3Com Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Alcatel Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

AppGate Network Security AB Affected

Updated:  October 01, 2003

Status

Affected

Vendor Statement

AppGate versions from 4.0 up to and including 5.3.1 do include the vulnerable code. Patches are available from the appgate support pages at http://www.appgate.com.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Apple Computer, Inc. Affected

Notified:  September 16, 2003 Updated: October 01, 2003

Status

Affected

Vendor Statement

Apple: Mac OS X 10.2.8 contains the patches to address CVE CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682. On Mac OS X versions prior to 10.2.8, the vulnerability is limited to a denial of service from the possibility of causing sshd to crash. Each login session has its own sshd, so established connections are preserved up to the point where system resources are exhausted by an attack. To deliver the update in a rapid and reliable manner, only the patches for CVE IDs listed above were applied, and not the entire set of patches for OpenSSH 3.7.1. Thus, the OpenSSH version in Mac OS X 10.2.8, as obtained via the "ssh -V" command, is: OpenSSH_3.4p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL 0x0090609f Mac OS X 10.2.8 is available as a free update for customers running Mac OS X 10.2.x. It is available from: Mac OS X Client (updating from 10.2 - 10.2.5): http://www.info.apple.com/kbnum/n120244 Mac OS X Client (updating from 10.2.6 - 10.2.7): http://www.info.apple.com/kbnum/n120245 Mac OS X Server (updating from 10.2 - 10.2.5): http://www.info.apple.com/kbnum/n120246 Mac OS X Server (updating from 10.2.6 - 10.2.7): http://www.info.apple.com/kbnum/n120247

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

AT&T Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Avaya Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Berkeley Software Design, Inc. Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Bitvise Not Affected

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Not Affected

Vendor Statement

Our software shares no codebase with the OpenSSH implementation, therefore we believe that, in our products, this problem does not exist.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Cisco Systems, Inc. Affected

Notified:  September 16, 2003 Updated: September 17, 2003

Status

Affected

Vendor Statement

Cisco has some products which are vulnerable to this issue. Cisco's response is now published at http://www.cisco.com/warp/public/707/cisco-sa-20030917-openssh.shtml

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Cray Inc. Affected

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Affected

Vendor Statement

Cray Inc. supports OpenSSH through its Cray Open Software (COS) package. Cray is vulnerable to this buffer management error and is in the process of compiling OpenSSH 3.7. The new version will be made available in the next COS release.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Cyclades Corporation Affected

Updated:  September 22, 2003

Status

Affected

Vendor Statement

Cyclades Corporation Position: Our Cyclades-TS and AlterPath ACS families have been updated against this vulnerability. Please go to Cyclades download page at: http://www.cyclades.com/support/downloads.php All other Cyclades products are not affected by this advisory.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Debian Linux Affected

Notified:  September 16, 2003 Updated: September 17, 2003

Status

Affected

Vendor Statement

Debian has issued DSA 382 and DSA 383 for these issues. http://www.debian.org/security/2003/dsa-382 http://www.debian.org/security/2003/dsa-383

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

D-Link Systems Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

EMC Corporation Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Extreme Networks Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

F5 Networks, Inc. Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

FiSSH Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Foundry Networks Inc. Affected

Notified:  September 16, 2003 Updated: October 15, 2003

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see .

FreeBSD, Inc. Affected

Notified:  September 16, 2003 Updated: September 18, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FreeBSD-SA-03:12 Security Advisory FreeBSD, Inc. Topic: OpenSSH buffer management error Category: core, ports Module: openssh, ports_openssh, openssh-portable Announced: 2003-09-16 Credits: The OpenSSH Project Affects: All FreeBSD releases after 4.0-RELEASE FreeBSD 4-STABLE prior to the correction date openssh port prior to openssh-3.6.1_3 openssh-portable port prior to openssh-portable-3.6.1p2_3 Corrected: 2003-09-17 16:24:02 UTC (RELENG_4, 4.9-PRERELEASE) 2003-09-17 14:46:58 UTC (RELENG_5_1, 5.1-RELEASE-p4) 2003-09-17 14:50:14 UTC (RELENG_5_0, 5.0-RELEASE-p13) 2003-09-17 14:51:09 UTC (RELENG_4_8, 4.8-RELEASE-p6) 2003-09-17 14:51:37 UTC (RELENG_4_7, 4.7-RELEASE-p16) 2003-09-17 14:52:08 UTC (RELENG_4_6, 4.6-RELEASE-p19) 2003-09-17 14:52:42 UTC (RELENG_4_5, 4.5-RELEASE-p31) 2003-09-17 14:57:32 UTC (RELENG_4_4, 4.4-RELEASE-p41) 2003-09-17 14:58:56 UTC (RELENG_4_3, 4.3-RELEASE-p37) 2003-09-17 16:07:48 UTC (ports/security/openssh) 2003-09-17 16:07:48 UTC (ports/security/openssh-portable) CVE: CAN-2003-0693, CAN-2003-0695, CAN-2003-0682 FreeBSD only: NO 0. Revision History v1.0 2003-09-16 Initial release v1.1 2003-09-17 Typo in instructions for restarting sshd Additional buffer management errors corrected I. Background OpenSSH is a free version of the SSH protocol suite of network connectivity tools. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods. `ssh' is the client application, while `sshd' is the server. II. Problem Description Several operations within OpenSSH require dynamic memory allocation or reallocation. Examples are: the receipt of a packet larger than available space in a currently allocated buffer; creation of additional channels beyond the currently allocated maximum; and allocation of new sockets beyond the currently allocated maximum. Many of these operations can fail either due to `out of memory' or due to explicit checks for ridiculously sized requests. However, the failure occurs after the allocation size has already been updated, so that the bookkeeping data structures are in an inconsistent state (the recorded size is larger than the actual allocation). Furthermore, the detection of these failures causes OpenSSH to invoke several `fatal_cleanup' handlers, some of which may then attempt to use these inconsistent data structures. For example, a handler may zero and free a buffer in this state, and as a result memory outside of the allocated area will be overwritten with NUL bytes. III. Impact A remote attacker can cause OpenSSH to crash. The bug is not believed to be exploitable for code execution on FreeBSD. IV. Workaround Do one of the following: 1) Disable the base system sshd by executing the following command as root: # kill `cat /var/run/sshd.pid` Be sure that sshd is not restarted when the system is restarted by adding the following line to the end of /etc/rc.conf: sshd_enable="NO" AND Deinstall the openssh or openssh-portable ports if you have one of them installed. V. Solution Do one of the following: [For OpenSSH included in the base system] 1) Upgrade your vulnerable system to 4-STABLE or to the RELENG_5_1, RELENG_4_8, or RELENG_4_7 security branch dated after the correction date (5.1-RELEASE-p3, 4.8-RELEASE-p5, or 4.7-RELEASE-p15, respectively). 2) FreeBSD systems prior to the correction date: The following patches have been verified to apply to FreeBSD 4.x and FreeBSD 5.x systems prior to the correction date. Download the appropriate patch and detached PGP signature from the following locations, and verify the signature using your PGP utility. [FreeBSD 4.3 and 4.4] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer44.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer44.patch.asc [FreeBSD 4.5] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer45.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer45.patch.asc [FreeBSD 4.6 and later, FreeBSD 5.0 and later] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer46.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer46.patch.asc Execute the following commands as root: # cd /usr/src # patch < /path/to/sshd.patch # cd /usr/src/secure/lib/libssh # make depend && make all install # cd /usr/src/secure/usr.sbin/sshd # make depend && make all install # cd /usr/src/secure/usr.bin/ssh # make depend && make all install Be sure to restart `sshd' after updating. # kill `cat /var/run/sshd.pid` # /usr/sbin/sshd [For the OpenSSH ports] One of the following: 1) Upgrade your entire ports collection and rebuild the OpenSSH port. 2) Deinstall the old package and install a new package obtained from the following directory: [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/ [other platforms] Packages are not automatically generated for other platforms at this time due to lack of build resources. 3) Download a new port skeleton for the openssh or openssh-portable port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz Be sure to restart `sshd' after updating. # kill `cat /var/run/sshd.pid` # test -x /usr/local/etc/rc.d/sshd.sh && sh /usr/local/etc/rc.d/sshd.sh start VI. Correction details The following list contains the revision numbers of each file that was corrected in the FreeBSD base system and ports collection. Branch Revision Path [Base system] RELENG_4 src/crypto/openssh/buffer.c 1.1.1.1.2.7 src/crypto/openssh/channels.c 1.1.1.1.2.10 src/crypto/openssh/deattack.c 1.1.1.1.2.5 src/crypto/openssh/misc.c 1.1.1.1.2.3 src/crypto/openssh/session.c 1.4.2.18 src/crypto/openssh/ssh-agent.c 1.2.2.11 src/crypto/openssh/version.h 1.1.1.1.2.12 RELENG_5_1 src/UPDATING 1.251.2.5 src/crypto/openssh/buffer.c 1.1.1.6.4.2 src/crypto/openssh/channels.c 1.15.2.1 src/crypto/openssh/deattack.c 1.1.1.5.4.1 src/crypto/openssh/misc.c 1.1.1.4.2.1 src/crypto/openssh/session.c 1.40.2.1 src/crypto/openssh/ssh-agent.c 1.18.2.1 src/crypto/openssh/version.h 1.20.2.2 src/sys/conf/newvers.sh 1.50.2.6 RELENG_5_0 src/UPDATING 1.229.2.19 src/crypto/openssh/buffer.c 1.1.1.6.2.2 src/crypto/openssh/channels.c 1.13.2.1 src/crypto/openssh/deattack.c 1.1.1.5.2.1 src/crypto/openssh/misc.c 1.1.1.3.2.1 src/crypto/openssh/session.c 1.38.2.1 src/crypto/openssh/ssh-agent.c 1.16.2.1 src/crypto/openssh/version.h 1.18.2.2 src/sys/conf/newvers.sh 1.48.2.14 RELENG_4_8 src/UPDATING 1.73.2.80.2.8 src/crypto/openssh/buffer.c 1.1.1.1.2.4.4.2 src/crypto/openssh/channels.c 1.1.1.1.2.8.2.1 src/crypto/openssh/deattack.c 1.1.1.1.2.4.4.1 src/crypto/openssh/misc.c 1.1.1.1.2.2.4.1 src/crypto/openssh/session.c 1.4.2.17.2.1 src/crypto/openssh/ssh-agent.c 1.2.2.10.2.1 src/crypto/openssh/version.h 1.1.1.1.2.10.2.2 src/sys/conf/newvers.sh 1.44.2.29.2.7 RELENG_4_7 src/UPDATING 1.73.2.74.2.19 src/crypto/openssh/buffer.c 1.1.1.1.2.4.2.2 src/crypto/openssh/channels.c 1.1.1.1.2.7.2.1 src/crypto/openssh/deattack.c 1.1.1.1.2.4.2.1 src/crypto/openssh/misc.c 1.1.1.1.2.2.2.1 src/crypto/openssh/session.c 1.4.2.16.2.1 src/crypto/openssh/ssh-agent.c 1.2.2.8.2.1 src/crypto/openssh/version.h 1.1.1.1.2.9.2.2 src/sys/conf/newvers.sh 1.44.2.26.2.18 RELENG_4_6 src/UPDATING 1.73.2.68.2.47 src/crypto/openssh/buffer.c 1.1.1.1.2.3.4.3 src/crypto/openssh/channels.c 1.1.1.1.2.6.2.2 src/crypto/openssh/deattack.c 1.1.1.1.2.3.4.2 src/crypto/openssh/misc.c 1.1.1.1.2.1.4.2 src/crypto/openssh/session.c 1.4.2.12.2.2 src/crypto/openssh/ssh-agent.c 1.2.2.7.4.2 src/crypto/openssh/version.h 1.1.1.1.2.8.2.3 src/sys/conf/newvers.sh 1.44.2.23.2.36 RELENG_4_5 src/UPDATING 1.73.2.50.2.48 src/crypto/openssh/buffer.c 1.1.1.1.2.3.2.2 src/crypto/openssh/channels.c 1.1.1.1.2.5.2.2 src/crypto/openssh/deattack.c 1.1.1.1.2.3.2.1 src/crypto/openssh/scp.c 1.1.1.1.2.4.2.1 src/crypto/openssh/session.c 1.4.2.11.2.1 src/crypto/openssh/ssh-agent.c 1.2.2.7.2.1 src/crypto/openssh/version.h 1.1.1.1.2.7.2.3 src/sys/conf/newvers.sh 1.44.2.20.2.32 RELENG_4_4 src/UPDATING 1.73.2.43.2.49 src/crypto/openssh/buffer.c 1.1.1.1.2.2.4.2 src/crypto/openssh/channels.c 1.1.1.1.2.4.4.2 src/crypto/openssh/deattack.c 1.1.1.1.2.2.4.1 src/crypto/openssh/scp.c 1.1.1.1.2.3.4.1 src/crypto/openssh/session.c 1.4.2.8.4.2 src/crypto/openssh/ssh-agent.c 1.2.2.6.4.1 src/crypto/openssh/version.h 1.1.1.1.2.5.2.4 src/sys/conf/newvers.sh 1.44.2.17.2.40 RELENG_4_3 src/UPDATING 1.73.2.28.2.36 src/crypto/openssh/buffer.c 1.1.1.1.2.2.2.2 src/crypto/openssh/channels.c 1.1.1.1.2.4.2.2 src/crypto/openssh/deattack.c 1.1.1.1.2.2.2.1 src/crypto/openssh/scp.c 1.1.1.1.2.3.2.1 src/crypto/openssh/session.c 1.4.2.8.2.2 src/crypto/openssh/ssh-agent.c 1.2.2.6.2.1 src/crypto/openssh/version.h 1.1.1.1.2.4.2.4 src/sys/conf/newvers.sh 1.44.2.14.2.26 [Ports] ports/security/openssh-portable/Makefile 1.75 ports/security/openssh-portable/files/patch-buffer.c 1.2 ports/security/openssh-portable/files/patch-deattack.c 1.1 ports/security/openssh-portable/files/patch-misc.c 1.3 ports/security/openssh-portable/files/patch-session.c 1.16 ports/security/openssh-portable/files/patch-ssh-agent.c 1.1 ports/security/openssh/Makefile 1.122 ports/security/openssh/files/patch-buffer.c 1.2 ports/security/openssh/files/patch-deattack.c 1.1 ports/security/openssh/files/patch-misc.c 1.3 ports/security/openssh/files/patch-session.c 1.15 ports/security/openssh/files/patch-ssh-agent.c 1.1 Branch Version string HEAD OpenSSH_3.6.1p1 FreeBSD-20030917 RELENG_4 OpenSSH_3.5p1 FreeBSD-20030917 RELENG_5_1 OpenSSH_3.6.1p1 FreeBSD-20030917 RELENG_4_8 OpenSSH_3.5p1 FreeBSD-20030917 RELENG_4_7 OpenSSH_3.4p1 FreeBSD-20030917 RELENG_4_6 OpenSSH_3.4p1 FreeBSD-20030917 RELENG_4_5 OpenSSH_2.9 FreeBSD localisations 20030917 RELENG_4_4 OpenSSH_2.3.0 FreeBSD localisations 20030917 RELENG_4_3 OpenSSH_2.3.0 green@FreeBSD.org 20030917 To view the version string of the OpenSSH server, execute the following command: % /usr/sbin/sshd -\? The version string is also displayed when a client connects to the server. To view the version string of the OpenSSH client, execute the following command: % /usr/bin/ssh -V VII. References -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/aKuVFdaIBMps37IRAj/nAJ9x7UQj1Mp0vTAZBHnjGsp/9LQLlQCfVybJ AVHLwTVUmQXV9S2naBBX14I= =JhlR -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

FreSSH Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

F-Secure Affected

Notified:  September 16, 2003 Updated: September 18, 2003

Status

Affected

Vendor Statement

This vulnerability does not affect any version of F-Secure SSH software that utilizes ssh protocol version 2. The non-affected versions have been available since 1998. This vulnerability only affects the following F-Secure SSH server versions: F-Secure SSH for Unix versions 1.3.14 and earlier. More information is available from http://www.f-secure.com/support/technical/ssh/ssh1_openssh_buffer_management.shtml

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Fujitsu Not Affected

Notified:  September 16, 2003 Updated: September 22, 2003

Status

Not Affected

Vendor Statement

Fujitsu's UXP/V o.s. is not affected by the problem in VU#333628 because it does not support the SSH.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Guardian Digital Inc. Affected

Notified:  September 16, 2003 Updated: September 18, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 | Guardian Digital Security Advisory September 18, 2003 | | http://www.guardiandigital.com ESA-20030918-024 | | Packages: openssh, openssh-clients, openssh-server | | Summary: additional buffer management bugs. EnGarde Secure Linux is an enterprise class Linux platform engineered to enable corporations to quickly and cost-effectively build a complete and secure Internet presence while preventing Internet threats. OVERVIEW After the release of ESA-20030916-023, the OpenSSH team discovered more buffer management bugs (fixed in OpenSSH 3.7.1) of the same type. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0695 to this issue. Additionally, Solar Designer fixed additional bugs of this class. His fixes are included in this update. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0682 to this issue. Guardian Digital products affected by this issue include: EnGarde Secure Community v1.0.1 EnGarde Secure Community 2 EnGarde Secure Professional v1.1 EnGarde Secure Professional v1.2 EnGarde Secure Professional v1.5 It is recommended that all users apply this update as soon as possible. SOLUTION Guardian Digital Secure Network subscribers may automatically update affected systems by accessing their account from within the Guardian Digital WebTool. To modify your GDSN account and contact preferences, please go to: https://www.guardiandigital.com/account/ Below are MD5 sums for the updated EnGarde Secure Linux 1.0.1 packages: Source Packages: SRPMS/openssh-3.4p1-1.0.24.src.rpm MD5 Sum: 99fe7fb778502a2052bf77820c98e75f Binary Packages: i386/openssh-3.4p1-1.0.24.i386.rpm MD5 Sum: 47c27d82dedff376039757b982a64354 i386/openssh-clients-3.4p1-1.0.24.i386.rpm MD5 Sum: 033b6c372912ead498da72e61b726af5 i386/openssh-server-3.4p1-1.0.24.i386.rpm MD5 Sum: 9b9564ca3cbf8dd6f9a56fb19c2bbb7a i686/openssh-3.4p1-1.0.24.i686.rpm MD5 Sum: 62b9c11f36e8ce38221d5eb31bf5e7f3 i686/openssh-clients-3.4p1-1.0.24.i686.rpm MD5 Sum: b3b382a4b4a5923b02f5eac7a1d35290 i686/openssh-server-3.4p1-1.0.24.i686.rpm MD5 Sum: 513893fc0ad8eda5ffdfc2f79c820e45 REFERENCES Guardian Digital's public key: http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY OpenSSH's Official Web Site: http://www.openssh.com/ Guardian Digital Advisories: http://infocenter.guardiandigital.com/advisories/ Security Contact: security@guardiandigital.com Author: Ryan W. Maple Copyright 2003, Guardian Digital, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/acadHD5cqd57fu0RAm6kAJ9Mri+Rq56dr8cwm82tcyOLDcZQJACgjE+A T+zQmXJeR4nmKZ4JfffjNyw= =01Ez -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Hewlett-Packard Company Unknown

Notified:  September 16, 2003 Updated: September 18, 2003

Status

Unknown

Vendor Statement

Hewlett-Packard Company SOURCE: Hewlett-Packard Company Software Security Response Team (SSRT) Date: 16 September, 2003 CROSS REFERENCE ID: SSRT3629 At the time of writing this document, Hewlett Packard is currently investigating the potential impact to HP released operating system software. HP will provide notice of the availability of any necessary patches through standard security bulletin announcements and be available from your normal HP Services support channel. To report any security issue for any HP software products send email to security-alert@hp.com

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Hitachi Not Affected

Notified:  September 16, 2003 Updated: October 07, 2003

Status

Not Affected

Vendor Statement

Hitachi HI-UX/WE2 is NOT vulnerable, because it does not support OpenSSH.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

IBM Corporation Affected

Notified:  September 16, 2003 Updated: October 01, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The AIX Security Team is aware of the issues discussed in CERT Vulnerability Note VU#333628 and CERT Advisory CA-2003-24. OpenSSH is available for AIX via the AIX Toolbox for Linux or the Bonus Pack. OpenSSH 3.4p1, revision 9 contains fixes for this issue for the AIX Toolbox for Linux. For more information about the AIX Toolbox for Linux or to download OpenSSH 3.4p1 revision 9, please see: http://www-1.ibm.com/servers/aix/products/aixos/linux/download.html Please note that AIX Toolbox for Linux is available "as-is" and is unwarranted. Patched versions of OpenSSH for the Bonus Pack on AIX 5.1 and 5.2 are available Please see: http://oss.software.ibm.com/developerworks/projects/opensshi -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) iD8DBQE/caebcnMXzUg7txIRAgOJAJ0Y6J/hQbjj55RfRv3cEzBhuNbN6wCdGghw JuV94jCMTXFz9xzJD3b5qo4= =Uhli -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

IBM eServer Affected

Notified:  September 16, 2003 Updated: September 22, 2003

Status

Affected

Vendor Statement

For information related to this and other published CERT Advisories that may relate to the IBM eServer Platforms (xSeries, iSeries, pSeries, and zSeries) please go to https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID=3D In order to access this information you will require a Resource Link ID. To subscribe to Resource Link go to http://app-06.www.ibm.com/servers/resourcelink and follow the steps for registration. All questions should be refered to servsec@us.ibm.com.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

IBM-zSeries Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Ingrian Networks, Inc. Affected

Notified:  September 16, 2003 Updated: October 01, 2003

Status

Affected

Vendor Statement

Ingrian Networks Security Advisory ING-2003-05 Revision 1.0 Dated: 9/22/2003 Posted: https://www.ingrian.com/support/iwsc/security.php Summary The Ingrian DataSecure platform secures business applications and data. This advisory describes a vulnerabilty in all Ingrian platforms. This vulnerability is in the SSH server, which is used for secure access to the command line interface (CLI). There are buffer overflow bugs in the SSH server that could allow an attacker who can connect to the ssh port to crash the SSH server. At this time there are no known exploits, nor are there any known attacks that exploit the buffer overflow to obtain access to an Ingrian device. There is a workaround: block access to port 22 (ssh) at the firewall. Applying the appropriate patch from those listed below will fix the vulnerability. The patches are available at https://www.ingrian.com/support/iwsc/security.php Affected Products All releases of the IngrianOS. Details Sshd, prior to version 3.71, contains buffer overflow bugs that can allow an attacker to crash the program. This vulnerability was announced in CERT advisory CA-2003-24 (http://www.cert.org/advisories/CA-2003-24.html) Impact An attacker could use this vulnerability to perform a denial-of-service attack on an Ingrian device. Since the Ingrian watches and restarts critical services, even if the vulnerability were exploited on an Ingrian device, the period that service would be denied is short. If attackers develop exploits that put the attacker's code on the stack, it would be possible for them to obtain access to the affected machines. Ingrian is not aware of any exploits currently in the field. Software Versions and Fixes This vulnerability is fixed in these patches: 2.6.3p02 2.8.2p02 2.9.0p07 These patches are released as "untested" patches, meaning that they have gone through an acceptance test but have not yet passed the full QA cycle. Fully tested patches will be released shortly. Please contact your Ingrian representative. Obtaining A Fix Customers with service contracts should go through the regular update channels to obtain the software upgrades identified in this advisory. For most customers with service contracts, this means that upgrades should be obtained through the Ingrian Support Center at https://www.ingrian.com/suppport Workarounds This vulnerability exists only when attackers can access the ssh port, port 22. Disabling access to port 22 at the outer firewall prevents the attack. See your firewall vendors' documentation for details. Another workaround is to disable SSH Administration. To do this, select Maintenance, then Services. Click on 'SSH Administration' and then click the 'disable startup' button. Then click 'Stop'. Source This vulnerability was reported in CERT announcement CA-2003-24. Revision History Version 1.0, dated 9/19/2003 Copyright This advisory is copyright 2003 by Ingrian Networks, Inc. This advisory may be redistributed freely, provided that redistributed copies are complete and unmodified, including all date and version information.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Intel Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Intersoft International Inc. Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Juniper Networks, Inc. Affected

Notified:  September 16, 2003 Updated: September 22, 2003

Status

Affected

Vendor Statement

Juniper Networks has identified this vulnerability in all shipping versions of JUNOS and coded a software fix. The fix will be included in all releases of JUNOS Internet software built on or after September 17. Customers with current support contracts should contact JTAC to obtain the fix for this vulnerability. JUNOSe and SDX are not vulnerable to this issue. Contract customers can review the details at: https://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2003-09-007&actionBtn=Search

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Lachman Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Lsh Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Lucent Technologies Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

MacSSH Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Mandriva, Inc. Affected

Notified:  September 16, 2003 Updated: September 18, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CONECTIVA LINUX SECURITY ANNOUNCEMENT PACKAGE : openssh SUMMARY : Remote vulnerabilities DATE : 2003-09-17 18:48:00 ID : CLA-2003:741 RELEVANT RELEASES : 7.0, 8, 9 DESCRIPTION OpenSSH[1] is a very popular and versatile tool that uses encrypted connections between hosts and is commonly used for remote administration. This update fixes new vulnerabilities found in the code that handles buffers in OpenSSH. These vulnerabilities are similiar to the ones fixed in the CLSA-2003:739 announcement[2] (CAN-2003-0693) and can be exploited by a remote attacker to cause a denial of service condition and potentially execute arbitrary code (although there is still no concrete evidence of that). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0695 to this additional issue[3]. The OpenSSH team released the version 3.7.1 which fixes this vulnerability[4]. This update contains the versions originally distributed with Conectiva Linux added of backported patches. Additionally, patches made by Solar Designer to fix memory bugs in other parts of the code are being added. Althought it is unlikely that these bugs are exploitable, they are being treatead as security fixes by now and have the name CAN-2003-0682 assigned[5] by The Common Vulnerabilities and Exposures project (cve.mitre.org). SOLUTION It is recommended that all OpenSSH users upgrade their packages. The ssh service will be automatically restarted during the upgrade if it is already running. Current ssh sessions will remain open during the restart. REFERENCES: 1.http://www.openssh.org 2.http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000739&idioma=en 3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0695 4.http://www.openssh.com/txt/buffer.adv 5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0682 UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-3.4p1-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-askpass-3.4p1-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-askpass-gnome-3.4p1-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-clients-3.4p1-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-server-3.4p1-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/openssh-3.4p1-1U70_3cl.src.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-3.4p1-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-askpass-3.4p1-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-askpass-gnome-3.4p1-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-clients-3.4p1-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/openssh-server-3.4p1-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/SRPMS/openssh-3.4p1-1U80_3cl.src.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-3.5p1-27767U90_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-askpass-3.5p1-27767U90_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-askpass-gnome-3.5p1-27767U90_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-clients-3.5p1-27767U90_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/openssh-server-3.5p1-27767U90_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/SRPMS/openssh-3.5p1-27767U90_2cl.src.rpm ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en Copyright (c) 2003 Conectiva Inc. http://www.conectiva.com subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE/aNbu42jd0JmAcZARAnByAJ4la1+ZTsDPuuQoFcu4ygjk406b5wCg11KG KWI0pS7VlyuaHtgastTIZrA= =QKv8 -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Mandriva, Inc. Affected

Notified:  September 16, 2003 Updated: September 17, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandrake Linux Security Update Advisory Package name: openssh Advisory ID: MDKSA-2003:090-1 Date: September 17th, 2003 Original Advisory Date: September 16th, 2003 Affected versions: 8.2, 9.0, 9.1, Corporate Server 2.1, Multi Network Firewall 8.2 Problem Description: A buffer management error was discovered in all versions of openssh prior to version 3.7. According to the OpenSSH team's advisory: "It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively." There have also been reports of an exploit in the wild. MandrakeSoft encourages all users to upgrade to these patched openssh packages immediately and to disable sshd until you are able to upgrade if at all possible. Update: The OpenSSH developers discovered more, similar, problems and revised the patch to correct these issues. These new packages have the latest patch fix applied. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0693 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0695 http://www.kb.cert.org/vuls/id/333628 http://www.openssh.com/txt/buffer.adv Updated Packages: Corporate Server 2.1: e4dd6a2be580feeceddb7bf702646992 corporate/2.1/RPMS/openssh-3.6.1p2-1.2.90mdk.i586.rpm b643425ed773606865f31797db73b6d5 corporate/2.1/RPMS/openssh-askpass-3.6.1p2-1.2.90mdk.i586.rpm bf403b678dd74c14c489bf5a32939e80 corporate/2.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.2.90mdk.i586.rpm c4ec1f56320d69a37455d4f74da30d2d corporate/2.1/RPMS/openssh-clients-3.6.1p2-1.2.90mdk.i586.rpm 0252fc0a7273c7c2ebbe4ae92fe492c6 corporate/2.1/RPMS/openssh-server-3.6.1p2-1.2.90mdk.i586.rpm 8909a7349c3e18993784900e1c501dc8 corporate/2.1/SRPMS/openssh-3.6.1p2-1.2.90mdk.src.rpm Corporate Server 2.1/x86_64: 7a297d5ad1cf8f266a7045e5ed6407b4 x86_64/corporate/2.1/RPMS/openssh-3.6.1p2-1.2.90mdk.x86_64.rpm 0e1047d7ac87e4cb2fc83f51156f89e8 x86_64/corporate/2.1/RPMS/openssh-askpass-3.6.1p2-1.2.90mdk.x86_64.rpm 09592be1376bff2acb58577eb22927e5 x86_64/corporate/2.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.2.90mdk.x86_64.rpm cb39634d5cb6811a53e833a566dca625 x86_64/corporate/2.1/RPMS/openssh-clients-3.6.1p2-1.2.90mdk.x86_64.rpm 2e49b64404318ee3c10f7088781f36da x86_64/corporate/2.1/RPMS/openssh-server-3.6.1p2-1.2.90mdk.x86_64.rpm 8909a7349c3e18993784900e1c501dc8 x86_64/corporate/2.1/SRPMS/openssh-3.6.1p2-1.2.90mdk.src.rpm Mandrake Linux 8.2: 862ccaea668653af1dd98d4f4cba388e 8.2/RPMS/openssh-3.6.1p2-1.2.82mdk.i586.rpm abb351c902abd9bcfc7eefd0d8e56b43 8.2/RPMS/openssh-askpass-3.6.1p2-1.2.82mdk.i586.rpm 614a6bd4680be732689f5bd1e791a351 8.2/RPMS/openssh-askpass-gnome-3.6.1p2-1.2.82mdk.i586.rpm baa534caf5c7121741a7089e11cd169e 8.2/RPMS/openssh-clients-3.6.1p2-1.2.82mdk.i586.rpm 6f0b03ff0dd99857159177d3e797e916 8.2/RPMS/openssh-server-3.6.1p2-1.2.82mdk.i586.rpm d6fd51341f521dc7fc2086915dcaec20 8.2/SRPMS/openssh-3.6.1p2-1.2.82mdk.src.rpm Mandrake Linux 8.2/PPC: c453de5cac92707c112c9245663fd25c ppc/8.2/RPMS/openssh-3.6.1p2-1.2.82mdk.ppc.rpm 48211a23e464b38ebd4e7deed7347f48 ppc/8.2/RPMS/openssh-askpass-3.6.1p2-1.2.82mdk.ppc.rpm 77d27118abff6a1d6c0f57c167fefb52 ppc/8.2/RPMS/openssh-askpass-gnome-3.6.1p2-1.2.82mdk.ppc.rpm b58b03854614f14c861f42121d165a2b ppc/8.2/RPMS/openssh-clients-3.6.1p2-1.2.82mdk.ppc.rpm 9c477dda47eab7cad24839d0ea43e6a4 ppc/8.2/RPMS/openssh-server-3.6.1p2-1.2.82mdk.ppc.rpm d6fd51341f521dc7fc2086915dcaec20 ppc/8.2/SRPMS/openssh-3.6.1p2-1.2.82mdk.src.rpm Mandrake Linux 9.0: e4dd6a2be580feeceddb7bf702646992 9.0/RPMS/openssh-3.6.1p2-1.2.90mdk.i586.rpm b643425ed773606865f31797db73b6d5 9.0/RPMS/openssh-askpass-3.6.1p2-1.2.90mdk.i586.rpm bf403b678dd74c14c489bf5a32939e80 9.0/RPMS/openssh-askpass-gnome-3.6.1p2-1.2.90mdk.i586.rpm c4ec1f56320d69a37455d4f74da30d2d 9.0/RPMS/openssh-clients-3.6.1p2-1.2.90mdk.i586.rpm 0252fc0a7273c7c2ebbe4ae92fe492c6 9.0/RPMS/openssh-server-3.6.1p2-1.2.90mdk.i586.rpm 8909a7349c3e18993784900e1c501dc8 9.0/SRPMS/openssh-3.6.1p2-1.2.90mdk.src.rpm Mandrake Linux 9.1: 2f657dd739f51adad400b75e627db53a 9.1/RPMS/openssh-3.6.1p2-1.2.91mdk.i586.rpm 2284741fdae6b3809b85f1f193dc9c7b 9.1/RPMS/openssh-askpass-3.6.1p2-1.2.91mdk.i586.rpm 3462362cb6364701bfe536541f24d349 9.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.2.91mdk.i586.rpm 5a8b2d3763dfc4dd77c7705401b4155e 9.1/RPMS/openssh-clients-3.6.1p2-1.2.91mdk.i586.rpm 508f52a1bc06e57b5176c31dc7d1674b 9.1/RPMS/openssh-server-3.6.1p2-1.2.91mdk.i586.rpm 4d9c124f212d3ad840bc19f6579784fc 9.1/SRPMS/openssh-3.6.1p2-1.2.91mdk.src.rpm Mandrake Linux 9.1/PPC: bf558d8fba0c8f779f73e8a3f75956d8 ppc/9.1/RPMS/openssh-3.6.1p2-1.2.91mdk.ppc.rpm ca0ff77a847d5485cf03e4abb1fc7a88 ppc/9.1/RPMS/openssh-askpass-3.6.1p2-1.2.91mdk.ppc.rpm 4c45f30751958b8347713b818a55caf1 ppc/9.1/RPMS/openssh-askpass-gnome-3.6.1p2-1.2.91mdk.ppc.rpm e7912e06b6bf2579badac32f583d8511 ppc/9.1/RPMS/openssh-clients-3.6.1p2-1.2.91mdk.ppc.rpm 809424b2dd19bd2f654fdf4743fc5a8b ppc/9.1/RPMS/openssh-server-3.6.1p2-1.2.91mdk.ppc.rpm 4d9c124f212d3ad840bc19f6579784fc ppc/9.1/SRPMS/openssh-3.6.1p2-1.2.91mdk.src.rpm Multi Network Firewall 8.2: 862ccaea668653af1dd98d4f4cba388e mnf8.2/RPMS/openssh-3.6.1p2-1.2.82mdk.i586.rpm baa534caf5c7121741a7089e11cd169e mnf8.2/RPMS/openssh-clients-3.6.1p2-1.2.82mdk.i586.rpm 6f0b03ff0dd99857159177d3e797e916 mnf8.2/RPMS/openssh-server-3.6.1p2-1.2.82mdk.i586.rpm d6fd51341f521dc7fc2086915dcaec20 mnf8.2/SRPMS/openssh-3.6.1p2-1.2.82mdk.src.rpm Bug IDs fixed (see https://qa.mandrakesoft.com for more information): To upgrade automatically, use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. A list of FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team by executing: gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98 Please be aware that sometimes it takes the mirrors a few hours to update. You can view other update advisories for Mandrake Linux at: http://www.mandrakesecure.net/en/advisories/ MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting: http://www.mandrakesecure.net/en/mlist.php If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE/aIYrmqjQ0CJFipgRAkuzAKCZtNMVd9LqiR0CVbkz9XILvIB4hACeIlqv LB/u5JclV/2Ny+Cao90MLTc= =0Nsc -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Microsoft Corporation Not Affected

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Mirapoint Affected

Notified:  September 16, 2003 Updated: September 18, 2003

Status

Affected

Vendor Statement

Mirapoint released a patch (D3_SSH_CA_2003_24) last night to fix the first reported vulnerability and will release D3_SSH_CA_2003_24_1 to cover the second.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

MontaVista Software, Inc. Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Multi-Tech Systems Inc. Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NEC Corporation Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NetApp Unknown

Notified:  August 12, 2008 Updated: August 12, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NetBSD Affected

Notified:  September 16, 2003 Updated: September 17, 2003

Status

Affected

Vendor Statement

The NetBSD Security Advisory on the OpenSSH buffer management issue is available here: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-012.txt.asc

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NETcomposite Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NetScreen Technologies Inc. Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Network Appliance Affected

Notified:  September 16, 2003 Updated: August 12, 2008

Status

Affected

Vendor Statement

This issue applies only to SecureAdmin on Data ONTAP versions earlier than 6.4.3, and SecureAdmin for NetCache releases earlier than 5.5R2. All current releases (NetCache 5.6, 6.0 and 6.1, and Filer 6.5, 7.0, 7.1, 7.2, 7.3 and 10.0) have been secured against this issue. If you have an affected release: Disable the SSH server on the filer or NetCache appliance, or if it must remain enabled, ensure that the ssh.access option (config.admin.trusted_hosts in NetCache) is used to restrict ssh connections to authorized administrative hosts.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

Nokia Affected

Notified:  September 16, 2003 Updated: September 18, 2003

Status

Affected

Vendor Statement

Nokia confirms that IPSO and IPSO-SX are affected by the vulnerability described in CERT Coordination Center Vulnerability Note VU#333628. We are currently backporting the patches provided by the OpenSSH team into the OpenSSH versions deployed within IPSO and IPSO-SX. According to CERT/CC, the most likely impact of the vulnerability is the potential for a DoS attack if an exploit script is repeatedly executed against the same device. This potential can be eliminated by restricting access to SSH, allowing access only from trusted workstations by using either Access Control Lists (ACLs) or firewall rules to restrict access to TCP port 22. To prevent automated scanners from successfully exploiting this vulnerability, ensure that the SSH server does not run on the default port of TCP 22 and is running on an alternate port, preferably above port 1024. In IPSO, this can be done by going to the "Security and Access Configuration" section in Voyager and selecting "SSH (Secure Shell)," then click on the "Go to the advanced server options page" link. From here, under the "Configure Server Protocol Details" heading, the TCP port number for the SSH service can be changed to a different value. We expect to provide updated releases of IPSO and IPSO-SX the week of September 22, 2003.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Nortel Networks, Inc. Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

OpenBSD Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

OpenPKG Affected

Updated:  September 17, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security@openpkg.org openpkg@openpkg.org OpenPKG-SA-2003.040 17-Sep-2003 Package: openssh Vulnerability: arbitrary code execution OpenPKG Specific: no Affected Releases: Affected Packages: Corrected Packages: OpenPKG CURRENT <= openssh-3.7p1-20030916 >= openssh-3.7.1p1-20030917 OpenPKG 1.3 <= openssh-3.6.1p2-1.3.1 >= openssh-3.6.1p2-1.3.2 OpenPKG 1.2 <= openssh-3.5p1-1.2.3 >= openssh-3.5p1-1.2.4 Dependent Packages: none Description: According to an OpenSSH [1] Security Advisory [0], 2nd revision, all versions of OpenSSH's sshd(8) prior to version 3.7.1 contain buffer management errors. The discovery of additional similar errors by Solar Designer show that version 3.7.1 is affected, too. Those errors may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be cleared and corrupting the heap on fatal cleanups. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2003-0693 [2] to the problem, as initially explained in the 1st revision of the OpenSSH Security Advisory [0]. In the current 2nd revision, similar problems were described and fixed, too. Additionally, Solaris Designer found 4 more problematic instances of similar memory management errors. The corrected OpenPKG packages (see versions above) contain the collected bug fixes for all of those errors. Please check whether you are affected by running "/bin/rpm -q openssh". If you have the "openssh" package installed and its version is affected (see above), we recommend that you immediately upgrade it (see Solution). [3] [4] Notice that the previous package versions openssh-3.7p1-20030916, openssh-3.6.1p2-1.3.1 and openssh-3.5p1-1.2.3 contain the bug fixes from the OpenSSH Security Advisory [0], 1st revision, only. You are strongly advised to upgrade to the latest package versions because of the contained additional bug fixes. Solution: Select the updated source RPM appropriate for your OpenPKG release [5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror location, verify its integrity [9], build a corresponding binary RPM from it [3] and update your OpenPKG installation by applying the binary RPM [4]. For the current release OpenPKG 1.3, perform the following operations to permanently fix the security problem (for other releases adjust accordingly). $ ftp ftp.openpkg.org ftp> bin ftp> cd release/1.3/UPD ftp> get openssh-3.6.1p2-1.3.2.src.rpm ftp> bye $ /bin/rpm -v --checksig openssh-3.6.1p2-1.3.2.src.rpm $ /bin/rpm --rebuild openssh-3.6.1p2-1.3.2.src.rpm $ su - # /bin/rpm -Fvh /RPM/PKG/openssh-3.6.1p2-1.3.2.*.rpm References: [0] http://www.openssh.com/txt/buffer.adv [1] http://www.openssh.com/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0693 [3] http://www.openpkg.org/tutorial.html#regular-source [4] http://www.openpkg.org/tutorial.html#regular-binary [5] ftp://ftp.openpkg.org/release/1.3/UPD/openssh-3.6.1p2-1.3.2.src.rpm [6] ftp://ftp.openpkg.org/release/1.2/UPD/openssh-3.5p1-1.2.4.src.rpm [8] ftp://ftp.openpkg.org/release/1.3/UPD/ [7] ftp://ftp.openpkg.org/release/1.2/UPD/ [9] http://www.openpkg.org/security.html#signature For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG " (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/ for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNATURE----- Comment: OpenPKG iD8DBQE/aBsSgHWT4GPEy58RAuzEAJ9nHSDAWuei8cKha78J96d80capfgCgk+o7 4tYQRFxKe/DU86lAynKHRpo= =i3sR -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

OpenSSH Affected

Notified:  September 16, 2003 Updated: September 17, 2003

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

This issue is resolved in version 3.7.1. Please see the OpenSSH advisory at: http://www.openssh.com/txt/buffer.adv

Openwall GNU/*/Linux Affected

Notified:  September 16, 2003 Updated: September 18, 2003

Status

Affected

Vendor Statement

The OpenSSH package in Openwall GNU/*/Linux did contain the buffer / memory management errors. As of 2003/09/17, we have included the fixes from OpenSSH 3.7.1 as well as 4 additional fixes to other such real or potential errors based on an exhaustive review of the OpenSSH source code for uses of *realloc() functions. At this time, it is uncertain whether and which of these bugs are exploitable. If exploits are possible, due to privilege separation, the worst direct impact should be limited to arbitrary code execution under the sshd pseudo-user account restricted within the chroot jail /var/empty, or under the logged in user account

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Pragma Systems Not Affected

Notified:  September 16, 2003 Updated: October 01, 2003

Status

Not Affected

Vendor Statement

We have tested our code and double checked for the code vulnerability and we have found that our code is NOT vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Putty Not Affected

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Not Affected

Vendor Statement

PuTTY is not based on the OpenSSH code base, so it should not be vulnerable to any OpenSSH-specific attacks.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Redback Networks Inc. Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Red Hat, Inc. Affected

Notified:  September 16, 2003 Updated: September 18, 2003

Status

Affected

Vendor Statement

Red Hat Linux and Red Hat Enterprise Linux ship with an OpenSSL package vulnerable to these issues. Updated OpenSSL packages are available along with our advisory at the URLs below. Users of the Red Hat Network can update their systems using the 'up2date' tool. Red Hat Linux: http://rhn.redhat.com/errata/RHSA-2003-279.html Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2003-280.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Riverstone Networks Affected

Notified:  September 16, 2003 Updated: October 01, 2003

Status

Affected

Vendor Statement

Riverstone Networks has issued an advisory on this issue at http://www.riverstonenet.com/support/tb0265-9.html.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SCO Affected

Notified:  September 16, 2003 Updated: October 07, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SCO Security Advisory Subject: OpenServer 5.0.7 : OpenSSH: multiple buffer handling problems Advisory number: CSSA-2003-SCO.24 Issue date: 2003 October 1 Cross reference: sr884749 fz528324 erg712436 CERT VU#33362 CERT VU#602204 CAN-2003-0693 CAN-2003-0786 CAN-2003-0695 CAN-2003-0682 1. Problem Description Several buffer management errors and memory bugs are corrected by this patch. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to these issues. CAN-2003-0693, CAN-2003-0695, CAN-2003-0682, CAN-2003-0786. The CERT Coordination Center has assigned the following names VU#333628, and VU#602204. CERT VU#333628 / CAN-2003-0693: A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CAN-2003-0695 CAN-2003-0695: Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CAN-2003-0693. CAN-2003-0682: "Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CAN-2003-0693 and CAN-2003-0695. CERT VU#602204 / CAN-2003-0786: Portable OpenSSH versions 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the new PAM code. At least one of these bugs is remotely exploitable (under a non-standard configuration, with privsep disabled). OpenServer is not configured to use PAM, so is not vulnerable. 2. Vulnerable Supported Versions System Binaries OpenServer 5.0.7 OpenSSH Distribution 3. Solution The proper solution is to install the latest packages. 4. OpenServer 5.0.7 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.24 4.2 Verification MD5 (VOL.000.000) = f36194ca559c850794874f9c7a0b2a18 MD5 (VOL.000.001) = 02b76bd551a0a95f2544b8999c6fbcbf MD5 (VOL.000.002) = 6818513c946dbcd43a3f34fc19ef79fc MD5 (VOL.000.003) = 8149c475968c3d7318eda33f30ce8045 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to the /tmp directory 2) Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images. 5. References Specific references for this advisory: http://www.openssh.com/txt/buffer.adv http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/security/openssh/files/patch-buffer.c http://marc.theaimsgroup.com/?l=openbsd-misc&m=106371592604940 http://marc.theaimsgroup.com/?l=openbsd-security-announce&m=106375582924840 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr884749 fz528324 erg712436. 6. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (SCO/UNIX_SVR5) iD8DBQE/eyW6aqoBO7ipriERAugiAJwP8ehQ81QNC7EuX8NEkINrtvII0gCfTbZl HrkB1nNF8uxgUSgnWHR61O4= =p5ga -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Secure Computing Corporation Not Affected

Updated:  September 22, 2003

Status

Not Affected

Vendor Statement

Sidewinder(r) and Sidewinder G2 Firewall(tm) (including all appliances) Not Vulnerable. Sidewinder v5.x & Sidewinder G2 v6.x's embedded Type Enforcement(r) technology strictly limits the capabilities of Secure Computing's modified version of the OpenSSH daemon code integrated into the firewall's SecureOS operating system. Any attempt to exploit this vulnerability in the OpenSSH daemon code running on the firewalls results in an automatic termination of the attacker's connection and multiple Type Enforcement alarms. Gauntlet(tm) & e-ppliance Not Vulnerable. Gauntlet and e-ppliance do not include SSH server software, and are thus immune to this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sequent Computer Systems, Inc. Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SGI Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Slackware Affected

Updated:  September 16, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] OpenSSH Security Advisory (SSA:2003-259-01) Upgraded OpenSSH packages are available for Slackware 8.1, 9.0 and - -current. These fix a buffer management error found in versions of OpenSSH earlier than 3.7. The possibility exists that this error could allow a remote exploit, so we recommend all sites running OpenSSH upgrade to the new OpenSSH package immediately. Here are the details from the Slackware 9.0 ChangeLog: Tue Sep 16 11:13:05 PDT 2003 patches/packages/openssh-3.7p1-i386-1.tgz: Upgraded to openssh-3.7p1. From the OpenSSH Security Advisory (http://www.openssh.com/txt/buffer.adv): "All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively." (* Security fix *) WHERE TO FIND THE NEW PACKAGES: Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssh-3.7p1-i386-1.tgz Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssh-3.7p1-i386-1.tgz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-3.7p1-i486-1.tgz MD5 SIGNATURES: Slackware 8.1 package: a86d410e47fe8ab4a8e9f04293a94093 openssh-3.7p1-i386-1.tgz Slackware 9.0 package: ca1d0b1e658c5391067f2a9cf11fc239 openssh-3.7p1-i386-1.tgz Slackware -current package: c58003eaaf4362c8475f0f5a77f2adbb openssh-3.7p1-i486-1.tgz INSTALLATION INSTRUCTIONS: (This procedure is safe to do while logged in through OpenSSH) Upgrade using upgradepkg (as root): # upgradepkg openssh-3.7p1-i386-1.tgz Restart OpenSSH: . /etc/rc.d/rc.sshd restart Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | unsubscribe slackware-security | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/Z1e9akRjwEAQIjMRAmufAJ9LzlDM92HI9GHUD6VBb7XszGvnQwCfd9cf REvURD6OFDRCs4EhBQUsnuk= =7iqn -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sony Corporation Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SSH Communications Security Not Affected

Updated:  September 17, 2003

Status

Not Affected

Vendor Statement

SSH Secure Shell products do not contain the buffer management error. SSH Communications Security products have different code base than OpenSSH.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sun Microsystems, Inc. Affected

Notified:  September 16, 2003 Updated: January 16, 2007

Status

Affected

Vendor Statement

The Solaris Secure Shell in Solaris 9 is impacted by this issue described in CERT Vulnerability Note VU#333628. Sun has published Sun Alert 56861 available here: http://sunsolve.sun.com/search/document.do?assetkey=1-26-56861-1 which details the impact, contributing factors, workaround options, and resolution. This issue does not affect the Solaris Secure Shell in Solaris 10.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SUSE Linux Affected

Notified:  September 16, 2003 Updated: September 18, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- SuSE Security Announcement Package: openssh (second release) Announcement-ID: SuSE-SA:2003:039 Date: Thursday, Sep 18 2003 20:00 MEST Affected products: 7.2, 7.3, 8.0, 8.1, 8.2 SuSE Linux Database Server, SuSE eMail Server III, 3.1 SuSE Linux Enterprise Server 7, 8 SuSE Linux Firewall on CD/Admin host SuSE Linux Connectivity Server SuSE Linux Office Server SuSE Linux Standard Server 8 Vulnerability Type: potential remote privilege escalation Severity (1-10): 8 SuSE default package: yes Cross References: http://www.openssh.com/txt/buffer.adv CERTVU#333628 http://www.kb.cert.org/vuls/id/333628 CVE CAN-2003-0693 CVE CAN-2003-0695 CVE CAN-2003-0682 Content of this advisory: 1) security vulnerability resolved: openssh problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds: - mysql 3) standard appendix (further information) 1) problem description, brief discussion, solution, upgrade information The openssh package is the most widely used implementation of the secure shell protocol family (ssh). It provides a set of network connectivity tools for remote (shell) login, designed to substitute the traditional BSD-style r-protocols (rsh, rlogin). openssh has various authentification mechanisms and many other features such as TCP connection and X11 display forwarding over the fully encrypted network connection as well as file transfer facilities. This is a new release of SuSE Security Announcement (openssh), ID SuSE-SA:2003:038. A set of new bugs were addressed by the openssh development team. These bugs are fixed in the new 3.7.1 upstream release of the openssh package; we have added the necessary changes to our packages preserving the package version to avoid the risk of incompatible behaviour of the software. Specifics about the errors found: (Topic for SuSE Security Announcement SuSE-SA:2003:038:) A programming error has been found in code responsible for buffer management. If exploited by a (remote) attacker, the error may lead to unauthorized access to the system, allowing the execution of arbitrary commands. The error is known as the buffer_append_space()-bug and is assigned the Common Vulnerabilities and Exposures (CVE) name CAN-2003-0693. The error was cause for the upstream release openssh-3.7. (Topic for SuSE Security Announcement SuSE-SA:2003:039 (this announcement) Programming errors of a similar kind as described above have been found in other portions of the code, with similar effects. These errors are known as "buffer.c/channels.c bug", the CVE name for these errors is CAN-2003-0695. This set of errors was cause for the upstream release openssh-3.7.1. In addition to the fixes for the buffer.c/channels.c bugs we have added some changes that have been assembled by Solar Designer during his review of the source code. These fixes are considered a precautious measure and are not believed to have a significant effect on the security of the openssh code. At the time of writing this announcement, we believe that at least one set of errors as described above is exploitable by a remote attacker. As a reminder, at the time of writing the SuSE Security Announcement SuSE-SA:2003:038 it was unclear if the bug addressed with the announcement (buffer_append_space()-bug) is exploitable. An increasing amount of TCP connection attempts to port 22 as observed in the internet during the past days may indicate that there exists an exploit for the error in the public. Please note that we have disabled the Privilege Separation feature in the ssh daemon (sshd) with this update. The PrivSep feature is designed to have parts of the ssh daemon's work running under lowered privileges, thereby limiting the effect of a possible vulnerability in the code. The PrivSep feature is turned on/off by the UsePrivilegeSeparation keyword in sshd's configuration file /etc/ssh/sshd_config. The feature is held responsible for malfunctions in PAM (Pluggable Authentification Modules). The update mechanism will not overwrite configuration files that have been altered after the package installation. SPECIAL INSTALL INSTRUCTIONS: After the update has been successfully applied, the ssh daemon (sshd) must be restarted for update package to become effective. To restart the ssh daemon after the update, please run the following command as root: rcsshd restart Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. Intel i386 Platform: SuSE-8.2: ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/openssh-3.5p1-107.i586.rpm e030b0803481d0f29f576e3b4726284f patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/openssh-3.5p1-107.i586.patch.rpm d022894363b99e6bd03e9b2109c2244c source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/openssh-3.5p1-107.src.rpm 3f7f5ed43c7d795c63fe06148874944a SuSE-8.1: ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/openssh-3.4p1-215.i586.rpm 91cdd33a4149756b8f6371aa3177a5f4 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/openssh-3.4p1-215.i586.patch.rpm 3b7c44819c8fed5e33514481d99d4ab7 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/openssh-3.4p1-215.src.rpm 6c3694fc75bcf185035547b85abbc491 SuSE-8.0: ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec1/openssh-3.4p1-215.i386.rpm c61781b97767188cc3a39795535307ff patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec1/openssh-3.4p1-215.i386.patch.rpm c222aef79a8fef6d44d8d61fc075efc5 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/openssh-3.4p1-215.src.rpm bc327a4150058c9d1216cb96712973a5 SuSE-7.3: ftp://ftp.suse.com/pub/suse/i386/update/7.3/sec1/openssh-2.9.9p2-156.i386.rpm c9928c04b03cb292aa96ad6890a5ee38 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/openssh-2.9.9p2-156.src.rpm 28aa82be9233e3ba93b94eb138c9ea04 SuSE-7.2: ftp://ftp.suse.com/pub/suse/i386/update/7.2/sec1/openssh-2.9.9p2-156.i386.rpm b369724a788a2c6bd70a448a49530f69 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/openssh-2.9.9p2-156.src.rpm 98b8b7281fe04aab8c8838adcf195697 Sparc Platform: SuSE-7.3: ftp://ftp.suse.com/pub/suse/sparc/update/7.3/sec1/openssh-2.9.9p2-53.sparc.rpm 97cb0218e9354b8cc062e44a0d6fb19f source rpm(s): ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/openssh-2.9.9p2-53.src.rpm 8cddb96e633864469d7ba08d3cf7436a PPC Power PC Platform: SuSE-7.3: ftp://ftp.suse.com/pub/suse/ppc/update/7.3/sec1/openssh-2.9.9p2-109.ppc.rpm 37b1e82a3971f5c4c427ce37227b11e0 source rpm(s): ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/openssh-2.9.9p2-109.src.rpm 7a19424887772b86d14bacbf5add9628 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - A buffer overflow vulnerability has been found in the mysql package, an Open Source relational database system. The error may allow a remote attacker to execute arbitrary code with the privileges of the database process. We are in the process of building and testing the update packages and will release them with a SuSE Security Announcement as soon as possible. 3) standard appendix: authenticity verification, additional information - Package authenticity verification: SuSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum after you downloaded the file from a SuSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key security@suse.de), the checksums show proof of the authenticity of the package. We disrecommend to subscribe to security lists which cause the email message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless. 2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command rpm -v --checksig to verify the signature of the package, where is the filename of the rpm package that you have downloaded. Of course, package authenticity verification can only target an un-installed rpm package file. Prerequisites: a) gpg is installed b) The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SuSE in rpm packages for SuSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg < announcement.txt | gpg --import SuSE Linux distributions version 7.1 and thereafter install the key "build@suse.de" upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de . - SuSE runs two security mailing lists to which any interested party may subscribe: suse-security@suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to . suse-security-announce@suse.com - SuSE's announce-only mailing list. Only SuSE's security announcements are sent to this list. To subscribe, send an email to . For general information or the frequently asked questions (faq) send mail to: or respectively. SuSE's security contact is or . The public key is listed below. The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, it is desired that the clear-text signature shows proof of the authenticity of the text. SuSE Linux AG makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot 1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM 523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q 2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ 1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol 0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J /LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ 8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X 11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA 8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM /3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= =LRKC - -----END PGP PUBLIC KEY BLOCK----- Roman Drahtmüller, SuSE Security. | Roman Drahtmüller // "You don't need eyes to see, | SuSE Linux AG - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iQEVAwUBP2n2qXey5gA9JdPZAQHLjAgAkiNLQzgEp8lIZVsbFdL66oMhogQjJaF6 kd9X1BQmx7Ad9ANs87ur68jZ3an0sIxTi63KkSiE83GsX69tubmQTn6myA11b95T AfjXAaZxCPaQF7AZzR9M8cX9aKDNkybyyszkcXXG5DjlrkHZTSLH7UcBsTMdOo+o 5i4iIVNeQorKE/PEiRIA0xv2yJjbhzZ5bRQ1GdTetfo5ffaOKgMhuDBA5szGkHtQ MgLdZpwCOTptDChZZV4mWsN6GuGELhE5GvzeyUGnAWYAp/KUN3w7QJOx3u0T5X5x 9Wsc9UThtkSdHYtDAngEtL+bcJLXAm79Rt8e1OoBhscqu6xpJNpKag== =/e0m -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

TFS Technology Affected

Updated:  September 17, 2003

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Top Layer Networks Not Affected

Updated:  September 18, 2003

Status

Not Affected

Vendor Statement

This notification is to inform you that Top Layer products are not susceptible to the recently announce OpenSSH vulnerability (versions prior to 3.7.1) which appear to occur as a result of buffer management errors. Specifically, this is an issue with freeing the appropriate memory size on the heap, where in certain cases, the memory cleared is too large and might cause heap corruption. More detailed information about this vulnerability can be found at: OpenSSH link: http://www.openssh.com/txt/buffer.adv Top Layer Networks advises following best security practices by restricting the management of any Top Layer device to required address range and ports, as well as denying access to all protocols that are not required.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Trustix Secure Linux Affected

Updated:  September 17, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Trustix Secure Linux Security Advisory #2003-0033 Package name: openssh Summary: Buffer Management error Date: 2003-09-17 Affected versions: TSL 1.2, 1.5, 2.0 Package description: OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to seperate libraries (OpenSSL). Problem description: Taken from the announcement of openssh 3.7.1: All versions of OpenSSH's sshd prior to 3.7.1 contain buffer management errors. It is uncertain whether these errors are potentially exploitable, however, we prefer to see bugs fixed proactively. OpenSSH 3.7 fixed one of these bugs. OpenSSH 3.7.1 fixes more similar bugs. The TSL team has choosen to backport these fixes into the various versions of openssh packaged in TSL. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All TSL updates are available from About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Users of TSL 1.2 can get SWUP from: (In later versions of TSL, SWUP is included in the default installation.) Public testing: These packages have been available for public testing for some time. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at You may also use swup for public testing of updates for TSL 2.0 and later: site { class = 0 location = "http://snow.trustix.org/cloud/rdfs/latest.rdf" regexp = ".*" Questions? Check out our mailing lists: Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key is available from: The advisory itself is available from the errata pages at , and or directly at MD5sums of the packages: 55d636ae51c9e355e02fd9988c78471f ./2.0/SRPMS/openssh-3.6.1p2-4tr.src.rpm 3855df802a31aef02312537c44f24d5f ./2.0/RPMS/openssh-server-config-3.6.1p2-4tr.i586.rpm 3b99832e6d4ee04058c69b4f8767feab ./2.0/RPMS/openssh-server-3.6.1p2-4tr.i586.rpm 68ac388fc68fe725cb6cdd8207017c1f ./2.0/RPMS/openssh-clients-3.6.1p2-4tr.i586.rpm 1bb394fdf22f158a4c5ce154a5284318 ./2.0/RPMS/openssh-3.6.1p2-4tr.i586.rpm abe0f77d98845e40d14548be63f7341c ./1.5/SRPMS/openssh-3.1.0p1-6tr.src.rpm 9af4176b0919f9ee54e83df88248a9dd ./1.5/RPMS/openssh-server-3.1.0p1-6tr.i586.rpm 877030c628b6986e034474068c41e139 ./1.5/RPMS/openssh-clients-3.1.0p1-6tr.i586.rpm d97d217516f01761d7bc610dfd07e51e ./1.5/RPMS/openssh-3.1.0p1-6tr.i586.rpm abe0f77d98845e40d14548be63f7341c ./1.2/SRPMS/openssh-3.1.0p1-6tr.src.rpm 32a74b28d709f09e4752daeb52113cb3 ./1.2/RPMS/openssh-server-3.1.0p1-6tr.i586.rpm 568a01beee4559b803d6457555850507 ./1.2/RPMS/openssh-clients-3.1.0p1-6tr.i586.rpm 925a2a23976c90b5f046c4966c7df80b ./1.2/RPMS/openssh-3.1.0p1-6tr.i586.rpm Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/aFQAwRTcg4BxxS0RAmeyAJ0eRmlx+/K3fDBQ5dRDnBxCTfZBaACfQjac D1B4ib580D4o0FLThRTc1X8= =zIeb -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

TTSSH/TeraTerm Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Unisys Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

VanDyke Software Inc. Not Affected

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Not Affected

Vendor Statement

No VanDyke products are affected by this vulnerability. VanDyke does not use any OpenSSH code.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

VMware Affected

Updated:  October 01, 2003

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see, http://www.vmware.com/download/esx/esx152-patch5.html

Wind River Systems, Inc. Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Wirex Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Zyxel Unknown

Notified:  September 16, 2003 Updated: September 16, 2003

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

View all 78 vendors View less vendors