From security@sco.com Wed Mar 15 13:03:05 2006 From: SCO Security Advisories To: security-announce@list.sco.com Date: Wed, 15 Mar 2006 09:31:16 -0800 Subject: [Full-disclosure] SCOSA-2006.11 OpenServer 5.0.6 OpenServer 5.0.7 : OpenSSH Multiple Vulnerabilities -- Dr. Ronald Joe Record Chief Security Officer SCO rr@sco.com [ Part 2: "Attached Text" ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: OpenServer 5.0.6 OpenServer 5.0.7 : OpenSSH Multiple Vulnerabilities Advisory number: SCOSA-2006.11 Issue date: 2006 March 15 Cross reference: fz529677 fz529833 fz532920 fz532977 CVE-2004-0175 CVE-2005-2666 CVE-2005-2797 ______________________________________________________________________________ 1. Problem Description A vulnerability has been reported in the OpenSSH scp utilities. This issue may permit a malicious scp server to corrupt files on a client system when files are copied. SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key. OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality. Only the first 8 characters of a password are significant in OpenSSH on SCO OpenServer 5. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0175, CVE-2005-2666, and CVE-2005-2797 to these issues. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- OpenServer 5.0.6 OpenSSH utilities and libraries OpenServer 5.0.7 OpenSSH utilities and libraries 3. Solution The proper solution is to install the latest packages. 4. OpenServer 5.0.6 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/openserver5/opensrc/openssh-4.2p1/openssh42p1_vol.tar 4.2 Verification MD5 (openssh42p1_vol.tar) = cb92de31f9a0b8dbd3dfd82b19bc1d57 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries See: ftp://ftp.sco.com/pub/openserver5/opensrc/openssh-4.2p1/openssh-4.2p1.txt 5. OpenServer 5.0.7 5.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar 5.2 Verification MD5 (osr507mp4_vol.tar) = 4c87d840ff5b43221258547d19030228 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 5.3 Installing Fixed Binaries See the SCO OpenServer Release 5.0.7 Maintenance Pack 4 Release and Installation Notes: ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm 6. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2666 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2797 http://www.securityfocus.com/bid/9986 http://nms.csail.mit.edu/projects/ssh/ http://www.eweek.com/article2/0,1759,1815795,00.asp http://secunia.com/advisories/16686 SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents fz529677 fz529833 fz532920 fz532977. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (UnixWare) iD8DBQFEGE2eaqoBO7ipriERAth5AJ9dtCzhv+ySjWmLAnpyzKxxyFeqpgCeNjfn I8/86fBWJWJYKMPkUMSNOXQ= =xy6d -----END PGP SIGNATURE----- [ Part 3: "Attached Text" ] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/