[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: PROPOSAL: Cluster 27 - VERIFY-TOOL (7 candidates)



Try http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1; to wit
(see asterisked section):

6.1 What known security bugs exist in which versions of ssh?
All versions of ssh prior to 1.2.12.92 had a security flaw which allowed
local users to get access to the secret host key. This is fixed in 1.2.13
and later.

If you run ssh 1.2.13 on Alpha OSF 1.3 or SCO in C2 security mode, local
users can gain root access. This is fixed by applying
ftp://ftp.cs.hut.fi/pub/ssh/ssh-osf1-c2-setluid.patch or by upgrading to
1.2.14 or later.

*****
Versions of ssh prior to 1.2.17 had problems with authentication agent
handling on some machines. There is a chance (a race condition) that a
malicious user could steal another user's credentials. This should be fixed
in 1.2.17.
*****

The arcfour cipher is used in a way which makes it susceptible in version 1
of the ssh protocol. Therefore, its use has been disabled in 1.2.18 and
later.

---
Don't tell them that I told you. :-)
=====================================
Andre Frech
X-Force Security Research
afrech@iss.net

Internet Security Systems, Inc.
678.443.6241 / fax 678.443.6479
www.iss.net

Adaptive Network Security for the Enterprise
=====================================


> -----Original Message-----
> From: owner-cve-editorial-board-list@lists.mitre.org
> [mailto:owner-cve-editorial-board-list@lists.mitre.org]On Behalf Of Adam
> Shostack
> Sent: Wednesday, July 28, 1999 2:24 PM
> To: Steven M. Christey; cve-editorial-board-list@lists.mitre.org
> Subject: Re: PROPOSAL: Cluster 27 - VERIFY-TOOL (7 candidates)
>
>
> On Tue, Jul 27, 1999 at 09:35:04PM -0400, Steven M. Christey wrote:
>
> | Candidate: CAN-1999-0248
> | Published:
> | Final-Decision:
> | Interim-Decision:
> | Modified:
> | Announced: 19990728
> | Assigned: 19990607
> | Category: SF
> |
> | sshd 1.2.17 can be compromised through the SSH protocol.
> |
>
> | VOTE: modify http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html
> looks to me to be about the correct message that came from Tatu.
> There are comments in changelog: * Improved the security of
> auth_input_request_forwarding().
>
> I'm not in favor of moving this forward without additional detail, but
> thought I'd add a confirming URL and comment.  We have insufficient
> detail to accept it as a CVE.
>
> Adam
>

Page Last Updated or Reviewed: May 22, 2007