Originally Published: Saturday, 10 June 2000 Author: Derrick H. Lewis
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

Conectiva Linux Security Announcement: Open SSH

Openssh's default installation doesn't have this problem. If the "UseLogin" option is used, then the ssh server won't drop its root privileges, instead relying on the login program to do so. But if the user specifies a command to be executed during the ssh session, the login program won't be used and the program will be run with full root privileges.

   Page 1 of 1  

------------------------------------------------------------------------------------------------------------------------------------------ CONECTIVA LINUX SECURITY ANNOUNCEMENT ------------------------------------------------------------------------------------------------------------------------------------------

PACKAGE: openssh SUMMARY : "UseLogin" option allows remote execution of commands as root DATE : 2000-06-10 AFFECTED CONECTIVA VERSIONS : 5.0

------------------------------------------------------------------------------------------------------------------------------------------

DESCRIPTION Openssh's default installation doesn't have this problem. If the "UseLogin" option is used, then the ssh server won't drop its root privileges, instead relying on the login program to do so. But if the user specifies a command to be executed during the ssh session, the login program won't be used and the program will be run with full root privileges.

SOLUTION Users with the "UseLogin" option set to "no" in /etc/ssh/sshd_config are not vulnerable. If, however, this option is needed, then openssh MUST be upgraded IMMEDIATELY. Updated packages for openssl are also provided to satisfy openssh's dependencies.

DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/openssh-2.1.1p1-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/openssh-askpass-2.1.1p1-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/openssh-askpass-gnome-2.1.1p1-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/openssh-clients-2.1.1p1-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/openssh-server-2.1.1p1-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/openssl-0.9.5a-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/openssl-devel-0.9.5a-1cl.i386.rpm

DIRECT LINK TO THE SOURCE PACKAGE ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/openssh-2.1.1p1-1cl.src.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/openssl-0.9.5a-1cl.src.rpm

--------------------------------------------------------------------------------------------------------------------------------------------

All packages are signed with Conectiva's PGP key. The key can be obtained at http://www.conectiva.com.br/conectiva/contato.html

--------------------------------------------------------------------------------------------------------------------------------------------





   Page 1 of 1