-askpass-3.9p1-8.RHEL4.12.x86_64.rpm 9eaf5f509a4442aa921751a73bd29e94 openssh-askpass-gnome-3.9p1-8.RHEL4.12.x86_64.rpm 08f183cef545498fc81ee61fba9e5ef5 openssh-clients-3.9p1-8.RHEL4.12.x86_64.rpm eda71f6f994a92a323058e9e8c2ba4f9 openssh-server-3.9p1-8.RHEL4.12.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssh-3.9p1-8.RHEL4.12.src.rpm 2578e547e59c73fdca370de8e98c5503 openssh-3.9p1-8.RHEL4.12.src.rpm i386: 21757cc7559d10b6c0d129ad09f7457b openssh-3.9p1-8.RHEL4.12.i386.rpm d8f08434752602146534024a54d8597e openssh-askpass-3.9p1-8.RHEL4.12.i386.rpm 73f9af460966644a1996be486cbd2cfc openssh-askpass-gnome-3.9p1-8.RHEL4.12.i386.rpm d753e37401a9a8bc837232c8c04565fe openssh-clients-3.9p1-8.RHEL4.12.i386.rpm ed7c9a6d9dcdb8104da21f65fb318c8f openssh-server-3.9p1-8.RHEL4.12.i386.rpm x86_64: 538abab594c138be17494e21eef0f8c0 openssh-3.9p1-8.RHEL4.12.x86_64.rpm 74fb1a3069203034430479b873e229e5 openssh-askpass-3.9p1-8.RHEL4.12.x86_64.rpm 9eaf5f509a4442aa921751a73bd29e94 openssh-askpass-gnome-3.9p1-8.RHEL4.12.x86_64.rpm 08f183cef545498fc81ee61fba9e5ef5 openssh-clients-3.9p1-8.RHEL4.12.x86_64.rpm eda71f6f994a92a323058e9e8c2ba4f9 openssh-server-3.9p1-8.RHEL4.12.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssh-3.9p1-8.RHEL4.12.src.rpm 2578e547e59c73fdca370de8e98c5503 openssh-3.9p1-8.RHEL4.12.src.rpm i386: 21757cc7559d10b6c0d129ad09f7457b openssh-3.9p1-8.RHEL4.12.i386.rpm d8f08434752602146534024a54d8597e openssh-askpass-3.9p1-8.RHEL4.12.i386.rpm 73f9af460966644a1996be486cbd2cfc openssh-askpass-gnome-3.9p1-8.RHEL4.12.i386.rpm d753e37401a9a8bc837232c8c04565fe openssh-clients-3.9p1-8.RHEL4.12.i386.rpm ed7c9a6d9dcdb8104da21f65fb318c8f openssh-server-3.9p1-8.RHEL4.12.i386.rpm ia64: 4e7aa26129bf1905d97faf99b8e116b4 openssh-3.9p1-8.RHEL4.12.ia64.rpm 9d66c16e57e3c21b3678dd12d1851f10 openssh-askpass-3.9p1-8.RHEL4.12.ia64.rpm 11ff74898dfe0ace6fc2f0ff5e89c24c openssh-askpass-gnome-3.9p1-8.RHEL4.12.ia64.rpm 70fc3a2a4b8f641203673b1f62282c33 openssh-clients-3.9p1-8.RHEL4.12.ia64.rpm de9c83fa4b93dea3f8d42b4df4fd569a openssh-server-3.9p1-8.RHEL4.12.ia64.rpm x86_64: 538abab594c138be17494e21eef0f8c0 openssh-3.9p1-8.RHEL4.12.x86_64.rpm 74fb1a3069203034430479b873e229e5 openssh-askpass-3.9p1-8.RHEL4.12.x86_64.rpm 9eaf5f509a4442aa921751a73bd29e94 openssh-askpass-gnome-3.9p1-8.RHEL4.12.x86_64.rpm 08f183cef545498fc81ee61fba9e5ef5 openssh-clients-3.9p1-8.RHEL4.12.x86_64.rpm eda71f6f994a92a323058e9e8c2ba4f9 openssh-server-3.9p1-8.RHEL4.12.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssh-3.9p1-8.RHEL4.12.src.rpm 2578e547e59c73fdca370de8e98c5503 openssh-3.9p1-8.RHEL4.12.src.rpm i386: 21757cc7559d10b6c0d129ad09f7457b openssh-3.9p1-8.RHEL4.12.i386.rpm d8f08434752602146534024a54d8597e openssh-askpass-3.9p1-8.RHEL4.12.i386.rpm 73f9af460966644a1996be486cbd2cfc openssh-askpass-gnome-3.9p1-8.RHEL4.12.i386.rpm d753e37401a9a8bc837232c8c04565fe openssh-clients-3.9p1-8.RHEL4.12.i386.rpm ed7c9a6d9dcdb8104da21f65fb318c8f openssh-server-3.9p1-8.RHEL4.12.i386.rpm ia64: 4e7aa26129bf1905d97faf99b8e116b4 openssh-3.9p1-8.RHEL4.12.ia64.rpm 9d66c16e57e3c21b3678dd12d1851f10 openssh-askpass-3.9p1-8.RHEL4.12.ia64.rpm 11ff74898dfe0ace6fc2f0ff5e89c24c openssh-askpass-gnome-3.9p1-8.RHEL4.12.ia64.rpm 70fc3a2a4b8f641203673b1f62282c33 openssh-clients-3.9p1-8.RHEL4.12.ia64.rpm de9c83fa4b93dea3f8d42b4df4fd569a openssh-server-3.9p1-8.RHEL4.12.ia64.rpm x86_64: 538abab594c138be17494e21eef0f8c0 openssh-3.9p1-8.RHEL4.12.x86_64.rpm 74fb1a3069203034430479b873e229e5 openssh-askpass-3.9p1-8.RHEL4.12.x86_64.rpm 9eaf5f509a4442aa921751a73bd29e94 openssh-askpass-gnome-3.9p1-8.RHEL4.12.x86_64.rpm 08f183cef545498fc81ee61fba9e5ef5 openssh-clients-3.9p1-8.RHEL4.12.x86_64.rpm eda71f6f994a92a323058e9e8c2ba4f9 openssh-server-3.9p1-8.RHEL4.12.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFEDazXXlSAg2UNWIIRAkphAJ0e9KUzL6k9eOGPJhvsVEBO5QsOSwCgxFuZ IU5oJG72XokzmajCWtsbLX8= =hiLc - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRA4hiCh9+71yA2DNAQKxsQP/b7AqfoZ57y4ZZTQHvlk7BF/EakX5r4C4 h0ntaKh0HVE9mhOlieq/uBgMncLQ//HFtBb5dlgT0Ad240NbU7gvnCWeAzgPJI62 qDF8m036/ZwLhNebP/sXoe63qglyAcpnn+xna0WrJv865rJdPUWibuIgBKpDoajM lU8llEInIyk= =IbfI -----END PGP SIGNATURE-----