Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: OpenSSH vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Timo Juhani Lindfors discovered that the OpenSSH client, when port forwarding was requested, would listen on any available address family. A local attacker could exploit this flaw on systems with IPv6 enabled to hijack connections, including X11 forwards.
Ubuntu Security Notice USN-597-1             April 01, 2008
openssh vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  openssh-client                  1:4.2p1-7ubuntu3.3

Ubuntu 6.10:
  openssh-client                  1:4.3p2-5ubuntu1.2

Ubuntu 7.04:
  openssh-client                  1:4.3p2-8ubuntu1.2

Ubuntu 7.10:
  openssh-client                  1:4.6p1-5ubuntu0.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Timo Juhani Lindfors discovered that the OpenSSH client, when port
forwarding was requested, would listen on any available address family.
A local attacker could exploit this flaw on systems with IPv6 enabled
to hijack connections, including X11 forwards.

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:   171837 216f11e247dfeb681cd75c033cc2fc5c
      Size/MD5:     1003 3902e4c29bba7ee62b48c9641bd0bc76
      Size/MD5:   928420 93295701e6bcd76fabd6a271654ed15c

  Architecture independent packages:
      Size/MD5:     1052 5e47eabdf3306595bef55704b3d80702

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   165878 c18cc9d5cbf4f83e9e7730a43c18dba6
      Size/MD5:   610832 5479cad40052592557e93b64536a45c6
      Size/MD5:   236222 4d98f6e82ae9d26e73d12ec2e429dd14
      Size/MD5:    87126 9e041ad9534dc99cb01aa6261acf071f
      Size/MD5:   182086 7b52e535986415799f89b04ea95df8ae

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   140116 99bac142d2bfd0d1bdd61ce8a6a917fc
      Size/MD5:   537108 c828718a152abc20cd547c39653ec67b
      Size/MD5:   205484 c495cf9d7d25e95b9d9baa9a873ccfca
      Size/MD5:    86768 a3a6c7aa8840720498b811b5a0b814b5
      Size/MD5:   151548 c657878eb1b8a91897925914aab0bab8

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   158552 4aada820956ab80eb424713956347551
      Size/MD5:   594088 26dbbb6ff0359f11dfe280f06d9ebaf0
      Size/MD5:   226268 8916980ee9d4ef41b77a89ca56f891d9
      Size/MD5:    88420 dca6aabe6e164cd90e2b35cffe934a14
      Size/MD5:   165904 e6e6f51d1c67732ed9dbc7fad4669ef0

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   149268 6a92b75179eea1972b082892bd8750de
      Size/MD5:   543862 be125ef3611c0aa2f2e5ed0f8c36a250
      Size/MD5:   208864 9f9c4e3b1ec44ccda77a00e674f200be
      Size/MD5:    86794 1e6fceb45f5732053ab06be561b089b3
      Size/MD5:   160702 b5195d1a74c787b35a7517b0c53ba63b

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:   168042 5672e4c18795bbedbe025d80cee170c0
      Size/MD5:     1008 22075bd89d5030cd40e3eddf56b51958
      Size/MD5:   920186 239fc801443acaffd4c1f111948ee69c

  Architecture independent packages:
      Size/MD5:     1100 61ffbef59843a549f742da88c456e309

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   171956 12d9cc34858461aec2af702a80455e84
      Size/MD5:   662860 c94742bbd1fc245961c1457c28d4a620
      Size/MD5:   240798 c5710561e171555dc9d51407b91f67c8
      Size/MD5:   100026 88915b91b746ae83ae6446fad2097159
      Size/MD5:   183810 bebfe8b9c8c214943ea34f57b4be0e73

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   155430 ba07c6d05c5b2fcfab23525ab1d2a9e2
      Size/MD5:   612374 cec1d2eb7071bd77af0f97bdd1e87127
      Size/MD5:   217444 ac4a4ea32498fcfb85555ef7eed06f47
      Size/MD5:    99750 c393d03129303dacabe615941a236d70
      Size/MD5:   162594 c0bfed177f9ada9861e499ebb763d79d

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   169730 224851fea13b7c3710fc8995772f0a45
      Size/MD5:   651210 181d78aa90afc797f6e6a513c4e9d2b5
      Size/MD5:   232302 16847acac5b087337bb02cf4d4fd57ef
      Size/MD5:   101312 c95917858fdc4fe937e6ab63e17973c3
      Size/MD5:   172480 7228dc84886c03652e50a2b84745224b

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   160058 0d9ad412a2e50a4f62c950c111419887
      Size/MD5:   599452 ee374a2e26423cc41422b4cea24ebb75
      Size/MD5:   214388 7e470015f5705e7c866692c08364dfa4
      Size/MD5:    99704 7eca83add879793d979af67d9a287425
      Size/MD5:   166838 6115b3e0baa6e32b851cbfe8f21b99af

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:   265384 fed3e4874f40b6475edd015b654693ca
      Size/MD5:     1074 cd1a6520c1dca6eb6f9479d3c6c81cea
      Size/MD5:   920186 239fc801443acaffd4c1f111948ee69c

  Architecture independent packages:
      Size/MD5:     1084 c66f25a64619593a467260c38d3113d9
      Size/MD5:    93068 221e4a1b96fc9a5be476f6095c65b35c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   172486 111d3628f5c3a7d9b7e1bb04438a4093
      Size/MD5:   691282 7094027a354d92154f4193f67fe88201
      Size/MD5:   184488 5beea05c07e0a614dbcbb8ea663853bb
      Size/MD5:   254096 2f8686e2da6b7a55864f809a46c1be02
      Size/MD5:   101438 bf59a63f2fb039d23582db8907b5978f

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   155802 9e64db938cc7eb701ae541b90c1f76ce
      Size/MD5:   654874 770a9632542f4456ce57db9ccefef8dc
      Size/MD5:   162994 907b641a56f0330eba2099ce3a8fc543
      Size/MD5:   236022 e9ae72242b33aef00ea801dd7e8f447b
      Size/MD5:   101150 613d2dd5213af02a3bc081234422e795

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   177386 b58f7bc4b63e86c2347c7f69a247d2b2
      Size/MD5:   712516 47a0be3beb6f0aaa616d4cee568c3a72
      Size/MD5:   180834 447c4a8e80fd7255c2d0c9448fd19d6b
      Size/MD5:   257010 c1c5731be72a82f93b7ed3215e432d0f
      Size/MD5:   103906 3133a245c90ab9edc08c425d2d4b4a5e

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   163268 1bbf94e36877e3a36624746c3f895858
      Size/MD5:   702316 30a773daf182c4d156922fa3e61a0826
      Size/MD5:   170356 c8647ecc728d77aaadc29395396e93db
      Size/MD5:   261142 b1f4e31c6f0882f2973f7e81c47a0385
      Size/MD5:   101390 a91dc46eb0726f06133717df9d054e80

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:   188249 4a5cfad0640d13b665ecdf7fc2685ee3
      Size/MD5:     1169 47fc3f0e3cfc6e5ae9f11948fd287165
      Size/MD5:   946439 cee58cd226138191561fa2d484e18f49

  Architecture independent packages:
      Size/MD5:     1094 7ebb9c93e0ce5e2abd99e53df6447741
      Size/MD5:    80244 de8bc5959a6a5962d3c9d646bba5c7bb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   175878 b11a5712beef7547615dcba520d2e323
      Size/MD5:   696454 a3d8d59c019a494cc821fb1169940674
      Size/MD5:   191976 cef956003caa9ae201e49b687afabd75
      Size/MD5:   266714 2fa98d4f7910ed6eb6e5c01c3d9fdc67
      Size/MD5:    88382 ec70425a10aa35781175b19422c06ec5

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   158194 0cfdf097b212a881220b920273f6c37a
      Size/MD5:   656828 bf563187fbbd6eb6bd08467f522a4749
      Size/MD5:   169028 d44cd4a31b1a8e879e2a44220847a246
      Size/MD5:   247578 e91b2014ac012f6276746390ee68b584
      Size/MD5:    88032 95ad2c683cf079ebf1e2207bef66a876

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   180234 5e3cd63862b4659de83de44299d1e153
      Size/MD5:   717230 14e30fed3d0dade9bd851df3b125cf0e
      Size/MD5:   187310 f23b8a5fa0b602f21ec230c8ebc442a7
      Size/MD5:   269624 3d2cd008a087d3deecb7d65e54517f01
      Size/MD5:    90756 43aa8a4cd34884f24e5c412d581e87cb

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   166152 4bb1de1ee32945c51f492e95aa47b350
      Size/MD5:   707646 a97dd22b1a8181239b4483689f876430
      Size/MD5:   176762 0eff3109cf41ece689470902599e8e4a
      Size/MD5:   274528 978fecd7269599ea851d972ef3b3d6a6
      Size/MD5:    88352 b60a65f9604f90c7618ebd1a565ae5e2

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.