Vulnerability Note VU#921339

SSH Tectia Client and Server ssh-signer local privilege escalation

Original Release date: 08 Jan 2008 | Last revised: 14 Jan 2008

Overview

The SSH Communications Security Tectia Client and Server products are vulnerable to privilege escalation, which may allow a local user to gain root access.

Description

The SSH Tectia Client and Server products contain an unspecified privilege escalation vulnerability in ssh-signer. A local user may be able to obtain root access. According to SSH Communications Security:

    AFFECTED PRODUCTS
    * SSH Tectia client and SSH Tectia Server 5.0, 5.1, 5.2 and 5.3 up to 5.2.3 and 5.3.5 (all Linux and Unix)

    NOT AFFECTED PRODUCTS
    * 4.x or older SSH Tectia client/server solution versions are NOT affected.
    * Any version of SSH Tectia client/server solution for IBM mainframes is NOT affected.
    * Any version of SSH Tectia client/server solution for Windows is NOT affected.

Impact

A local user may be able to obtain root access.

Solution

Apply an update
This issue is addressed in SSH Tectia Client/Server solution 5.2.4 and 5.3.6.


Remove ssh-signer

This vulnerability can be mitigated by removing the ssh-signer binary, which is located in /opt/tectia/libexec/. Note that this will disable host-based authentication of the SSH Tectia Client. This will have no adverse effect on SSH Tectia Server.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
SSH Communications Security CorpAffected-08 Jan 2008
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Tuomas Siren for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

  • CVE IDs: CVE-2007-5616
  • Date Public: 08 Jan 2008
  • Date First Published: 08 Jan 2008
  • Date Last Updated: 14 Jan 2008
  • Severity Metric: 2.25
  • Document Revision: 5

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.