Vulnerability Note VU#921339
SSH Tectia Client and Server ssh-signer local privilege escalation
OverviewThe SSH Communications Security Tectia Client and Server products are vulnerable to privilege escalation, which may allow a local user to gain root access.
I. DescriptionThe SSH Tectia Client and Server products contain an unspecified privilege escalation vulnerability in ssh-signer. A local user may be able to obtain root access. According to SSH Communications Security:
AFFECTED PRODUCTS
* SSH Tectia client and SSH Tectia Server 5.0, 5.1, 5.2 and 5.3 up to 5.2.3 and 5.3.5 (all Linux and Unix)
NOT AFFECTED PRODUCTS
* 4.x or older SSH Tectia client/server solution versions are NOT affected.
* Any version of SSH Tectia client/server solution for IBM mainframes is NOT affected.
* Any version of SSH Tectia client/server solution for Windows is NOT affected.
II. ImpactA local user may be able to obtain root access.
III. SolutionApply an update
This issue is addressed in SSH Tectia Client/Server solution 5.2.4 and 5.3.6.
Remove ssh-signer
This vulnerability can be mitigated by removing the ssh-signer binary, which is located in /opt/tectia/libexec/. Note that this will disable host-based authentication of the SSH Tectia Client. This will have no adverse effect on SSH Tectia Server.
Systems Affected
References
http://www.ssh.com/products/client-server/
http://xforce.iss.net/xforce/xfdb/39569
http://www.securitytracker.com/id?1019167
http://secunia.com/advisories/28247/
http://www.securityfocus.com/bid/27191
Credit
Thanks to Tuomas Siren for reporting this vulnerability.
This document was written by Will Dormann.
Other Information
| Date Public: | 2008-01-08 |
| Date First Published: | 2008-01-08 |
| Date Last Updated: | 2008-01-14 |
| CERT Advisory: | |
| CVE-ID(s): | CVE-2007-5616 |
| NVD-ID(s): | CVE-2007-5616 |
| US-CERT Technical Alerts: | |
| Metric: | 2.25 |
| Document Revision: | 5 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
Get Adobe Reader