[24] in Security FYI
possible security hole in sshd program
daemon@ATHENA.MIT.EDU (mhpower@MIT.EDU)
Fri Dec 10 03:06:04 1999
From: mhpower@MIT.EDU
Date: Fri, 10 Dec 1999 03:06:01 -0500
Message-Id: <199912100806.DAA00037@the-oz.mit.edu>
To: security-fyi@MIT.EDU
Reply-To: net-security@MIT.EDU
A potential security problem has recently been found in the sshd
(secure shell daemon) program -- the problem may provide a way for
intruders to break in to your computer remotely, as root. Details of
how to break in via this security hole don't appear to be publicly
available, and aren't known by the MIT Network Security team, but
there may be intruders who do have this breakin capability.
This issue primarily affects Unix systems (any type), but there is a
port of sshd that runs on some Windows systems including 98 and NT.
Below I've included a message announcing an update to the very popular
Linux ssh RPM files (those packaged by Jan Kasprzak). Some of you do not
use Linux and do not have any convenient way to unpack the source RPM
file that contains source code that will also work on non-Linux systems.
For those in that situation: to build a similar updated sshd for other
types of Unix systems, you can start with the standard ssh distribution:
ftp://ftp.cs.hut.fi/pub/ssh/ssh-1.2.27.tar.gz
and the RSAREF distribution from
ftp://ftp.ox.ac.uk/pub/crypto/misc/rsaref2.tar.gz
There are two security-related source-code patches that are contained
in the source RPM, and these are available in plain text format at:
http://web.mit.edu/net-security/dist/ssh-patches/
(The source-code changes do not introduce any Linux-specific code.)
You would of course need to apply the source-code patches prior to
building sshd and the other ssh programs. (The build instructions are
contained in the file named INSTALL in the ssh distribution.)
Please note that if you are using a version of sshd that does not
incorporate the RSAREF library, these particular security patches are
not needed. Your version of sshd is not vulnerable to the security
problems that are addressed by these patches. An example of such a
version of sshd is the one provided as part of the Athena software.
Matt Power
Network Security team, MIT Information Systems
------- Forwarded Message
Date: Tue, 7 Dec 1999 11:51:07 +0100
From: Jan Kasprzak <kas@informatics.muni.cz>
To: redhat-crypto@zedz.net, redhat-announce-list@redhat.com
Subject: ssh-1.2.27-7 RPMs (security update)
Message-Id: <19991207115107.I618@informatics.muni.cz>
X-Mailing-List: <redhat-announce-list@redhat.com> archive/latest/173
Hello,
I have built the new RPMs of secure shell. The only one fix
since the previous release is the buffer overrun fix in RSAref (rsa.c),
described in Core-SDI advisory from December 1. Thanks to Oystein Viggen
for reporting this.
RPMs are available in source form as well as the binaries for
i386 (glibc2.1 and 2.0), alpha and sparc (32-bit). All packages are
PGP-signed by my key <kas@fi.muni.cz> and are available at
ftp://ftp.fi.muni.cz/pub/ssh/local-fi.muni.cz/linux/
and they will be available at ftp.zedz.net (used to be ftp.replay.com)
soon (currently the packages are uploaded in /pub/replay/incoming).
- -Yenya
------- End of Forwarded Message
