![[LWN Logo]](/images/lcorner.png) |
|
![[Timeline]](/images/Included.png) |
Date: Fri, 9 Feb 2001 23:38:59 -0500 (EST)
From: Jeffrey L. Vagle <jvagle@linuxppc.org>
To: linuxppc-security-announce@lists.linuxppc.org
Subject: LPPCSA-2001:004:1 - OpenSSH remote forwarding vulnerability
=========================================================================
LinuxPPC Security Advisory LPPCSA-2001:004:1 20010209
http://linuxppc.org/security security@linuxppc.org
=========================================================================
Summary: OpenSSH unauthorized remote forwarding vulnerability
Date: 20010209
Affects: OpenSSH versions prior to 2.3.0
Updated Package: openssh-2.3.0p1-1
I. Background
OpenSSH is a FREE version of the SSH suite of network connectivity
tools that increasing numbers of people on the Internet are coming to
rely on. Many users of telnet, rlogin, ftp, and other such programs
might not realize that their password is transmitted across the
Internet unencrypted, but it is. OpenSSH encrypts all traffic
(including passwords) to effectively eliminate eavesdropping,
connection hijacking, and other network-level attacks. Additionally,
OpenSSH provides a myriad of secure tunnelling capabilities. The
OpenSSH suite includes the ssh program which replaces rlogin and
telnet, and scp which replaces rcp and ftp. Also included is sshd
which is the server side of the package, and the other basic utilities
like ssh-add, ssh-agent, and ssh-keygen. OpenSSH supports protocol
versions 1.3, 1.5, and 2.0.
II. Problem Description
The problem occurs in the OpenSSH Client. The client does not
sufficiently check for the ssh-agent and X11 forwarding options after
an SSH session has been negotiated. This allows the server end of the
SSH session to gain access to either of these two resources on the
client side. This could result in a malicious server gaining access
to the X11 display and remotely watching the desktop and
keystokes. This problem can also allow a malicious server access to
the local ssh-agent.
III. Solution
A. URL:
http://linuxppc.org/security/advisories/LPPCSA-2001-004-1.php3
B. Instructions
To update your packages, use
rpm -Uvh filename
for each RPM. To verify each RPM, use
rpm --checksig filename
LinuxPPC.org's GPG key may be found at
http://linuxppc.org/security/advisories/linuxppc_pub_key.php3
** Sent via the linuxppc-security-announce mail list.