Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: OpenSSH vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Jan Pechanec discovered that ssh would forward trusted X11 cookies when untrusted cookie generation failed. This could lead to unintended privileges being forwarded to a remote host.
Ubuntu Security Notice USN-566-1           January 09, 2008
openssh vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  openssh-client                  1:4.2p1-7ubuntu3.2

Ubuntu 6.10:
  openssh-client                  1:4.3p2-5ubuntu1.1

Ubuntu 7.04:
  openssh-client                  1:4.3p2-8ubuntu1.1

Ubuntu 7.10:
  openssh-client                  1:4.6p1-5ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Jan Pechanec discovered that ssh would forward trusted X11 cookies when
untrusted cookie generation failed.  This could lead to unintended privileges
being forwarded to a remote host.

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:   171681 14f6b5da9f73a4e256fcd316994057d0
      Size/MD5:     1003 bce70ff72d54dbd8f86b635c78d67478
      Size/MD5:   928420 93295701e6bcd76fabd6a271654ed15c

  Architecture independent packages:
      Size/MD5:     1052 1ab5545e78502458610141793bb0b014

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   165868 fa46d07fce9bbe752dcbdf59df0c9390
      Size/MD5:   610818 38ec7a171bb438304136c8a2a7bdcdc3
      Size/MD5:   236216 94c50d4e1df16ab4c4f7004f9d881373
      Size/MD5:    87020 f93a0992414c66216c28da47f2e74e60
      Size/MD5:   182050 82b5a1cde86dc167a8edd40a047be063

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   140124 cb302b24cdb4c44c78ec742c27daf727
      Size/MD5:   536982 94b5757b8c264c362ff3f8ad06b9a4f7
      Size/MD5:   205486 c9bc37de1707f1ab7f68a501f273405b
      Size/MD5:    86652 1b64f659acc69b58925ccc8d9419db41
      Size/MD5:   151552 33dda25a3ab6e1d25d7df1aba0db3192

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   158556 af98ece9e645d5e3eb1526ba15f507a8
      Size/MD5:   593834 50789b500b8d6c8c6cc32755ca7b50be
      Size/MD5:   226280 14f705f18879a098da14ab993e97e911
      Size/MD5:    88306 74be31b97ea0e3703bb4689595d5cedf
      Size/MD5:   165946 9cbace722542d8830bd9eabd55996e5d

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   149250 6085939fb512a09e7bb3b7a40da00521
      Size/MD5:   543752 519d42bef1f63ab34e6a32a8cf24e6df
      Size/MD5:   208862 cd2f9975a3b5721a8c97dd9b05a7c8a3
      Size/MD5:    86670 eb785485fa84d7c03187c1d46b6e9424
      Size/MD5:   160666 537808f3e9019adeb740e0ef57ce98e7

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:   167857 d9e68da421f0f3260094e60b9c4d2834
      Size/MD5:     1008 7f2085328ec28bf55803fd8239b6d3c1
      Size/MD5:   920186 239fc801443acaffd4c1f111948ee69c

  Architecture independent packages:
      Size/MD5:     1108 f64ce86a8e1c785d418c26ae73612928

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   171950 801b62d343559fc95e0801a0bd58d1ba
      Size/MD5:   662800 159c39418537424f00ecff0b17234958
      Size/MD5:   240784 4a6e48c394dbf3e3c55ed314df9c4626
      Size/MD5:    99908 dc2638f377bdf36abdb9f5d694f6184e
      Size/MD5:   183800 bd2d096b27c81cc2684d570aecc2b373

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   155452 a7f17e87f8239590c322c032b6fd2811
      Size/MD5:   612304 6e19b5bcc87d847c890ba695ef314b8b
      Size/MD5:   217456 b17e8072e3d877578cab69a1e7feeb89
      Size/MD5:    99630 8458d10cb8c1a37ce80d522171d8a189
      Size/MD5:   162612 a47812070e8a28d43f20152ac568d7ee

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   169740 93e4f1bdf7c807e325a5f1119d06fe0b
      Size/MD5:   651118 d7089043bb3bcd8dcd2e0de2c749fbb7
      Size/MD5:   232278 1eabc6d30db561c5466a9c0f6555890c
      Size/MD5:   101192 9e7fb7632ca7c21d3e8c3aeacbd90799
      Size/MD5:   172536 ecbefff8112433428d925c11e4b4169f

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   160072 ac01574cc4d6e0f4bfcd51843e247817
      Size/MD5:   599408 eba2975d304002295c9a6ec165396b88
      Size/MD5:   214408 242fe4117afde4fe64292ee6d6698e92
      Size/MD5:    99588 b3588db55582792d17da3d077f692fba
      Size/MD5:   166842 0a8ffe02d8b95e0909413fab599292fa

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:   265222 a561d015d53bac666abd33e5b52f3c1f
      Size/MD5:     1074 0bec7f516f54455dd04e59463282aa8e
      Size/MD5:   920186 239fc801443acaffd4c1f111948ee69c

  Architecture independent packages:
      Size/MD5:     1088 6c4f3770bf09774db0113dd307c85d04
      Size/MD5:    92944 85e114c75599cd59085f7496c0f8981b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   172512 bf39f77a75f037fd276ce3e6dc10d8ab
      Size/MD5:   691188 00df8ae792962e7fcdfb9f4964114322
      Size/MD5:   184482 f522250900948a4823d4850174fe374a
      Size/MD5:   254094 34b4fe7791e7cbd57d00c687b64e5674
      Size/MD5:   101328 1ae27812cb035fe51dcb992db5a2c750

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   155796 ea114d015bb9cc5bdec44f3ea4841d2a
      Size/MD5:   654808 f8ce9973955f74183d51bdf90bb5b8f8
      Size/MD5:   163014 ed25beac118bb809a3ab756f4ecb9794
      Size/MD5:   236028 f69c3356f1cabb6cb196e8e399216e80
      Size/MD5:   101042 223c594f75b349795cd51b573df23f45

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   177398 a32566329c159f5590934be3f3040a63
      Size/MD5:   712502 d720497bb2ef4bda88b467959f268005
      Size/MD5:   180814 a0afc10513e7aa1210c3d41d9c8a42f3
      Size/MD5:   256976 6a81e584a5eca081c29cefe35b130597
      Size/MD5:   103732 69355724a81ec5ea9021336b5fe9e07c

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   163244 d73a336c58ab9e3a5cdce15f36fb90c5
      Size/MD5:   702320 00c39e378fd46e8e427676870f216ff5
      Size/MD5:   170374 79d7d93a480f419f34763807341663d8
      Size/MD5:   261180 2ea4900de18f669be202d62d556e265d
      Size/MD5:   101282 329801fc72f1aeeda51a2b5a4c392961

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:   188056 e87505d2adc6eec749c628447226de18
      Size/MD5:     1169 a7c099a121256fbcf7ae78ba7a7797ae
      Size/MD5:   946439 cee58cd226138191561fa2d484e18f49

  Architecture independent packages:
      Size/MD5:     1098 a57b417d9207663cd71ed92bf37a48f5
      Size/MD5:    80130 3d80a9efa4865ce6bbaea4ff621909ba

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   175794 8837ac43a72627a988000a610701ba1a
      Size/MD5:   696060 9cb74b65d2da68ebbc24aabc1cbf402c
      Size/MD5:   191914 c2582fef7e5ed552bc46bbd15c915600
      Size/MD5:   266644 bdccfb352eb0310d68f30985b0ca9065
      Size/MD5:    88238 4bf02a6dcf3e13b8b2156295dc369fed

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   158100 4c1c7346697d6ed3b34761ab48b9c108
      Size/MD5:   656418 336648e38ea4801df4e00c9f0b5b617b
      Size/MD5:   168976 c3519796b519cb6c77dfa73c63869af2
      Size/MD5:   247478 ef17f2733cc0cce2a029a7fd20efc646
      Size/MD5:    87884 cdd111d7fb772f11911aeb42123de183

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   180182 0be10cde2daf064eb97280869d5442b0
      Size/MD5:   716850 41052f53a105537c67dfecaf4a4ffe67
      Size/MD5:   187274 761a50b0dff026d1242b5a4a9b56b041
      Size/MD5:   269560 3588db0fbc60fd88bc405d9fd0850d52
      Size/MD5:    90618 84eb8f4a8807116dede79bef23b57908

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   166096 a6716d0be9f274e7d34c6ffb307a03bf
      Size/MD5:   707386 08df83d8258a49f5e836de2564becc26
      Size/MD5:   176716 d35c1e968250eca2d3257439fd3b624e
      Size/MD5:   274466 e3df04fe90a3aba73f47cea95b98f0e0
      Size/MD5:    88218 ae3f401b37945d5c0ee04d14dd4388b4

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.