openSUSE Security Announce
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
December 2001
- 2 participants
- 3 discussions
SuSE Security Announcement: glibc/shlibs, in.ftpd (SuSE-SA:2001:046)
by Roman Drahtmueller 24 Dec '01
by Roman Drahtmueller 24 Dec '01
24 Dec '01
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: glibc/shlibs, in.ftpd
Announcement-ID: SuSE-SA:2001:046
Date: Monday, Dec 24th 2001 19:00 MET
Affected SuSE versions: (6.3), 6.4, 7.0, 7.1, 7.2, 7.3
Vulnerability Type: remote privilege escalation
Severity (1-10): 8
SuSE default package: yes
Other affected systems: Most Linux systems
Content of this advisory:
1) security vulnerability resolved: glibc/shlibs
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
This security announcement obsoletes SuSE-SA:2001:001 about glibc (shlibs).
The file globbing (matching filenames against patterns such as "*.bak")
routines in the glibc exhibits an error that results in a heap corruption
and that may allow a remote attacker to execute arbitrary commands from
processes that take globbing strings from user input.
Tom Parker, Global InterSec LLC, addressed SuSE Security and illustrated
an attack scenario against the BSD-derived ftp daemon that is installed
as /usr/sbin/in.ftpd in SuSE Linux distributions. The said in.ftpd should
not be confused with the Washington University ftp daemon (wu-ftpd) that
comes installed as /usr/sbin/wu.ftpd in SuSE Linux and uses its own
globbing functions.
Since the attack against in.ftpd is based on a heap corruption in glibc,
the proper solution for the error is to exchange the responsible code in
the glibc globbing functions. It should be expected that other network
service daemons that accept user-supplied globbing strings such as rsyncd
can be exploited with this glibc globbing error. There is no satisfactory
workaround against the problem other than updating the glibc libraries
with a fixed version. We provide update packages for this purpose.
Users of the SuSE Linux 6.3 distribution should upgrade their systems
to a newer product since security update support for SuSE Linux 6.3
has been discontinued two years after the release.
Notes, Special installation instructions:
* If you use YOU (Yast2 Online Update), the necessary update packages
will be selected automatically. Please consider reading the
PRECAUTIONS and the AFTERCARE paragraph below. A standalone desktop
installation should not face any problems with the update as long
as the system is not loaded during the update process.
* The glibc package consists of one source RPM package and multiple
binary RPM (sub-) packages. In order to resolve the errors in the
globbing functions, the source RPM package as well as the
documentation subpackages do not need to be installed. In fact,
you only need to install the updates for packages that you have
installed already on your system.
The different subpackages contain:
++ shared libraries
+ static libraries and header files
+ profiling and debugging versions of glibc
- timezone description files (package timezone)
- internationalization files (i18n)
- two documentation packages
The packages marked with "+" are necessary to update if they are
installed on your system. The source RPM does not need to be installed
unless you want to compile your own glibc binaries.
* The names of both the source RPM as well as the binary RPM (sub-)
packages have changed between different SuSE Linux distributions.
Overview:
dist | source-RPM | shared libs | static libs,header| profiling
-----------------------------------------------------------------------
6.4,7.0 libc shlibs libc libd
7.1,7.2,7.3 glibc glibc glibc-devel glibc-profile
Find out which of the four packages are installed on your system
according to the package names in the table. Use the command
rpm -q name_of_package
to query the package database for each name.
If you have your package list, download the packages that you need
from the URLs as listed below. Verify their integrity and authenticity
following the guidelines as described in section 3) of this security
announcement.
* PRECAUTIONS
The shared libraries package of the glibc is the most sensitive
part of a running Linux system, and modifications to it should be
handled with special care. During the update of the shlibs/glibc
package, runtime-linking the shared libraries is likely to fail for
processes that execute a new binary with the execve(2) system call.
Therefore, we recommend to bring a system to single user mode
("init S") to perform the package update. If this is not applicable
for operational reasons, a system receiving the update should be kept
as quiet as possible (no shell scripts of any kind, no cron jobs, no
incoming email).
* Update the shared libraries package first using the command
rpm -Uhv <name-of-package.rpm>
The execution of this command must not be interrupted!
Then use the same command ("rpm -Uhv ...") to update the other
packages. The update of these packages is not critical.
* AFTERCARE
After performing the update, you should run the following command
on your system:
/sbin/ldconfig
ldconfig will rebuild the runtime linker cache. If you use YOU
(Yast2 Online Update), the ldconfig command will be executed
automatically at the end of the update.
The shared libraries that were installed on the system before the
update have been removed from the filesystem, but they are still
in use by the running applications. Therefore, the diskspace as well
as the memory will not be freed until the last process that uses
these files exits. We recommend to reboot the system to workaround
this problem.
i386 Intel Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/i386/update/7.3/a1/glibc-2.2.4-64.i386.rpm
ab4f2c0a14df2fc904a77e3093ab64c1
ftp://ftp.suse.com/pub/suse/i386/update/7.3/d1/glibc-devel-2.2.4-64.i386.rpm
30fecdf4a05cdbb563f89544d83d3832
ftp://ftp.suse.com/pub/suse/i386/update/7.3/d2/glibc-profile-2.2.4-64.i386.…
170136831b255f9fb4f7626bb0db118c
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/glibc-2.2.4-64.src.rpm
0e9042c4513fdab17574fcfa00d85a49
SuSE-7.2
ftp://ftp.suse.com/pub/suse/i386/update/7.2/a1/glibc-2.2.2-60.i386.rpm
7f6986a143c394217e8c25d7a337213b
ftp://ftp.suse.com/pub/suse/i386/update/7.2/d1/glibc-devel-2.2.2-60.i386.rpm
ec20c83a27d82909bf244260ce7a5918
ftp://ftp.suse.com/pub/suse/i386/update/7.2/d2/glibc-profile-2.2.2-60.i386.…
39663b28aa3460b3496543f1fc38bbb8
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/glibc-2.2.2-60.src.rpm
cdb94c3f69df860a331fcd767464d958
SuSE-7.1
ftp://ftp.suse.com/pub/suse/i386/update/7.1/a1/glibc-2.2-17.i386.rpm
bfe1b48b0f74b8ebe4887de7f433581d
ftp://ftp.suse.com/pub/suse/i386/update/7.1/d1/glibc-devel-2.2-17.i386.rpm
84e3b7aef3d13dda8e938a2d0be2a6a8
ftp://ftp.suse.com/pub/suse/i386/update/7.1/d2/glibc-profile-2.2-17.i386.rpm
b4260429e50687c3ec45c330f565aa3d
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/glibc-2.2-17.src.rpm
8060cd3ce8a70f2e7fbd646586e1ea55
SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/a1/shlibs-2.1.3-202.i386.rpm
c5e373b55d91ce4611548cace59015f1
ftp://ftp.suse.com/pub/suse/i386/update/7.0/d1/libc-2.1.3-202.i386.rpm
94e0ef7bcb2b1d12e35b2ecf4106e2a3
ftp://ftp.suse.com/pub/suse/i386/update/7.0/d2/libd-2.1.3-202.i386.rpm
27b725ec3b2f47609222dabe34798d6e
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/libc-2.1.3-202.src.rpm
be466007d22952ae08809e4a13cf7f74
SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/a1/shlibs-2.1.3-204.i386.rpm
9539d8a62365de6007fc6644ad41cfa6
ftp://ftp.suse.com/pub/suse/i386/update/6.4/d1/libc-2.1.3-204.i386.rpm
526f3261e684ecc94f7a3e5447cb47fa
ftp://ftp.suse.com/pub/suse/i386/update/6.4/d2/libd-2.1.3-204.i386.rpm
ac0d6067cff50b0b63ca3905a1c5728f
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/libc-2.1.3-204.src.rpm
0a0332bac56a42898b6e38caeaf8898b
Sparc Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/a1/glibc-2.2.4-34.sparc.rpm
ec7a28d3ecd776b855f658bfb5c5c906
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/d1/glibc-devel-2.2.4-34.sparc.…
c1b948813f902d357733bc05a844c991
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/d2/glibc-profile-2.2.4-34.spar…
5c97f462e33a4d95ba740b82f57dde0c
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/glibc-2.2.4-34.src.rpm
1346299f187ceeaef241dbf45ff49f51
SuSE-7.1
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/a1/glibc-2.2-18.sparc.rpm
7562d1fce096b8b28205f1d35d7c127a
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/d1/glibc-devel-2.2-18.sparc.rpm
49930f964d3e0269a1cd8d94c1989bc0
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/d2/glibc-profile-2.2-18.sparc.…
0f5e8c3b667e0809213b3f54f1e50b13
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/glibc-2.2-18.src.rpm
c836663dd27b4ff476a12b1a8c0c9f90
SuSE-7.0
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/a1/shlibs-2.1.3-160.sparc.rpm
f2af7ef92554c60bd5a872de208d8b6f
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/d1/libc-2.1.3-160.sparc.rpm
7bdb705c7ebd03f4adce09a6809892c2
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/d2/libd-2.1.3-160.sparc.rpm
2b3306cb460f478db3429e23f823b995
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/libc-2.1.3-160.src.rpm
a64566e9fd63300019cfeef8f29f4818
AXP Alpha Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/axp/update/7.1/a1/glibc-2.2-26.alpha.rpm
6c859b49dfd1bfcb6a3c641b684d043b
ftp://ftp.suse.com/pub/suse/axp/update/7.1/d1/glibc-devel-2.2-26.alpha.rpm
650adc9694f047966d66ced86a4242b6
ftp://ftp.suse.com/pub/suse/axp/update/7.1/d2/glibc-profile-2.2-26.alpha.rpm
c6b9e63c4cbfeb4319259ef69588d8ed
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/glibc-2.2-26.src.rpm
c793e9da8291e45b9323c4fa4e85de67
SuSE-7.0
ftp://ftp.suse.com/pub/suse/axp/update/7.0/a1/shlibs-2.1.3-203.alpha.rpm
28e5a26227efba257f0c5aa81ecff74f
ftp://ftp.suse.com/pub/suse/axp/update/7.0/d1/libc-2.1.3-203.alpha.rpm
64ccdf133939fca4f47082c5092b348f
ftp://ftp.suse.com/pub/suse/axp/update/7.0/d2/libd-2.1.3-203.alpha.rpm
471b1a63ebdfcc9df3cf71423ac51b78
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/libc-2.1.3-203.src.rpm
08e3ef5b96cdd2a647bfd4db7a2cb55f
SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/a1/shlibs-2.1.3-204.alpha.rpm
798f75dbfb95b6917f79ed26c48de2fe
ftp://ftp.suse.com/pub/suse/axp/update/6.4/d1/libc-2.1.3-204.alpha.rpm
0851f8afd4cf6316263128f406af1df3
ftp://ftp.suse.com/pub/suse/axp/update/6.4/d2/libd-2.1.3-204.alpha.rpm
95b0e06e0328d3a4422b9139c5955cc5
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/libc-2.1.3-204.src.rpm
d52cf0e58f6f8f9ef0749b2c0fca534a
PPC Power PC Platform:
SuSE-7.3
The update packages are delayed and are currently being built. They
will be available shortly at the same locations as the 7.1 packages,
with the 7.3 path segment, respectively.
SuSE-7.1
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/a1/glibc-2.2-25.ppc.rpm
298ad3b4eaf87f3656e096d5eb4f4a4d
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/d1/glibc-devel-2.2-25.ppc.rpm
6f31f5f7b055485f65e7c81ebf8f9d64
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/d2/glibc-profile-2.2-25.ppc.rpm
26d70564073e77a610562acf5ae27f1f
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/glibc-2.2-25.src.rpm
b76a1624d9be6dbb63ceb8803a5ed07f
SuSE-7.0
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/a1/shlibs-2.1.3-198.ppc.rpm
472cb2d66abdfb2a523ba57e15613f04
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/d1/libc-2.1.3-198.ppc.rpm
37e62fe7376e6f66defc6897abcae74d
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/d2/libd-2.1.3-198.ppc.rpm
6e8b150fddc5ea7ab8799b021cb20311
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/libc-2.1.3-198.src.rpm
b7b73eeb4c091302fff48284f6894d9b
SuSE-6.4
The update packages are delayed and are currently being built. They
will be available shortly at the same locations as the 7.0 packages,
with the 6.4 path segment, respectively.
______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- /bin/login vulnerabilities
A buffer overflow vulnerability has been reported for System V derived
implementations of the login program while it copies environment variables
from the login prompt to the user's future environment. SuSE Linux
distributions are unaffected by this problem. The login programs in
SuSE Linux distributions before and including SuSE Linux 6.1 contain
the environment copying feature. Versions shipped after (and including)
SuSE Linux 6.2 use PAM (Pluggable Authentication Module) routines for
logini- and password prompting. The PAM routines do not support
environment passing.
______________________________________________________________________________
3) standard appendix: authenticity verification, additional information
- Package authenticity verification:
SuSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.
1) execute the command
md5sum <name-of-the-file.rpm>
after you downloaded the file from a SuSE ftp server or its mirrors.
Then, compare the resulting md5sum with the one that is listed in the
announcement. Since the announcement containing the checksums is
cryptographically signed (usually using the key security(a)suse.de)
the checksums show proof of the authenticity of the package.
We disrecommend to subscribe to security lists which cause the
email message containing the announcement to be modified so that
the signature does not match after transport through the mailing
list software.
Downsides: You must be able to verify the authenticity of the
announcement in the first place. If RPM packages are being rebuilt
and a new version of a package is published on the ftp server, all
md5 sums for the files are useless.
2) rpm package signatures provide an easy way to verify the authenticity
of an rpm package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, where <file.rpm> is the
filename of the rpm package that you have downloaded. Of course,
package authenticity verification can only target an uninstalled rpm
package file.
Prerequisites:
a) gpg is installed
b) The package is signed using a certain key. The public part of this
key must be installed by the gpg program in the directory
~/.gnupg/ under the user's home directory who performs the
signature verification (usually root). You can import the key
that is used by SuSE in rpm packages for SuSE Linux by saving
this announcement to a file ("announcement.txt") and
running the command (do "su -" to be root):
gpg --batch; gpg < announcement.txt | gpg --import
SuSE Linux distributions version 7.1 and thereafter install the
key "build(a)suse.de" upon installation or upgrade, provided that
the package gpg is installed. The file containing the public key
is placed at the toplevel directory of the first CD (pubring.gpg)
and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .
- SuSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- general/linux/SuSE security discussion.
All SuSE security announcements are sent to this list.
To subscribe, send an email to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SuSE's announce-only mailing list.
Only SuSE's security annoucements are sent to this list.
To subscribe, send an email to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (faq)
send mail to:
<suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com> respectively.
=====================================================================
SuSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular,
it is desired that the cleartext signature shows proof of the
authenticity of the text.
SuSE GmbH makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CpkBogQ57vSBEQQAk/GN+ftr7+DBlSoixDDpfRnUk+jApGEt8hCnrnjV
nPs/9Cr33+CXLQbILOO7Y5oiPbJdHh45t4E0fKyLVzDerCRFB1swz/mNDxT26DLy
sdBV5fwNHTPhxa67goAZVrehQPqJEckkIpYriOaYcKpF3n5fQIZMEfMaHEElQhcX
ML8AoJVXDkJYh7vI8EUB8ZURNLZMEECNA/sH0MCnb4Q6ZcRyeZ3+1PHP8hP73b6T
epRdLZhaylwVF/iu7uIn62ZUL4//NTOCDY7V63qg4iba/fUbOsWtEnGaiE7mQuAl
sSWvRspwRA9/g9rdVf3/JdLJrLmKBTheyG+PSJE3W7cAE4ZWafGxIRCwXhmj3TQn
Jn2euqylHRubEQP/aL53NZK0kBdvrKgff6O8Of6tqoss8Dkk55I7QVFSp+My1Dn+
mngQKFejTAgtyo/WmR3wPjQ9HoT2lRiYI2lTRYT4uMdHuwVC3b4DqAKmoy375FER
wHkrMVyKBJslv8QtbAWw5A1CAUseaHo+91wmYJ4/4p6YUahqbG/tZyhbxfq0KFN1
U0UgUGFja2FnZSBTaWduaW5nIEtleSA8YnVpbGRAc3VzZS5kZT6IXAQTEQIAHAUC
Oe70gQUJA8JnAAQLCgMEAxUDAgMWAgECF4AACgkQqE7a6JyACspfLACffAYA+NM8
NBhyRyH+nTX58CNjwLIAoIx9fj52BJe0xY7WbKoXs1+72b2AiEYEEBECAAYFAjpw
XlIACgkQnkDjEAAKq6TczgCgi+ddhWb7+FWcfeE6WwPZccqAHowAnjjtRyGwHLQH
r5OTFAYTXi2Wv6jNiQEVAwUQOnBgb3ey5gA9JdPZAQE1pwf/QJ+b34lFBNVUJ7fk
/xGJJREt7V12iSafaRzGuH8xWvIz1bb+VARxnnt16FDQ1cDNjoEhCEmcW83Vxp6i
JXE9PE8wVA/Yue/bon5JS7J69+UiQ2eq2pudfwljp52lYVM53jgPYEz0q/v3091n
lZ8CYkAkN9JDS1lV1gEzJ7J0+POngDpU+lDQT2EC6VKaxeWK8pNt6UFDwICRDQxK
nlOoiDvTrdWT7QdJZ4sPv8Qotdw9+tKNbWQ2DqdIRxyTdw9xDfAtcj6mXeQr7852
Lwem1gSKVnEYHZ9g1FTJqVOutY8KhpUc9RfOCRv8XuIxrs4KSbfSF0s8qIRCQelx
ufg9AbkCDQQ57vSSEAgAhJHQTejMX+Vr6g1pHDEcusJ63fQ2CfFFE5iE9okH9O7U
VCiSfb9CV38dmeHdPCEEjDUWquFYEnvj3WICMtH249t1Ymuf4Du3yRKQ9oXdn/qT
Jzlrx9qzjiG3mH7ocwHOgUIwCrZoEdBEVE2n0zPVm+hddwjWWTWXw6pxQz+i9dsN
89xexRV5M9O0bNwCLaNWX2GXeLAkqTK/9EuZy6x2yLxi6du9YYUAXkZpqBhCjtiU
XpRoFCdglMznbcAyCk9C2wqb2j/D1Z2BeSBaGCSFkR6pRLebnE17LWcu72Iy+r0z
+JecbPiyDpDZj4apn7IC81aNFGi7fNITsHODbwwjiwADBgf/YPvVdzkc8OC7ztac
EWCanwylKvxCdKzTDA+DfES6WUYShyiVJvZzRy25LJ5WcK20kzOS6Qv1OrIXiz/p
dGy1aKtJZrAnFEsofpmOj8VoqyyFgp/yAGQBp12+mXek7SCZRhuqalDfEMRiWEJ6
J5dLkyShyRDWyPbFh0HXE7QTHN+IKKxxQqNQXL6Z3NSxS61p+5n6BseiDUI39xxk
KTFwFrkgUIc5Gs2Or2lhaWvGwSfoCmwbsklszZt6xbU+R0SjFqTvjPWx6eHfqbmN
C9WMDdTjGrXDDKXFp2aYlokfN6It9vsbVlGNlOwHt/JjGoPMxW6Xqj0FLA7/Vewg
CdXW64hMBBgRAgAMBQI57vSSBQkDwmcAAAoJEKhO2uicgArKSyIAmwUHf/vtKQfc
mVg4asR7U6XQl0bAAJ4pO22B5U8UH6IYl2LBCXFqw5+5fA==
=rVRn
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBPCdtWney5gA9JdPZAQHTNgf/cKuT1LoGBawaDsfqAgOwQQt66lbnqBiT
szjaM1RERYQ+rnalsKtIL94+0BmKYiP0adqKgaNgX1+lwEad/yXdzfIZNOXckiwk
K22nklylKOQgKNKHKsPhee9wu4EVH8Ddv5VFjvfUDB4FaAlTzmOQILGaWnJ4e2hW
syPE3L0qNgG9QnXO+x0oYEjhR6A6mZquHjou5Re5OnF1vhppYelcMw4X4MEhv8S/
UtpLcuzJpP+UCoU4nkFbBtZ5Lc2ykBXQTWTpseqLQHD5YUnPZ9AwYF/DnmIsXTLb
nm3heI07RHU7QQeVDzurGO1CRb/g+AsK4J0X7uL1SzTQ/kLpX1URIQ==
=3QO9
-----END PGP SIGNATURE-----
1
0
SuSE Security Announcement: openssh (SuSE-SA:2001:045) (re-released SuSE-SA:2001:044)
by Roman Drahtmueller 06 Dec '01
by Roman Drahtmueller 06 Dec '01
06 Dec '01
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: openssh
Announcement-ID: SuSE-SA:2001:045
Date: Thursday, Dec 6th 2001 21:30 MET
Affected SuSE versions: 6.4, 7.0, 7.1, 7.2, 7.3
Vulnerability Type: local privilege escalation
Severity (1-10): 5
SuSE default package: yes
Other affected systems: systems running openssh
Content of this advisory:
1) security vulnerability resolved: openssh
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)
______________________________________________________________________________
1) Re-release of SuSE Security Announcement SuSE-SA:2001:044, brief history,
Clarification, new problem fixed, upgrade information.
This is a re-release of the SuSE Security Announcement SuSE-SA:2001:044,
adding another bugfix for the openssh package as well as more detailed
information about the vulnerabilities to prevent misunderstandings.
The currently supported SuSE distributions 6.4 and newer come with two
implementations of the secure shell protocol: The package names are
"ssh" and "openssh".
Brief history:
In 1998, a vulnerability of the secure shell protocol in version 1 has
been discovered and named "crc32 compensation attack". The vulnerability
allows an attacker to insert arbitrary sequences into the ssh-1 protocol
layer. At that time, an added patch fixed the problem in the ssh
implementation (visible in the client-side verbose output of the ssh
command (-v): "Installing crc compensation attack detector.").
In early 2001, Michal Zalewski discovered that the widely used patch
was defective and opened another security hole which is being actively
exploited today. SuSE Security announcement SuSE-SA:2001:004, published
February 16th 2001, available at *[1], addresses this defective patch,
among other issues.
Clarification/Apology:
Our last openssh security announcement SuSE-SA:2001:044 (*[3]) may falsely
lead to assume that the openssh-2.9.9p2 update packages on our ftp
server fix the vulnerabilities known as crc32 compensation attack.
This is incorrect since the openssh-2.3.0 packages released with SuSE
Security announcement SuSE-SA:2000:047 in November 2000, available at
*[2], already fixed the mentioned (among other) problems. The release
of the openssh-2.9.9p2 update packages obsoletes the openssh-2.3.0 update
packages.
We explicitly regret the used wording and apologize to the openssh
development team, in particular Markus Friedl and Theo De Raadt, and
thank them for their excellent work on the project.
Scanning utilities that can be found on the internet connect to port 22
of a server and read the version string. It should be noted that the bare
knowlege of the secure shell protocol version string does not allow to
determine whether a running secure shell daemon is actually vulnerable
to the defective fix for the crc32 compensation attack.
SuSE security receive dozens of requests about statements if the daemons
in use are vulnerable or not. Please see reference *[1].
New problem fixed:
This re-release of SuSE Security Announcement SuSE-SA:2001:044 (please
see reference *[3] below) adds another patch to the openssh-2.9.9p2
packages: A bug allows a local attacker on the server to specify
environment variables that can influence the login process if the
"UseLogin" configuration option on the server side is set to "yes".
If exploited, the local attacker on the secure shell server can execute
arbitrary commands as root.
In the default configuration of the package, the UseLogin option is set
to "no", which means that the administrator of the server must have set
the option to "yes" manually before the bug can be exploited.
Users who upgraded their SuSE openssh package before December 6th 2001
should upgrade their package again. Use the command "rpm -q openssh"
to see which version/release of the package you have installed, and
compare this version with the one as listed below.
Upgrade information:
You can find out which implementation of the ssh protocol you are using
with the command "rpm -qf /usr/bin/ssh".
If you use the ssh-1.2.* package, please read Reference *[1].
If you use the openssh-* package, please download the rpm package for
your distribution from the URL list below, verify its integrity using
the methods as described in section 3) of this security announcement
and install the package using the command
rpm -Uhv file.rpm
where file.rpm is the filename of the package that you have downloaded.
References:
*[1]: http://www.suse.de/de/support/security/adv004_ssh.txt
*[2]: http://www.suse.de/de/support/security/2000_047_openssh_txt.txt
*[3]: http://www.suse.de/de/support/security/2001_044_openssh_txt.txt
SPECIAL INSTALL INSTRUCTIONS:
The sshd secure shell daemon on the server side has to be restarted for
the new package to become active. If you are logged on on the console,
the simple command "rcsshd restart" should do this for you.
If you are logged on via secure shell, you should make sure that you
do not terminate the connections that are established through the running
secure shell daemon/its children. In this case, kill the daemon after
package installation using the command
kill -TERM `cat /var/run/sshd.pid`
and then restart the daemon with the command
/usr/sbin/sshd
as root.
Then, verify that the login procedure works as before. One of the main
changes in the new openssh package is that the file
$HOME/.ssh/authorized_keys2 is only read by the server if the file
$HOME/.ssh/authorized_keys does not exist and if protocol version 2 is
being used. The file $HOME/.ssh/authorized_keys2 can be removed after
its contents have been added to $HOME/.ssh/authorized_keys.
The two configuration files /etc/ssh/sshd_config (server side) and
/etc/ssh/ssh_config (client side) contained in the openssh package
do not get overwritten upon installation or upgrade, if you have changed
them manually. Instead, the new configuration files are written with a
.rpmnew suffix. The defaults as provided in the SuSE package make an
effort to establish both convenience as well as security.
NOTE: Packages for SuSE Linux distributions 7.0 and older containing
cryptographic software are located on our German ftp server ftp.suse.de
for legal reasons. Packages for all other distributions (7.1 and newer)
can be found at their regular path at ftp.suse.com.
i386 Intel Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/i386/update/7.3/sec1/openssh-2.9.9p2-74.i386.rpm
f3d60cce6d62dbf79c36a849811c19d7
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/openssh-2.9.9p2-74.src.rpm
4246e40b1e5a7b4456f2bb4c05177126
SuSE-7.2
ftp://ftp.suse.com/pub/suse/i386/update/7.2/sec1/openssh-2.9.9p2-74.i386.rpm
3764a15b17b0823c6fa2e8e4aee5af69
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/openssh-2.9.9p2-74.src.rpm
e9cccadf767cb80e3c588266d6886153
SuSE-7.1
ftp://ftp.suse.com/pub/suse/i386/update/7.1/sec1/openssh-2.9.9p2-73.i386.rpm
4dbcdb2a544cadd36749baea890bc38e
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/openssh-2.9.9p2-73.src.rpm
04400597a1b9526bc78344e8e523fa40
SuSE-7.0
ftp://ftp.suse.de/pub/suse/i386/update/7.0/sec1/openssh-2.9.9p2-73.i386.rpm
29dcc882bf30cbe88c94b07bb84e7216
source rpm:
ftp://ftp.suse.de/pub/suse/i386/update/7.0/zq1/openssh-2.9.9p2-73.src.rpm
b852431e4711d7f45a8bd180532325b0
SuSE-6.4
ftp://ftp.suse.de/pub/suse/i386/update/6.4/sec1/openssh-2.9.9p2-73.i386.rpm
8cfe1e9d2dd964851acb42e1e13311b9
source rpm:
ftp://ftp.suse.de/pub/suse/i386/update/6.4/zq1/openssh-2.9.9p2-73.src.rpm
a3686e39258d03c99fc2ba3573325c2a
Sparc Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/sec1/openssh-2.9.9p2-24.sparc.…
32d3a1c735d2c27cb580fedeeed3a135
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/openssh-2.9.9p2-24.src.rpm
82540b2297b2d03d45118b3c23a72bf8
SuSE-7.1
The update packages for the SuSE Linux 7.1 Sparc distributions are not
available yet. The package can soon be found at
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/sec1/openssh.rpm
SuSE-7.0
ftp://ftp.suse.de/pub/suse/sparc/update/7.0/sec1/openssh-2.9.9p2-24.sparc.rpm
638891762f09e01b83e9c39c184ce9ea
source rpm:
ftp://ftp.suse.de/pub/suse/sparc/update/7.0/zq1/openssh-2.9.9p2-24.src.rpm
ad3520ad8907c585f84facb742fc03bf
AXP Alpha Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/axp/update/7.1/sec1/openssh-2.9.9p2-26.alpha.rpm
04e815054c9bc3a1b0a1ddda8c6e2d10
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/openssh-2.9.9p2-26.src.rpm
32c39e29517fc8269f252f7cc6f18bce
The update packages for the SuSE Linux AXP/Alpha distributions before
SuSE-7.1 are not available on our ftp server yet. These packages can be
found at the usual location in the update paths on ftp.suse.de.
PPC Power PC Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/sec1/openssh-2.9.9p2-49.ppc.rpm
4b056c828675898bf482e9ecb4f91a0b
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/openssh-2.9.9p2-49.src.rpm
e10ed49e7319c244caf324a64f16c738
SuSE-7.1
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/sec1/openssh-2.9.9p2-49.ppc.rpm
163126a80ff0167b34c041348ef5c3c4
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/openssh-2.9.9p2-49.src.rpm
948862c53dc62e921b03766c986a4de2
SuSE-7.0
ftp://ftp.suse.de/pub/suse/ppc/update/7.0/sec1/openssh-2.9.9p2-48.ppc.rpm
aff3785ac9670daa0e06445ad9b5a2b9
source rpm:
ftp://ftp.suse.de/pub/suse/ppc/update/7.0/zq1/openssh-2.9.9p2-48.src.rpm
ccfb132470cb61b52688fc12f1352b12
SuSE-6.4
ftp://ftp.suse.de/pub/suse/ppc/update/6.4/sec1/openssh-2.9.9p2-48.ppc.rpm
ae20b7379474735126636aed05f6eeee
source rpm:
ftp://ftp.suse.de/pub/suse/ppc/update/6.4/zq1/openssh-2.9.9p2-48.src.rpm
2351d7667c02a1ad33e21bd39196cf0a
______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- We are currently testing kernel update packages for the recently
found local security flaw in the ELF binary loader in the Linux
kernel of all v2.4 versions and expect to be able to announce these
update rpm packages soon with a re-release of our kernel security
announcement.
______________________________________________________________________________
3) standard appendix: authenticity verification, additional information
- Package authenticity verification:
SuSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.
1) execute the command
md5sum <name-of-the-file.rpm>
after you downloaded the file from a SuSE ftp server or its mirrors.
Then, compare the resulting md5sum with the one that is listed in the
announcement. Since the announcement containing the checksums is
cryptographically signed (usually using the key security(a)suse.de)
the checksums show proof of the authenticity of the package.
We disrecommend to subscribe to security lists which cause the
email message containing the announcement to be modified so that
the signature does not match after transport through the mailing
list software.
Downsides: You must be able to verify the authenticity of the
announcement in the first place. If RPM packages are being rebuilt
and a new version of a package is published on the ftp server, all
md5 sums for the files are useless.
2) rpm package signatures provide an easy way to verify the authenticity
of an rpm package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, where <file.rpm> is the
filename of the rpm package that you have downloaded. Of course,
package authenticity verification can only target an uninstalled rpm
package file.
Prerequisites:
a) gpg is installed
b) The package is signed using a certain key. The public part of this
key must be installed by the gpg program in the directory
~/.gnupg/ under the user's home directory who performs the
signature verification (usually root). You can import the key
that is used by SuSE in rpm packages for SuSE Linux by saving
this announcement to a file ("announcement.txt") and
running the command (do "su -" to be root):
gpg --batch; gpg < announcement.txt | gpg --import
SuSE Linux distributions version 7.1 and thereafter install the
key "build(a)suse.de" upon installation or upgrade, provided that
the package gpg is installed. The file containing the public key
is placed at the toplevel directory of the first CD (pubring.gpg)
and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .
- SuSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- general/linux/SuSE security discussion.
All SuSE security announcements are sent to this list.
To subscribe, send an email to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SuSE's announce-only mailing list.
Only SuSE's security annoucements are sent to this list.
To subscribe, send an email to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (faq)
send mail to:
<suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com> respectively.
=====================================================================
SuSE's security contact is <security(a)suse.com> or <security(a)suse.de>.
The <security(a)suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular,
it is desired that the cleartext signature shows proof of the
authenticity of the text.
SuSE GmbH makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CpkBogQ57vSBEQQAk/GN+ftr7+DBlSoixDDpfRnUk+jApGEt8hCnrnjV
nPs/9Cr33+CXLQbILOO7Y5oiPbJdHh45t4E0fKyLVzDerCRFB1swz/mNDxT26DLy
sdBV5fwNHTPhxa67goAZVrehQPqJEckkIpYriOaYcKpF3n5fQIZMEfMaHEElQhcX
ML8AoJVXDkJYh7vI8EUB8ZURNLZMEECNA/sH0MCnb4Q6ZcRyeZ3+1PHP8hP73b6T
epRdLZhaylwVF/iu7uIn62ZUL4//NTOCDY7V63qg4iba/fUbOsWtEnGaiE7mQuAl
sSWvRspwRA9/g9rdVf3/JdLJrLmKBTheyG+PSJE3W7cAE4ZWafGxIRCwXhmj3TQn
Jn2euqylHRubEQP/aL53NZK0kBdvrKgff6O8Of6tqoss8Dkk55I7QVFSp+My1Dn+
mngQKFejTAgtyo/WmR3wPjQ9HoT2lRiYI2lTRYT4uMdHuwVC3b4DqAKmoy375FER
wHkrMVyKBJslv8QtbAWw5A1CAUseaHo+91wmYJ4/4p6YUahqbG/tZyhbxfq0KFN1
U0UgUGFja2FnZSBTaWduaW5nIEtleSA8YnVpbGRAc3VzZS5kZT6IXAQTEQIAHAUC
Oe70gQUJA8JnAAQLCgMEAxUDAgMWAgECF4AACgkQqE7a6JyACspfLACffAYA+NM8
NBhyRyH+nTX58CNjwLIAoIx9fj52BJe0xY7WbKoXs1+72b2AiEYEEBECAAYFAjpw
XlIACgkQnkDjEAAKq6TczgCgi+ddhWb7+FWcfeE6WwPZccqAHowAnjjtRyGwHLQH
r5OTFAYTXi2Wv6jNiQEVAwUQOnBgb3ey5gA9JdPZAQE1pwf/QJ+b34lFBNVUJ7fk
/xGJJREt7V12iSafaRzGuH8xWvIz1bb+VARxnnt16FDQ1cDNjoEhCEmcW83Vxp6i
JXE9PE8wVA/Yue/bon5JS7J69+UiQ2eq2pudfwljp52lYVM53jgPYEz0q/v3091n
lZ8CYkAkN9JDS1lV1gEzJ7J0+POngDpU+lDQT2EC6VKaxeWK8pNt6UFDwICRDQxK
nlOoiDvTrdWT7QdJZ4sPv8Qotdw9+tKNbWQ2DqdIRxyTdw9xDfAtcj6mXeQr7852
Lwem1gSKVnEYHZ9g1FTJqVOutY8KhpUc9RfOCRv8XuIxrs4KSbfSF0s8qIRCQelx
ufg9AbkCDQQ57vSSEAgAhJHQTejMX+Vr6g1pHDEcusJ63fQ2CfFFE5iE9okH9O7U
VCiSfb9CV38dmeHdPCEEjDUWquFYEnvj3WICMtH249t1Ymuf4Du3yRKQ9oXdn/qT
Jzlrx9qzjiG3mH7ocwHOgUIwCrZoEdBEVE2n0zPVm+hddwjWWTWXw6pxQz+i9dsN
89xexRV5M9O0bNwCLaNWX2GXeLAkqTK/9EuZy6x2yLxi6du9YYUAXkZpqBhCjtiU
XpRoFCdglMznbcAyCk9C2wqb2j/D1Z2BeSBaGCSFkR6pRLebnE17LWcu72Iy+r0z
+JecbPiyDpDZj4apn7IC81aNFGi7fNITsHODbwwjiwADBgf/YPvVdzkc8OC7ztac
EWCanwylKvxCdKzTDA+DfES6WUYShyiVJvZzRy25LJ5WcK20kzOS6Qv1OrIXiz/p
dGy1aKtJZrAnFEsofpmOj8VoqyyFgp/yAGQBp12+mXek7SCZRhuqalDfEMRiWEJ6
J5dLkyShyRDWyPbFh0HXE7QTHN+IKKxxQqNQXL6Z3NSxS61p+5n6BseiDUI39xxk
KTFwFrkgUIc5Gs2Or2lhaWvGwSfoCmwbsklszZt6xbU+R0SjFqTvjPWx6eHfqbmN
C9WMDdTjGrXDDKXFp2aYlokfN6It9vsbVlGNlOwHt/JjGoPMxW6Xqj0FLA7/Vewg
CdXW64hMBBgRAgAMBQI57vSSBQkDwmcAAAoJEKhO2uicgArKSyIAmwUHf/vtKQfc
mVg4asR7U6XQl0bAAJ4pO22B5U8UH6IYl2LBCXFqw5+5fA==
=rVRn
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBPA/bG3ey5gA9JdPZAQHnwAf/UHDibA3CmfvsAtnzeQ3YaEf7tgOMtvz0
wr9gMZlU+L96Trhv9iAeUEenYc2KTe8ye4SvLHxKlQ3IotmFjhoehLzYM/tynhM8
0nCsnK7vuQNmJnbyE8shWvmAcAv4klJW1g/hV73EhjO/YJe4nx7H+cF3M1hzhGwv
d4t9Y8SjHBrvSt9nuq/yFsta4dKy5il30jPtd379O3TcjJP4cBC30o3wKt11f9ld
GYSURp31kQT13VJxw75GxCkv3b0PpxepT1HUQmqGCGx1xxGV/XYKCbwCnwjHi4zC
n52B6gHc0wilYdLrQdHb0uZwVn4fcxHirbdpwVyWTrBgPkLE3aHVhg==
=tcBY
-----END PGP SIGNATURE-----
1
0
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: openssh
Announcement-ID: SuSE-SA:2001:044
Date: Mon Dec 3 14:01:19 CET 2001
Affected SuSE versions: 6.4, 7.0, 7.1, 7.2, 7.3
Vulnerability Type: various bugs
Severity (1-10): 4
SuSE default package: yes
Other affected systems: All systems shipping OpenSSH <= 2.9.9
Content of this advisory:
1) security vulnerability resolved: Various problems in OpenSSH.
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
The OpenSSH daemon shipped with SuSE distributions contains various minor
bugs which allows bypassing of IP-access control in some circumstances or
the deletion of files named "cookies" if X11 forwarding is enabled.
It has also been verified that the recent remotely exploitable crc32 bug as
well as the logging-bug has been fixed in our latest ssh packages.
We strongly recommend to update to OpenSSH version 2.9.9p2. Please download
and update the packages as described in section 3. Then invoke
/etc/rc.d/sshd restart
to restart the OpenSSH daemon.
If you are logged on via sshd, then it is adviseable to perform the update
in an atjob to make sure that it can be completed if your secure shell
daemon gets killed:
rpm -Uhv openssh-*.rpm
echo "rcsshd restart" | at now
Please note that OpenSSH 2.9.9p2 is *not*
vulnerable to the crc32/deattack exploit. Some people made wrong statements
about that recently and claimed they have found exploits for this version
"in the wild" which exploits the crc32 hole against this version.
This is wrong and you can safely ignore these discussions.
If you installed the ssh-1.2.27 package instead of the openssh package no
updates should be necessary as long as you recognized the SuSE Security
Announcement SuSE-SA:2001:04 which recommends to update to the latest
ssh-1.2.27 packages.
Due to legal constraints, the packages for the 7.0 and older
distributions containing cryptographic code can be found on ftp.suse.de,
not ftp.suse.com. The distribution 7.1 and newer have all of their
update packages on ftp.suse.com.
i386 Intel Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/i386/update/7.3/sec1/openssh-2.9.9p2-38.i386.rpm
6ba603f1115b0125abf0b62f28ba6666
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/openssh-2.9.9p2-38.src.rpm
644d74829ecaa12c6a28cc9564bb0a1c
SuSE-7.2
ftp://ftp.suse.com/pub/suse/i386/update/7.2/sec1/openssh-2.9.9p2-25.i386.rpm
0b0406a63181bf23c683add3f6f9abc3
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/openssh-2.9.9p2-25.src.rpm
5914018a06e77f7477058afa8617ab10
SuSE-7.1
ftp://ftp.suse.com/pub/suse/i386/update/7.1/sec1/openssh-2.9.9p2-26.i386.rpm
0d69dce8f61317c84efde55f6cc95f10
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/openssh-2.9.9p2-26.src.rpm
3aeba61d45d243773db8d1b7eedf6924
SuSE-7.0
ftp://ftp.suse.de/pub/suse/i386/update/7.0/sec1/openssh-2.9.9p2-27.i386.rpm
2defc4cf8182b1e5eb4b204224007dd6
source rpm:
ftp://ftp.suse.de/pub/suse/i386/update/7.0/zq1/openssh-2.9.9p2-27.src.rpm
1999c7c42507c1c4d831daf170e88c6e
SuSE-6.4
ftp://ftp.suse.de/pub/suse/i386/update/6.4/sec1/openssh-2.9.9p2-27.i386.rpm
5fe6fdee55502e81b383b5b11047cee9
source rpm:
ftp://ftp.suse.de/pub/suse/i386/update/6.4/zq1/openssh-2.9.9p2-27.src.rpm
cfee6bebb8086dc2d861aeb5fff6dc17
Sparc Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/sec1/openssh-2.9.9p2-8.sparc.r…
8dcf46c82f11c35e8812d477caacd3b2
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/openssh-2.9.9p2-8.src.rpm
27ed16f77bcabd34919681fa07fcbd1c
SuSE-7.0
ftp://ftp.suse.de/pub/suse/sparc/update/7.0/sec1/openssh-2.9.9p2-8.sparc.rpm
a23db0e0516a935cfce8a199a48ce036
source rpm:
ftp://ftp.suse.de/pub/suse/sparc/update/7.0/zq1/openssh-2.9.9p2-8.src.rpm
e4c6c636fe7dd5e234d89dd28564611b
AXP Alpha Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/axp/update/7.1/sec1/openssh-2.9.9p2-5.alpha.rpm
b0e29b53f247c7a8ba6d17297867730e
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/openssh-2.9.9p2-5.src.rpm
73a832a3b10876d751203aca7fd37607
SuSE-7.0
ftp://ftp.suse.de/pub/suse/axp/update/7.0/sec1/openssh-2.9.9p2-6.alpha.rpm
5e07df7ce670e3918f0948495d74e23c
source rpm:
ftp://ftp.suse.de/pub/suse/axp/update/7.0/zq1/openssh-2.9.9p2-6.src.rpm
3a26418017f5af49ba707e51fa28d954
SuSE-6.4
ftp://ftp.suse.de/pub/suse/axp/update/6.4/sec1/openssh-2.9.9p2-6.alpha.rpm
c2e7364a00aef31a9d121302d316ce4f
source rpm:
ftp://ftp.suse.de/pub/suse/axp/update/6.4/zq1/openssh-2.9.9p2-6.src.rpm
d3a9299f748395912644c375e24302f7
Power PC Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/sec1/openssh-2.9.9p2-23.ppc.rpm
bdab314f57128accaa4855a8aedf23df
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/openssh-2.9.9p2-23.src.rpm
840bde44f9b372e637a7bdcf3b11a87e
SuSE-7.1
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/sec1/openssh-2.9.9p2-25.ppc.rpm
d3b5f2b85ce6cf9e30a0826127f5b6e4
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/openssh-2.9.9p2-25.src.rpm
888e553f06f96ddd7395ad4c241e0b69
SuSE-7.0
ftp://ftp.suse.de/pub/suse/ppc/update/7.0/sec1/openssh-2.9.9p2-18.ppc.rpm
34eee0c543d2cf266d084d7262475573
source rpm:
ftp://ftp.suse.de/pub/suse/ppc/update/7.0/zq1/openssh-2.9.9p2-18.src.rpm
c33d2e38303853e9363ee0beb9889b43
SuSE-6.4
ftp://ftp.suse.de/pub/suse/ppc/update/6.4/sec1/openssh-2.9.9p2-17.ppc.rpm
4d00f9e0a85631c3e2dd721ca0784f27
source rpm:
ftp://ftp.suse.de/pub/suse/ppc/update/6.4/zq1/openssh-2.9.9p2-17.src.rpm
685e7c8f85117384ea1205b683593b47
______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
No additional information in this announcement.
______________________________________________________________________________
3) standard appendix: authenticity verification, additional information
- Package authenticity verification:
SuSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.
1) execute the command
md5sum <name-of-the-file.rpm>
after you downloaded the file from a SuSE ftp server or its mirrors.
Then, compare the resulting md5sum with the one that is listed in the
announcement. Since the announcement containing the checksums is
cryptographically signed (usually using the key security(a)suse.de)
the checksums show proof of the authenticity of the package.
We disrecommend to subscribe to security lists which cause the
email message containing the announcement to be modified so that
the signature does not match after transport through the mailing
list software.
Downsides: You must be able to verify the authenticity of the
announcement in the first place. If RPM packages are being rebuilt
and a new version of a package is published on the ftp server, all
md5 sums for the files are useless.
2) rpm package signatures provide an easy way to verify the authenticity
of an rpm package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, where <file.rpm> is the
filename of the rpm package that you have downloaded. Of course,
package authenticity verification can only target an uninstalled rpm
package file.
Prerequisites:
a) gpg is installed
b) The package is signed using a certain key. The public part of this
key must be installed by the gpg program in the directory
~/.gnupg/ under the user's home directory who performs the
signature verification (usually root). You can import the key
that is used by SuSE in rpm packages for SuSE Linux by saving
this announcement to a file ("announcement.txt") and
running the command (do "su -" to be root):
gpg --batch; gpg < announcement.txt | gpg --import
SuSE Linux distributions version 7.1 and thereafter install the
key "build(a)suse.de" upon installation or upgrade, provided that
the package gpg is installed. The file containing the public key
is placed at the toplevel directory of the first CD (pubring.gpg)
and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .
- SuSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- general/linux/SuSE security discussion.
All SuSE security announcements are sent to this list.
To subscribe, send an email to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SuSE's announce-only mailing list.
Only SuSE's security annoucements are sent to this list.
To subscribe, send an email to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (faq)
send mail to:
<suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com> respectively.
===================================================
SuSE's security contact is <security(a)suse.com>.
The <security(a)suse.com> public key is listed below.
===================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular,
it is desired that the cleartext signature shows proof of the
authenticity of the text.
SuSE GmbH makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GZkBogQ57vSBEQQAk/GN+ftr
7+DBlSoixDDpfRnUk+jApGEt8hCnrnjVnPs/9Cr33+CXLQbILOO7Y5oiPbJdHh45
t4E0fKyLVzDerCRFB1swz/mNDxT26DLysdBV5fwNHTPhxa67goAZVrehQPqJEckk
IpYriOaYcKpF3n5fQIZMEfMaHEElQhcXML8AoJVXDkJYh7vI8EUB8ZURNLZMEECN
A/sH0MCnb4Q6ZcRyeZ3+1PHP8hP73b6TepRdLZhaylwVF/iu7uIn62ZUL4//NTOC
DY7V63qg4iba/fUbOsWtEnGaiE7mQuAlsSWvRspwRA9/g9rdVf3/JdLJrLmKBThe
yG+PSJE3W7cAE4ZWafGxIRCwXhmj3TQnJn2euqylHRubEQP/aL53NZK0kBdvrKgf
f6O8Of6tqoss8Dkk55I7QVFSp+My1Dn+mngQKFejTAgtyo/WmR3wPjQ9HoT2lRiY
I2lTRYT4uMdHuwVC3b4DqAKmoy375FERwHkrMVyKBJslv8QtbAWw5A1CAUseaHo+
91wmYJ4/4p6YUahqbG/tZyhbxfq0KFN1U0UgUGFja2FnZSBTaWduaW5nIEtleSA8
YnVpbGRAc3VzZS5kZT6IXAQTEQIAHAUCOe70gQUJA8JnAAQLCgMEAxUDAgMWAgEC
F4AACgkQqE7a6JyACspfLACffAYA+NM8NBhyRyH+nTX58CNjwLIAoIx9fj52BJe0
xY7WbKoXs1+72b2AiEYEEBECAAYFAjpwXlIACgkQnkDjEAAKq6TczgCgi+ddhWb7
+FWcfeE6WwPZccqAHowAnjjtRyGwHLQHr5OTFAYTXi2Wv6jNiQEVAwUQOnBgb3ey
5gA9JdPZAQE1pwf/QJ+b34lFBNVUJ7fk/xGJJREt7V12iSafaRzGuH8xWvIz1bb+
VARxnnt16FDQ1cDNjoEhCEmcW83Vxp6iJXE9PE8wVA/Yue/bon5JS7J69+UiQ2eq
2pudfwljp52lYVM53jgPYEz0q/v3091nlZ8CYkAkN9JDS1lV1gEzJ7J0+POngDpU
+lDQT2EC6VKaxeWK8pNt6UFDwICRDQxKnlOoiDvTrdWT7QdJZ4sPv8Qotdw9+tKN
bWQ2DqdIRxyTdw9xDfAtcj6mXeQr7852Lwem1gSKVnEYHZ9g1FTJqVOutY8KhpUc
9RfOCRv8XuIxrs4KSbfSF0s8qIRCQelxufg9AbkCDQQ57vSSEAgAhJHQTejMX+Vr
6g1pHDEcusJ63fQ2CfFFE5iE9okH9O7UVCiSfb9CV38dmeHdPCEEjDUWquFYEnvj
3WICMtH249t1Ymuf4Du3yRKQ9oXdn/qTJzlrx9qzjiG3mH7ocwHOgUIwCrZoEdBE
VE2n0zPVm+hddwjWWTWXw6pxQz+i9dsN89xexRV5M9O0bNwCLaNWX2GXeLAkqTK/
9EuZy6x2yLxi6du9YYUAXkZpqBhCjtiUXpRoFCdglMznbcAyCk9C2wqb2j/D1Z2B
eSBaGCSFkR6pRLebnE17LWcu72Iy+r0z+JecbPiyDpDZj4apn7IC81aNFGi7fNIT
sHODbwwjiwADBgf/YPvVdzkc8OC7ztacEWCanwylKvxCdKzTDA+DfES6WUYShyiV
JvZzRy25LJ5WcK20kzOS6Qv1OrIXiz/pdGy1aKtJZrAnFEsofpmOj8VoqyyFgp/y
AGQBp12+mXek7SCZRhuqalDfEMRiWEJ6J5dLkyShyRDWyPbFh0HXE7QTHN+IKKxx
QqNQXL6Z3NSxS61p+5n6BseiDUI39xxkKTFwFrkgUIc5Gs2Or2lhaWvGwSfoCmwb
sklszZt6xbU+R0SjFqTvjPWx6eHfqbmNC9WMDdTjGrXDDKXFp2aYlokfN6It9vsb
VlGNlOwHt/JjGoPMxW6Xqj0FLA7/VewgCdXW64hMBBgRAgAMBQI57vSSBQkDwmcA
AAoJEKhO2uicgArKSyIAmwUHf/vtKQfcmVg4asR7U6XQl0bAAJ4pO22B5U8UH6IY
l2LBCXFqw5+5fA==
=Jnnf
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBPAuIOXey5gA9JdPZAQGvqwf/VccDrlkw/x8n8HQ31D83Rj1P6BLP8SGO
feN3PDYK3og7ES9LhNxca1yJDnhAUQskCK5p32zMlEF2j1+2VTTn2MNq0yunoO86
s399Onk0+7x9O9WBXP5h7CPE4OfgPrlKlJm5BpQ3dT601TuetMT0JANJHX/xofGk
Zbd9IpAyKH8r71RYKQws9C9CAGUm2RlPTe4TEB3i+Z3e/rpG8gGKsTNtzqM4YOln
iMXu+EfFv1HQQAXIQzGz4M+FnCTf7zTsHWRN2yMBCAjC6RKG09F54/1+I0yvG2GN
ENVrmacVqiZ1gU+71aTVEWbsTJYRfScE44fkW3FgC2YqCUUqRiMAsA==
=tD4R
-----END PGP SIGNATURE-----
--
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer(a)suse.de - SuSE Security Team
~
1
0