From tsl@trustix.com Fri Dec 21 12:16:34 2001 From: Trustix Secure Linux Advisor To: tsl-announce@trustix.org Cc: bugtraq@securityfocus.com Date: Thu, 20 Dec 2001 17:47:32 +0100 Subject: TSL-2001-0030 - openssh (updated) [The following text is in the "unknown-8bit" character set] [Your display is set for the "US-ASCII" character set] [Some characters may be displayed incorrectly] Note to moderator: We had an error in the first packages created. This is effectively the same advisory as the previous almost identical one, but the MD5 sums are changed. Sorry. Erlend·· -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2001-0030 Package name: OpenSSH Severity: Local root exploit if UseLogin option enabled Date: 2001-12-19 Affected versions: TSL 1.01, 1.1, 1.2, 1.5 - -------------------------------------------------------------------------- Problem description: A malicious local user can pass environment variables to the login process if the administrator enables the UseLogin option. This can be abused to bypass authentication and gain root access. Note that this option is not enabled by default on TSL. Updated: There was a file conflict in the packages in the original advisory. Packages are now fixed, and the MD5 sum is updated. Action: We recommend that all systems with this package installed are upgraded. Location: All TSL updates are available from Automatic updates: Users of the SWUP tool, can enjoy having updates automatically installed using 'swup --upgrade'. Get SWUP from: Questions? Check out our mailing lists: Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key available from: The advisory itself is available from the errata pages at and or directly at MD5sums of the packages: - -------------------------------------------------------------------------- ca264cee029f32e7d91a879ae6d5983b ./1.5/SRPMS/openssh-3.0.2p1-2tr.src.rpm ba39a570c1681e0a90d288e0b0dadc72 ./1.5/RPMS/openssh-server-3.0.2p1-2tr.i586.rpm 069a436c78fc76137ff40c33eb8008ac ./1.5/RPMS/openssh-clients-3.0.2p1-2tr.i586.rpm 599cffe859ce5baa8db1e0b8b07251dd ./1.5/RPMS/openssh-3.0.2p1-2tr.i586.rpm ca264cee029f32e7d91a879ae6d5983b ./1.2/SRPMS/openssh-3.0.2p1-2tr.src.rpm 61f3e140c4b161a210ec6634b662c8bc ./1.2/RPMS/openssh-server-3.0.2p1-2tr.i586.rpm 9c65dfdc3047d109448020a8505bc3c1 ./1.2/RPMS/openssh-clients-3.0.2p1-2tr.i586.rpm 6f532429e948a93cea48a7f28d1fbd54 ./1.2/RPMS/openssh-3.0.2p1-2tr.i586.rpm ca264cee029f32e7d91a879ae6d5983b ./1.1/SRPMS/openssh-3.0.2p1-2tr.src.rpm 76cfc275b6aa5af4239dbcf0e7dc9424 ./1.1/RPMS/openssh-server-3.0.2p1-2tr.i586.rpm 295f6aca056e79f70469ed1bfd98fbba ./1.1/RPMS/openssh-clients-3.0.2p1-2tr.i586.rpm 5aec4ff6dc5d9e3f2d6c990956e15c4f ./1.1/RPMS/openssh-3.0.2p1-2tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8IhSqwRTcg4BxxS0RAjq/AJ4mBvh5PUUnhJ3N1UnotXujGCppoACeI1V1 6TdIChmxh256yrndQzDnaUI= =0LWF -----END PGP SIGNATURE-----