Date: Sat, 10 Jun 2000 14:11:56 -0300 From: Andreas HasenackTo: bugtraq@securityfocus.com, lwn@lwn.net, bos@sekure.org Subject: CONECTIVA LINUX SECURITY ANNOUNCEMENT - OPENSSH ---------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT ---------------------------------------------------------------------- PACKAGE: openssh SUMMARY : "UseLogin" option allows remote execution of commands as root DATE : 2000-06-10 AFFECTED CONECTIVA VERSIONS : 5.0 ---------------------------------------------------------------------- DESCRIPTION Openssh's default installation doesn't have this problem. If the "UseLogin" option is used, then the ssh server won't drop its root privileges, instead relying on the login program to do so. But if the user specifies a command to be executed during the ssh session, the login program won't be used and the program will be run with full root privileges. SOLUTION Users with the "UseLogin" option set to "no" in /etc/ssh/sshd_config are not vulnerable. If, however, this option is needed, then openssh MUST be upgraded IMMEDIATELY. Updated packages for openssl are also provided to satisfy openssh's dependencies. DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/openssh-2.1.1p1-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/openssh-askpass-2.1.1p1-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/openssh-askpass-gnome-2.1.1p1-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/openssh-clients-2.1.1p1-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/openssh-server-2.1.1p1-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/openssl-0.9.5a-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/openssl-devel-0.9.5a-1cl.i386.rpm DIRECT LINK TO THE SOURCE PACKAGE ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/openssh-2.1.1p1-1cl.src.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/openssl-0.9.5a-1cl.src.rpm ---------------------------------------------------------------------- All packages are signed with Conectiva's PGP key. The key can be obtained at http://www.conectiva.com.br/conectiva/contato.html ---------------------------------------------------------------------- subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br