Sikkerhedsoplysninger / 2001 / Sikkerhedsoplysninger -- DSA-027-1 OpenSSH

Debians sikkerhedsbulletin

DSA-027-1 OpenSSH -- fjern-angreb

Rapporteret den:

9. feb 2001

Berørte pakker:

ssh

Sårbar:

Ja

Referencer i sikkerhedsdatabaser:

I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 2344.
I Mitres CVE-ordbog: CVE-2001-0361.

Yderligere oplysninger:

1. Versioner af OpenSSH før 2.3.0 er sårbare overfor et fjernangreb hvor vilkårlig hukommelse bliver overskrevet, hvilket kan resultere i et root-angreb.
2. CORE-SDI har beskrevet problemet med hensyn til RSA-nøgleudveksling og et Bleichenbacher-angreb der opfanger sessionsnøglen fra en SSH-session.

Begge disse problemer er rettet i vores ssh-pakke 1.2.3-9.2. Vi anbefaler at du omgående opgraderer din openssh-pakke.

Rettet i:

Debian 2.2 (potato)

Kildekode:

http://security.debian.org/dists/stable/updates/main/source/openssh_1.2.3-9.2.diff.gz

http://security.debian.org/dists/stable/updates/main/source/openssh_1.2.3-9.2.dsc

http://security.debian.org/dists/stable/updates/main/source/openssh_1.2.3.orig.tar.gz

alpha:

http://security.debian.org/dists/stable/updates/main/binary-alpha/ssh-askpass-gnome_1.2.3-9.2_alpha.deb

http://security.debian.org/dists/stable/updates/main/binary-alpha/ssh_1.2.3-9.2_alpha.deb

arm:

http://security.debian.org/dists/stable/updates/main/binary-arm/ssh-askpass-gnome_1.2.3-9.2_arm.deb

http://security.debian.org/dists/stable/updates/main/binary-arm/ssh_1.2.3-9.2_arm.deb

i386:

http://security.debian.org/dists/stable/updates/main/binary-i386/ssh-askpass-gnome_1.2.3-9.2_i386.deb

http://security.debian.org/dists/stable/updates/main/binary-i386/ssh_1.2.3-9.2_i386.deb

m68k:

http://security.debian.org/dists/stable/updates/main/binary-m68k/ssh-askpass-gnome_1.2.3-9.2_m68k.deb

http://security.debian.org/dists/stable/updates/main/binary-m68k/ssh_1.2.3-9.2_m68k.deb

powerpc:

http://security.debian.org/dists/stable/updates/main/binary-powerpc/ssh-askpass-gnome_1.2.3-9.2_powerpc.deb

http://security.debian.org/dists/stable/updates/main/binary-powerpc/ssh_1.2.3-9.2_powerpc.deb

sparc:

http://security.debian.org/dists/stable/updates/main/binary-sparc/ssh-askpass-gnome_1.2.3-9.2_sparc.deb

http://security.debian.org/dists/stable/updates/main/binary-sparc/ssh_1.2.3-9.2_sparc.deb