On Mon, 22 Apr 2002, Ben Rosenberg wrote:
* Martin Köhling (mk@lw1.cc-computer.de) [020422 07:46]: :: ::More interesting for me at the moment: is openssh-2.9.9p2, as supplied by ::SuSE on the update server, vulnerable?
No it's not vulnerable. SuSE tends to patch the same version numbered RPM as not to break deps. The 2.9.9 rpm is full patched and safe.
I *think* you're making a mistake here: this is (apparently) a *new* bug - SuSE didn't have time to fix anything yet!
As for 3.X being vulnerable..it's 3.0.2 and below..3.1 isn't.
Umm, no; this is from the openssh announcement list (I got it today): ~~~~~~~~~~~~cut~~~~~~~~~~~~~~~~~ From provos@citi.umich.edu Tue Apr 23 11:01:29 2002 Date: Sat, 20 Apr 2002 23:39:31 -0400 From: Niels Provos <provos@citi.umich.edu> Subject: [openssh-unix-announce] OpenSSH Security Advisory (adv.token) A buffer overflow exists in OpenSSH's sshd if sshd has been compiled with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled by default. 1. Systems affected: All Versions of OpenSSH compiled with AFS/Kerberos support and ticket/token passing enabled contain a buffer overflow. Ticket/Token passing is disabled by default and available only in protocol version 1. 2. Impact: Remote users may gain privileged access for OpenSSH < 2.9.9 Local users may gain privileged access for OpenSSH < 3.3 No privileged access is possible for OpenSSH with UsePrivsep enabled. 3. Solution: Apply the following patch and replace radix.c with http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/radix.c?rev=1.18 4. Credits: kurt@seifried.org for notifying the OpenSSH team. http://mantra.freeweb.hu/ ~~~~~~~~~~~~cut~~~~~~~~~~~~~~~~~ So I *think* the SuSE version might be safe - not because it's already patched, but because SuSE didn't compile in Kerberos support; in addition, according to the advisory, only protocol version 1 is affected - disabling this might be a good idea anyway. (No idea what "UsePrivSep" means - some new openssh 3.x feature?) Cheers Martin