SCO Security Advisory - OpenServer 5.0.6 OpenServer 5.0.7 : OpenSSH Multiple Vulnerabilities: A vulnerability has been reported in the OpenSSH scp utilities. This issue may permit a malicious scp server to corrupt files on a client system when files are copied.
058aa07bb6432ba4bcf1b9be324153ec0020060332d2fe3e2985872f20bb2bec
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: OpenServer 5.0.6 OpenServer 5.0.7 : OpenSSH Multiple Vulnerabilities
Advisory number: SCOSA-2006.11
Issue date: 2006 March 15
Cross reference: fz529677 fz529833 fz532920 fz532977
CVE-2004-0175 CVE-2005-2666 CVE-2005-2797
______________________________________________________________________________
1. Problem Description
A vulnerability has been reported in the OpenSSH scp
utilities. This issue may permit a malicious scp server
to corrupt files on a client system when files are copied.
SSH, as implemented in OpenSSH before 4.0 and possibly other
implementations, stores hostnames, IP addresses, and keys in
plaintext in the known_hosts file, which makes it easier for
an attacker that has compromised an SSH user's account to
generate a list of additional targets that are more likely
to have the same password or key.
OpenSSH 4.0, and other versions before 4.2, does not properly
handle dynamic port forwarding ("-D" option) when a listen
address is not provided, which may cause OpenSSH to enable
the GatewayPorts functionality.
Only the first 8 characters of a password are significant
in OpenSSH on SCO OpenServer 5.
The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CVE-2004-0175,
CVE-2005-2666, and CVE-2005-2797 to these issues.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 5.0.6 OpenSSH utilities and libraries
OpenServer 5.0.7 OpenSSH utilities and libraries
3. Solution
The proper solution is to install the latest packages.
4. OpenServer 5.0.6
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/openserver5/opensrc/openssh-4.2p1/openssh42p1_vol.tar
4.2 Verification
MD5 (openssh42p1_vol.tar) = cb92de31f9a0b8dbd3dfd82b19bc1d57
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
See:
ftp://ftp.sco.com/pub/openserver5/opensrc/openssh-4.2p1/openssh-4.2p1.txt
5. OpenServer 5.0.7
5.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar
5.2 Verification
MD5 (osr507mp4_vol.tar) = 4c87d840ff5b43221258547d19030228
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.3 Installing Fixed Binaries
See the SCO OpenServer Release 5.0.7 Maintenance Pack 4 Release
and Installation Notes:
ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm
6. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2666
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2797
http://www.securityfocus.com/bid/9986
http://nms.csail.mit.edu/projects/ssh/
http://www.eweek.com/article2/0,1759,1815795,00.asp
http://secunia.com/advisories/16686
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents fz529677 fz529833 fz532920
fz532977.
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (UnixWare)
iD8DBQFEGE2eaqoBO7ipriERAth5AJ9dtCzhv+ySjWmLAnpyzKxxyFeqpgCeNjfn
I8/86fBWJWJYKMPkUMSNOXQ=
=xy6d
-----END PGP SIGNATURE-----