LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Low: openssh security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated openssh packages that fix a potential security vulnerability and various other bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: openssh security update
Advisory ID:       RHSA-2005:550-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-550.html
Issue date:        2005-09-28
Updated on:        2005-09-28
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-2069
- ---------------------------------------------------------------------

1. Summary:

Updated openssh packages that fix a potential security vulnerability and
various other bugs are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This
includes the core files necessary for both the OpenSSH client and server. 

A bug was found in the way the OpenSSH server handled the MaxStartups and
LoginGraceTime configuration variables. A malicious user could connect to
the SSH daemon in such a way that it would prevent additional logins from
occuring until the malicious connections are closed. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-2069 to this issue.

Additionally, the following issues are resolved with this update:

- - The -q option of the ssh client did not suppress the banner message sent
by the server, which caused errors when used in scripts.

- - The sshd daemon failed to close the client connection if multiple X
clients were forwarded over the connection and the client session exited.

- - The sftp client leaked memory if used for extended periods.

- - The sshd daemon called the PAM functions incorrectly if the user was
unknown on the system.

All users of openssh should upgrade to these updated packages, which
contain backported patches and resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

129289 - [PATCH] SSH -q flag does not suppress banner text
151080 - sftp over a persistent connection (days/weeks) develops a memory leak.
156996 - CAN-2004-2069 openssh DoS issue


6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssh-3.6.1p2-33.30.6.src.rpm
f514321c6f738324ef5aa4df64a6e1c2  openssh-3.6.1p2-33.30.6.src.rpm

i386:
52e87b68f36f459088903be25e4dc9fd  openssh-3.6.1p2-33.30.6.i386.rpm
4352bdb2f2c165818bb72723840bc96e  openssh-askpass-3.6.1p2-33.30.6.i386.rpm
bccb045b7834a86051d4be555034f048  openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm
4cda57abc7d85f321900d568a95c5480  openssh-clients-3.6.1p2-33.30.6.i386.rpm
b807bb89e975f7c6afe6f8270d1d5357  openssh-server-3.6.1p2-33.30.6.i386.rpm

ia64:
26481121cb896b726c8e891b801ef3d6  openssh-3.6.1p2-33.30.6.ia64.rpm
2f8aa489e8d9744cbafcd45730794395  openssh-askpass-3.6.1p2-33.30.6.ia64.rpm
fbdd53c3bf2288409aa0687f3717ea5b  openssh-askpass-gnome-3.6.1p2-33.30.6.ia64.rpm
d60c195299c8e07e4c5e100f18e2145b  openssh-clients-3.6.1p2-33.30.6.ia64.rpm
a0b7c2e40c942f7996003b3d33dc7094  openssh-server-3.6.1p2-33.30.6.ia64.rpm

ppc:
3e29708efad159fa8cc254662b6ff505  openssh-3.6.1p2-33.30.6.ppc.rpm
5c6363576c83399dfa948aa45d8f185e  openssh-askpass-3.6.1p2-33.30.6.ppc.rpm
bea38750538bd370e65406b5b1eabf33  openssh-askpass-gnome-3.6.1p2-33.30.6.ppc.rpm
fc65f08b4c2e6ede36e0f7762140aa5c  openssh-clients-3.6.1p2-33.30.6.ppc.rpm
ddb0d4bbf471f2c9a60ac8d928a1733e  openssh-server-3.6.1p2-33.30.6.ppc.rpm

s390:
a09e96711d0f9e6527193eb3a3660ce1  openssh-3.6.1p2-33.30.6.s390.rpm
8fde7e1acc7593ba0048836f88c9548f  openssh-askpass-3.6.1p2-33.30.6.s390.rpm
35e1caa39539fbdd1bd38f17ad66103d  openssh-askpass-gnome-3.6.1p2-33.30.6.s390.rpm
c6f91623373358c892fcb36c7785d1c6  openssh-clients-3.6.1p2-33.30.6.s390.rpm
d13ba0dee80f74ac42eb2594fb1582cd  openssh-server-3.6.1p2-33.30.6.s390.rpm

s390x:
c953f6bebbffc2c5e888a4b59c4cee7a  openssh-3.6.1p2-33.30.6.s390x.rpm
3938bf4cb26335f471f494fd455427a0  openssh-askpass-3.6.1p2-33.30.6.s390x.rpm
06561eab8bd1a67fec7747c9b4ace426  openssh-askpass-gnome-3.6.1p2-33.30.6.s390x.rpm
42df2d392e3741527b820edb6e7fe8c0  openssh-clients-3.6.1p2-33.30.6.s390x.rpm
2bc0b74d772c4fea91ba835b23e86fae  openssh-server-3.6.1p2-33.30.6.s390x.rpm

x86_64:
2778b91c7cb7735c4b60fac710a4e602  openssh-3.6.1p2-33.30.6.x86_64.rpm
ed944f1bdecb361ee6cf8e9429ccbc52  openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm
252f1926456af7e2749fa34eafd91cec  openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm
9d788669ff55c53e49e35e1f0919c0ce  openssh-clients-3.6.1p2-33.30.6.x86_64.rpm
3552034cbb2d541408fe82faf821a42f  openssh-server-3.6.1p2-33.30.6.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssh-3.6.1p2-33.30.6.src.rpm
f514321c6f738324ef5aa4df64a6e1c2  openssh-3.6.1p2-33.30.6.src.rpm

i386:
52e87b68f36f459088903be25e4dc9fd  openssh-3.6.1p2-33.30.6.i386.rpm
4352bdb2f2c165818bb72723840bc96e  openssh-askpass-3.6.1p2-33.30.6.i386.rpm
bccb045b7834a86051d4be555034f048  openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm
4cda57abc7d85f321900d568a95c5480  openssh-clients-3.6.1p2-33.30.6.i386.rpm
b807bb89e975f7c6afe6f8270d1d5357  openssh-server-3.6.1p2-33.30.6.i386.rpm

x86_64:
2778b91c7cb7735c4b60fac710a4e602  openssh-3.6.1p2-33.30.6.x86_64.rpm
ed944f1bdecb361ee6cf8e9429ccbc52  openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm
252f1926456af7e2749fa34eafd91cec  openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm
9d788669ff55c53e49e35e1f0919c0ce  openssh-clients-3.6.1p2-33.30.6.x86_64.rpm
3552034cbb2d541408fe82faf821a42f  openssh-server-3.6.1p2-33.30.6.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssh-3.6.1p2-33.30.6.src.rpm
f514321c6f738324ef5aa4df64a6e1c2  openssh-3.6.1p2-33.30.6.src.rpm

i386:
52e87b68f36f459088903be25e4dc9fd  openssh-3.6.1p2-33.30.6.i386.rpm
4352bdb2f2c165818bb72723840bc96e  openssh-askpass-3.6.1p2-33.30.6.i386.rpm
bccb045b7834a86051d4be555034f048  openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm
4cda57abc7d85f321900d568a95c5480  openssh-clients-3.6.1p2-33.30.6.i386.rpm
b807bb89e975f7c6afe6f8270d1d5357  openssh-server-3.6.1p2-33.30.6.i386.rpm

ia64:
26481121cb896b726c8e891b801ef3d6  openssh-3.6.1p2-33.30.6.ia64.rpm
2f8aa489e8d9744cbafcd45730794395  openssh-askpass-3.6.1p2-33.30.6.ia64.rpm
fbdd53c3bf2288409aa0687f3717ea5b  openssh-askpass-gnome-3.6.1p2-33.30.6.ia64.rpm
d60c195299c8e07e4c5e100f18e2145b  openssh-clients-3.6.1p2-33.30.6.ia64.rpm
a0b7c2e40c942f7996003b3d33dc7094  openssh-server-3.6.1p2-33.30.6.ia64.rpm

x86_64:
2778b91c7cb7735c4b60fac710a4e602  openssh-3.6.1p2-33.30.6.x86_64.rpm
ed944f1bdecb361ee6cf8e9429ccbc52  openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm
252f1926456af7e2749fa34eafd91cec  openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm
9d788669ff55c53e49e35e1f0919c0ce  openssh-clients-3.6.1p2-33.30.6.x86_64.rpm
3552034cbb2d541408fe82faf821a42f  openssh-server-3.6.1p2-33.30.6.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssh-3.6.1p2-33.30.6.src.rpm
f514321c6f738324ef5aa4df64a6e1c2  openssh-3.6.1p2-33.30.6.src.rpm

i386:
52e87b68f36f459088903be25e4dc9fd  openssh-3.6.1p2-33.30.6.i386.rpm
4352bdb2f2c165818bb72723840bc96e  openssh-askpass-3.6.1p2-33.30.6.i386.rpm
bccb045b7834a86051d4be555034f048  openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm
4cda57abc7d85f321900d568a95c5480  openssh-clients-3.6.1p2-33.30.6.i386.rpm
b807bb89e975f7c6afe6f8270d1d5357  openssh-server-3.6.1p2-33.30.6.i386.rpm

ia64:
26481121cb896b726c8e891b801ef3d6  openssh-3.6.1p2-33.30.6.ia64.rpm
2f8aa489e8d9744cbafcd45730794395  openssh-askpass-3.6.1p2-33.30.6.ia64.rpm
fbdd53c3bf2288409aa0687f3717ea5b  openssh-askpass-gnome-3.6.1p2-33.30.6.ia64.rpm
d60c195299c8e07e4c5e100f18e2145b  openssh-clients-3.6.1p2-33.30.6.ia64.rpm
a0b7c2e40c942f7996003b3d33dc7094  openssh-server-3.6.1p2-33.30.6.ia64.rpm

x86_64:
2778b91c7cb7735c4b60fac710a4e602  openssh-3.6.1p2-33.30.6.x86_64.rpm
ed944f1bdecb361ee6cf8e9429ccbc52  openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm
252f1926456af7e2749fa34eafd91cec  openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm
9d788669ff55c53e49e35e1f0919c0ce  openssh-clients-3.6.1p2-33.30.6.x86_64.rpm
3552034cbb2d541408fe82faf821a42f  openssh-server-3.6.1p2-33.30.6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2069

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hacker Halted 2014: Johnny Long Calls for Hackers for Charity Volunteers
RIPS – Static Source Code Analysis For PHP Vulnerabilities
Finding a Video Poker Bug Made These Guys Rich—Then Vegas Made Them Pay
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.