From security@sco.com Wed Mar 15 13:04:18 2006
From: SCO Security Advisories <security@sco.com>
To: security-announce@list.sco.com
Date: Wed, 15 Mar 2006 09:32:27 -0800
Subject: [Full-disclosure] SCOSA-2006.12 OpenServer 6.0.0 : OpenSSH Multiple Vulnerabilities


-- 
Dr. Ronald Joe Record
Chief Security Officer
SCO
rr@sco.com

    [ Part 2: "Attached Text" ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenServer 6.0.0 : OpenSSH Multiple Vulnerabilities
Advisory number: 	SCOSA-2006.12
Issue date: 		2006 March 15
Cross reference:	fz532976
			CVE-2005-2797 CVE-2005-2798
______________________________________________________________________________


1. Problem Description

	Two security issues have been reported in OpenSSH, which can
	be exploited by malicious users to gain escalated privileges
	or bypass certain security restrictions.
	
	An error in handling dynamic port forwardings when no
	listen address is specified, can cause "GatewayPorts" to be
	incorrectly activated.
	
	An error in handling GSSAPI credential delegation can allow
	a user, who did not login using GSSAPI authentication, to be
	delegated with GSSAPI credentials.
	
	Successful exploitation requires that
	"GSSAPIDelegateCredentials" is enabled.
	
	The Common Vulnerabilities and Exposures project
	(cve.mitre.org) has assigned the names CVE-2005-2797 and
	CVE-2005-2798 to these issues.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	OpenServer 6.0.0 	OpenSSH utilities and libraries


3. Solution

	The proper solution is to install the latest packages.


4. OpenServer 6.0.0

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.iso


	4.2 Verification

	MD5 (osr600mp2.iso) = 7e560dcde374eb60df2b4a599ac20d8a

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	See the SCO OpenServer Release 6.0.0 Maintenance Pack 2 Release
	and Installation Notes:

	ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.html


5. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2797
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2798
		http://secunia.com/advisories/16686 
		http://www.securityfocus.com/bid/14729

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents fz532976.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (UnixWare)

iD8DBQFEGEZLaqoBO7ipriERAks5AKCW9Cy5Pb6BqWwuAnUd2kxCAO84nQCfTV9k
nvjX8U2vLPNAkIm4Wr+RpPw=
=48M6
-----END PGP SIGNATURE-----

    [ Part 3: "Attached Text" ]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/