RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0

From: Stephanie Thomas (customer.service@ssh.com)
Date: 07/25/01


From: "Stephanie Thomas" <customer.service@ssh.com>
To: "Vega, Cesar" <cesar.vega@eds.com>, <bugtraq@securityfocus.com>
Subject: RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
Date: Wed, 25 Jul 2001 13:58:32 -0700
Message-ID: <FNEKKFMHLBAMAHPEHBLMIEAJCAAA.customer.service@ssh.com>

Hi Cesar,

We have not tested SSH Secure Shell 3.0.0 on AIX 4.2.1 for
this vulnerability, so I cannot verify that one.

The HP-UX issue is a little more complex, however.

SSH Secure Shell 3.0.0 has proven vulnerable when running on
HP-UX 10.20 and 11.00 (trusted AND untrusted)
in the following, NON-DEFAULT situation:

- The password field of /etc/passwd is modified to
contain two characters

While this is a situation which does not occur natively in
HP-UX 10.20 or 11.00, we have listed them as affected because
there may be situations where this could occur. One which comes
immediately to mind is the installation of some third-party
software which modifies /etc/passwd . Another is improper
editing of the /etc/passwd - perhaps by someone who is very
familiar with Solaris, for example, and puts 'NP' in the password
field.

All told, we felt it was best to list HP-UX 10.20 and 11.00 as
affected by this vulnerability of SSH Secure Shell 3.0.0
in the face of these possibilities.

Best Regards,

Steph

-----Original Message-----
From: Vega, Cesar [mailto:cesar.vega@eds.com]
Sent: Wednesday, July 25, 2001 1:01 PM
To: Stephanie Thomas; bugtraq@securityfocus.com
Subject: RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0

Same thing in AIX 4.2.1.0 and HP-UX 10.20/11.00, previously configured as
Trusted System.

Cordial Greetings,

CVC

# -----Original Message-----
# From: Stephanie Thomas [mailto:customer.service@ssh.com]
# Sent: Wednesday, July 25, 2001 11:18 AM
# To: Emre Yildirim; bugtraq@securityfocus.com
# Subject: RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
#
#
# Hi Emre,
#
# We have tested OpenBSD and NetBSD, and have found
# that they do not experience this vulnerability,
# even with ssh 3.0.0 installed.
#
# This is most likely due to the method used to encrypt the
# password in /etc/passwd or /etc/shadow.
#
# Best Regards,
#
# Steph
#
# -----Original Message-----
# From: Emre Yildirim [mailto:emre@vsrc.uab.edu]
# Sent: Monday, July 23, 2001 5:12 PM
# To: bugtraq@securityfocus.com
# Cc: customer.service@ssh.com
# Subject: RE: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
#
#
#
# > SSH Secure Shell 3.0.0 does not ship with any
# > of the operating systems mentioned, nor does the
# > announcement specify that it does. However, if a
# > user has explicitly installed SSH Secure Shell 3.0.0
# > on any of the listed operating systems, they are
# > vulnerable to this potential exploit.
# >
#
# I don't want to drag this boring thread any longer, but in
# your advisory, it stated that OpenBSD and NetBSD were
# not vulnerable. So...if I install SSH 3.0.0 on one of those
# (even though the already come with openssh), ssh will not
# be vulnerable to this bug? Or will it? I think that part
# created a little confusion.
#
#
# Cheers
#
#
#



Relevant Pages