Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: February 23rd, 2015
Linux Advisory Watch: February 20th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: New lsh-utils packages fix local vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Stefan Pfetzing discovered that lshd, a Secure Shell v2 (SSH2) protocol server, leaks a couple of file descriptors, related to the randomness generator, to user shells which are started by lshd. A local attacker can truncate the server's seed file, which may prevent the server from starting, and with some more effort, maybe also crack session keys.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 956-1                                        Martin Schulze
January 26th, 2006            
- --------------------------------------------------------------------------

Package        : lsh-utils
Vulnerability  : filedescriptor leak
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2006-0353
Debian Bug     : 349303

Stefan Pfetzing discovered that lshd, a Secure Shell v2 (SSH2)
protocol server, leaks a couple of file descriptors, related to the
randomness generator, to user shells which are started by lshd.  A
local attacker can truncate the server's seed file, which may prevent
the server from starting, and with some more effort, maybe also crack
session keys.

After applying this update, you should remove the server's seed file
(/var/spool/lsh/yarrow-seed-file) and then regenerate it with
"lsh-make-seed --server" as root.

For security reasons, lsh-make-seed really needs to be run from the
console of the system you are running it on.  If you run lsh-make-seed
using a remote shell, the timing information lsh-make-seed uses for
its random seed creation is likely to be screwed.  If need be, you can
generate the random seed on a different system than that which it will
eventually be on, by installing the lsh-utils package and running
"lsh-make-seed -o my-other-server-seed-file".  You may then transfer
the seed to the destination system as using a secure connection.

The old stable distribution (woody) may not be affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 2.0.1-3sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2.0.1cdbs-4.

We recommend that you upgrade your lsh-server package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:      827 27a08dea0eb4d51595d12325dd2dc9b9
      Size/MD5 checksum:    65643 ce143cd95c98d22be17702cfa7d00883
      Size/MD5 checksum:  1866063 25ca0b4385779de3d58d2d5757f495c3

  Architecture independent components:
      Size/MD5 checksum:   167108 8a72fcaeee3a9e87bb2f596790e0ed0d

  Alpha architecture:
      Size/MD5 checksum:   401168 b3c017e4498e57576f75c8c6a4141bd1
      Size/MD5 checksum:   338576 573bddb6eaf7a2488199c4559aae3c29
      Size/MD5 checksum:  1024694 db2d07041589921cea746b35970448c9

  ARM architecture:
      Size/MD5 checksum:   295730 dbbf6d2c5a9a78d8757536c0a91c12b1
      Size/MD5 checksum:   263990 524f432ff03e1e4e0de80868b5251dc1
      Size/MD5 checksum:   751640 662e1c293a3ad6ee830e0c154899a5e3

  Intel IA-32 architecture:
      Size/MD5 checksum:   300088 5038534a8bf05c1afe3b6a02d949d19e
      Size/MD5 checksum:   265836 6236889e8e52a65e3302a9cde882b46d
      Size/MD5 checksum:   746754 a8608dc7abfb61b37b49985d6914939d

  Intel IA-64 architecture:
      Size/MD5 checksum:   447126 6e6ea9ed0b40b44f6a77de4bff109d15
      Size/MD5 checksum:   374070 9c7aea3671804cbd9e67c621aa08ae11
      Size/MD5 checksum:  1164462 e73a3d57a099a72d436f071d8666c41f

  HP Precision architecture:
      Size/MD5 checksum:   343638 de455b0e097e6702ada6deaaf8803898
      Size/MD5 checksum:   295558 225a99b05fafbe38ecba5ed54ae56997
      Size/MD5 checksum:   868638 79878de6808ade34d2551aae99f9cd7b

  Motorola 680x0 architecture:
      Size/MD5 checksum:   272632 01605d69846557dfc5b2d3f802eeb9c2
      Size/MD5 checksum:   244748 ae046120b9001ef2109b83ae014e7206
      Size/MD5 checksum:   669880 1ba0c5ea28762faaaffebf763666c7b9

  Big endian MIPS architecture:
      Size/MD5 checksum:   352524 b760940edecb51c6f138f92ed79e1027
      Size/MD5 checksum:   305572 42622131e45e23460a40a168b22f2cdf
      Size/MD5 checksum:   886516 0a3a7d73e941ccb3d042a17ed91757e2

  Little endian MIPS architecture:
      Size/MD5 checksum:   353328 3aae28d22cd30aa12f9cc1edcc3f1800
      Size/MD5 checksum:   306144 3d47e49fa2507587cb1d92992e593081
      Size/MD5 checksum:   888880 0afea7b20d9dc5c12ca7cce15c74643f

  PowerPC architecture:
      Size/MD5 checksum:   316982 d6bbece27b282748d90d5938a8111f21
      Size/MD5 checksum:   282628 9c7a4830a74bc90a5832e6160e1e082d
      Size/MD5 checksum:   809622 31709a65f368f7a068dcbdce4e1aff06

  IBM S/390 architecture:
      Size/MD5 checksum:   343902 6f3d3524ce342b6a2497940d4bc4bb40
      Size/MD5 checksum:   297426 50e9c6e52e3c32c6a8597d2a0475b0d4
      Size/MD5 checksum:   883990 8683782431b1e5e418265972c8877f81

  Sun Sparc architecture:
      Size/MD5 checksum:   292410 44c4c08694ffc59077c2f1fc1112d33f
      Size/MD5 checksum:   262056 05063d13ff9e2b43a4e27e915507d932
      Size/MD5 checksum:   751050 a2f59d44ed6b8c7759a240f491416b63

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
More than 1 million WordPress websites imperiled by critical plugin bug
Yahoo exec goes mano a mano with NSA director over crypto backdoors
Update: Superfish is the Real End of SSL
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.