Subject: SECURITY: SSH
From: Dan Burcaw (dburcaw@terraplex.com)
Date: Tue Dec 14 1999 - 21:34:35 MST
Folks,
As reported by CERT and discussed on the BugTraq mailing list, SSH1 has a
security vulnerability when compiled withe RSAREF support. The RSAREF2
library has a buffer overrun that along with an additional buffer overrun
in the SSH1 sshd program allow for possible unauthorized execution of
arbitrary code.
You can tell if you are vulnerable by running: ssh -V
If you see something like:
SSH Version 1.2.27 [ppc-unknown-linux], protocol version 1.5.
Compiled with RSAREF.
Then you are vulnerable.
install-ssh, which shipped with Champion Server 1.0 and ships with 1.1
compiled --with-rsaref. If you did not modify the ssh.spec to *not*
compile --with-rsaref then you are vulnerable.
Terra Soft strongly advises that you upgrade from to OpenSSH 1.2pre17
(OpenSSH is a development of the OpenBSD project. It is essential a GPL'd
version of ssh that maintains compatibility with the SSH1 protocal)
To download OpenSSH 1.2pre7 see http://violet.ibs.com.au/openssh/
I'm still debating whether or not to update install-ssh to grab OpenSSH
instead. This is mainly because OpenSSH requires OpenSSL whichis one more
thing that we can not ship with YDL. Therefore, we'd either need an
install-openssl script or install-(open)ssh would need to take care of
that as well.
One thing is certain, future version of YDL will not ship with a script
that and help you obtain standard SSH. If we do ship with a newer
install-ssh it will download OpenSSH instead.
Regards,
Dan
Terra Soft Solutions, Inc.
Yellow Dog Linux
"The Ultimate Companion for a Dedicated Server"
http://www.yellowdoglinux.com/
This archive was generated by hypermail 2a24 : Sun Jan 02 2000 - 12:12:58 MST