On Mon, 22 Apr 2002, Ben Rosenberg wrote:
* Martin Köhling (mk@lw1.cc-computer.de) [020422 07:46]:
::
::More interesting for me at the moment: is openssh-2.9.9p2, as supplied by
::SuSE on the update server, vulnerable?
No it's not vulnerable. SuSE tends to patch the same version numbered
RPM as not to break deps. The 2.9.9 rpm is full patched and safe.
I *think* you're making a mistake here: this is (apparently) a *new*
bug - SuSE didn't have time to fix anything yet!
As for 3.X being vulnerable..it's 3.0.2 and below..3.1 isn't.
Umm, no; this is from the openssh announcement list (I got it today):
~~~~~~~~~~~~cut~~~~~~~~~~~~~~~~~
From provos@citi.umich.edu Tue Apr 23 11:01:29 2002
Date: Sat, 20 Apr 2002 23:39:31 -0400
From: Niels Provos
Subject: [openssh-unix-announce] OpenSSH Security Advisory (adv.token)
A buffer overflow exists in OpenSSH's sshd if sshd has been compiled
with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing
has been enabled in the sshd_config file. Ticket and token passing
is not enabled by default.
1. Systems affected:
All Versions of OpenSSH compiled with AFS/Kerberos support
and ticket/token passing enabled contain a buffer overflow.
Ticket/Token passing is disabled by default and available
only in protocol version 1.
2. Impact:
Remote users may gain privileged access for OpenSSH < 2.9.9
Local users may gain privileged access for OpenSSH < 3.3
No privileged access is possible for OpenSSH with
UsePrivsep enabled.
3. Solution:
Apply the following patch and replace radix.c with
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/radix.c?rev=1.18
4. Credits:
kurt@seifried.org for notifying the OpenSSH team.
http://mantra.freeweb.hu/
~~~~~~~~~~~~cut~~~~~~~~~~~~~~~~~
So I *think* the SuSE version might be safe - not because it's
already patched, but because SuSE didn't compile in Kerberos
support; in addition, according to the advisory, only protocol
version 1 is affected - disabling this might be a good idea anyway.
(No idea what "UsePrivSep" means - some new openssh 3.x feature?)
Cheers
Martin