[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] SCOSA-2005.53 UnixWare 7.1.3 UnixWare 7.1.4 : OpenSSH Multiple Vulnerabilities

To: security-announce@xxxxxxxxxxxx
Subject: [Full-disclosure] SCOSA-2005.53 UnixWare 7.1.3 UnixWare 7.1.4 : OpenSSH Multiple Vulnerabilities
From: security@xxxxxxx
Date: Mon, 12 Dec 2005 12:02:19 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

                        SCO Security Advisory

Subject:                UnixWare 7.1.3 UnixWare 7.1.4 : OpenSSH Multiple 
Vulnerabilities
Advisory number:        SCOSA-2005.53
Issue date:             2005 December 12
Cross reference:        erg712933 fz532978 sr894960
                        CVE-2005-2797 CVE-2005-2798
______________________________________________________________________________


1. Problem Description

        Two security issues have been reported in OpenSSH, which can be
        exploited by malicious users to gain escalated privileges or
        bypass certain security restrictions.

        An error in handling dynamic port forwardings when no listen
        address is specified, can cause "GatewayPorts" to be incorrectly
        activated.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CVE-2005-2797 to this issue.

        An error in handling GSSAPI credential delegation can allow a
        user, who did not login using GSSAPI authentication, to be
        delegated with GSSAPI credentials.

        Successful exploitation requires that
        "GSSAPIDelegateCredentials" is enabled.

        The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CVE-2005-2798 to this issue.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        UnixWare 7.1.3                  OpenSSH distribution
        UnixWare 7.1.4                  OpenSSH distribution


3. Solution

        The proper solution is to install the latest packages.


4. UnixWare 7.1.3

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53


    4.2 Verification

        MD5 (openssh-4.2p1.713.image) = 8ca915ee39d4eda9b899c3289e1a4141

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


    4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download openssh-4.2p1.713.image to the /var/spool/pkg directory.

        # pkgadd -d /var/spool/pkg/openssh-4.2p1.713.image

        Please note that UnixWare 7.1.3 Maintenance Pack 5 is required
        to be installed on the system for OpenSSH to work correctly.


5. UnixWare 7.1.4

        5.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53


    5.2 Verification

        MD5 (openssh-4.2p1.714.image) = b558b5eb19edab7419d5729d51a46b95

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


    5.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download openssh-4.2p1.714.image to the /var/spool/pkg directory.

        # pkgadd -d /var/spool/pkg/openssh-4.2p1.714.image

        Please note that UnixWare 7.1.4 Maintenance Pack 2 is required
        to be installed on the system for OpenSSH to work correctly.


6. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2797
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2798
                http://secunia.com/advisories/16686/
                
http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html

        SCO security resources:
                http://www.sco.com/support/security/index.html

        SCO security advisories via email
                http://www.sco.com/support/forums/security.html

        This security fix closes SCO incidents erg712933 fz532978
        sr894960.


7. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)

iD8DBQFDnZqHaqoBO7ipriERArdTAJ9rzqHZ3tiN7YkHOOkLOTDsTTpS3QCeJ5wh
5pUr5tBR6ignrNkYeXq1atg=
=nQ8q
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Re: McAfee VirusScan vs Metasploit Framework v2.x
Next by Date: Re[2]: [Full-disclosure] Phishers now abusing dynamic DNS services
Previous by thread: [Full-disclosure] [USN-222-2] Perl vulnerability
Next by thread: [Full-disclosure] SCOSA-2005.54 UnixWare 7.1.3 UnixWare 7.1.4 : uidadmin Buffer Overflow Vulnerability
Index(es):
- Date
- Thread