Debians sikkerhedsbulletin
DSA-1638-1 openssh -- lammelsesangreb
- Rapporteret den:
- 16. sep 2008
- Berørte pakker:
- openssh
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Debians fejlsporingssystem: Fejl 498678.
I Mitres CVE-ordbog: CVE-2006-5051, CVE-2008-4109. - Yderligere oplysninger:
-
Man har opdaget at signalhandleren, der implementerer login-timeout i Debians version af OpenSSH-serveren anvender funktioner, der ikke er async-signal-sikre, førende til en lammelsesangrebssårbarhed (denial of service) (CVE-2008-4109).
Problemet blev oprindelig rettet i OpenSSH 4.4p1 (CVE-2006-5051), men rettelsen tilbageført til versionen udgivet med etch var ukorrekt.
Systemer påvirket af dette problem lider af mange zombie-sshd-processer. Processer hængende med en "[net]"-procestitel er også observeret. Som tiden går kunne en tilstrækkelig stor mængde processer hobe sig op, således at yderligere loginforsøg var umulige. Tilstedeværelsen af disse processer indikerer ikke aktiv udnyttelse af sårbarheden. Det er muligt at udløse lammelsesangrebstilstanden ved et uheld.
I den stabile distribution (etch), er dette problem rettet i version 4.3p2-9etch3.
I den ustabile distribution (sid) og distributionen testing (lenny), er dette problem rettet i version 4.6p1-1.
Vi anbefaler at du opgraderer dine openssh-pakker.
- Rettet i:
-
Debian GNU/Linux 4.0 (etch)
- Kildekode:
- http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch3.diff.gz
- http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2.orig.tar.gz
- http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch3.dsc
- http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2.orig.tar.gz
- Arkitekturuafhængig komponent:
- http://security.debian.org/pool/updates/main/o/openssh/ssh-krb5_4.3p2-9etch3_all.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh_4.3p2-9etch3_all.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh_4.3p2-9etch3_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_alpha.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_alpha.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_alpha.udeb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_alpha.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_alpha.udeb
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_amd64.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_amd64.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_amd64.udeb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_amd64.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_amd64.udeb
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_arm.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_arm.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_arm.udeb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_arm.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_arm.udeb
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_arm.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_hppa.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_hppa.udeb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_hppa.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_hppa.udeb
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_hppa.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_hppa.udeb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_i386.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_i386.udeb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_i386.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_i386.udeb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_i386.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_i386.udeb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_ia64.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_ia64.udeb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_ia64.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_ia64.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_ia64.udeb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_ia64.udeb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_mips.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_mips.udeb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_mips.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_mips.udeb
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_mips.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_mips.udeb
- PowerPC:
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_powerpc.udeb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_powerpc.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_powerpc.udeb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_powerpc.deb
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_powerpc.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_s390.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_s390.udeb
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_s390.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_s390.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_s390.udeb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_s390.udeb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_sparc.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_sparc.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_sparc.udeb
- http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_sparc.deb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_sparc.udeb
- http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.