SSH Tectia Server contains a race condition that may permit an authenticated user access to the private key of the server. Exploitation of this vulnerability may lead to the ability to compromise the trust relationships of the vulnerable server.
SSH Tectia Server versions 4.0.3 and 4.0.4 for Unix contain a race condition vulnerability when the password change plugin (ssh-passwd-plugin) is enabled. Note that the password change plugin is disabled by default. Versions 4.0.3 and 4.0.4 of SSH Tectia Server running on the following platforms are affected:
Exploitation of this vulnerability may lead to the ability of an authenticated user with shell access to gain access to the private key of the server, thus compromising the trust relationships of the vulnerable server.
Upgrading to 4.0.5. If a host has been running a vulnerable version of SSH Tectia, configured to use the password change plugin and the users have had shell access, SSH recommends that the hostkeys be regenerated after upgrading.
Disabling the AuthPassword.ChangePlugin configuration option will mitigate this vulnerability.
Thanks to SSH Communications for reporting this vulnerability.
This document was written by Jason A Rafail and is based on the information provided by SSH Communications.
|Date First Published:||2004-03-23|
|Date Last Updated:||2004-03-23 15:38 UTC|