Security Update: [CSSA-2002-030.0] Linux: OpenSSH Vulnerabilities in Challenge Response Handling

From: security@caldera.com
Date: 06/27/02

• Previous message: NetBSD Security Officer: "NetBSD Security Advisory 2002-005: OpenSSH protocol version 2 challenge-response authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

To: bugtraq@securityfocus.com, announce@lists.caldera.com, security-alerts@linuxsecurity.com
From: security@caldera.com
Date: Thu, 27 Jun 2002 11:52:21 -0700

To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com

______________________________________________________________________________

                Caldera International, Inc. Security Advisory

Subject: Linux: OpenSSH Vulnerabilities in Challenge Response Handling
Advisory number: CSSA-2002-030.0
Issue date: 2002 June 27
Cross reference:
______________________________________________________________________________

1. Problem Description

        Several vulnerabilities have been reported in OpenSSH if the
        S/KEY or BSD Auth features have been enabled, or if
        PAMAuthenticationViaKbdInt has been enabled.

2. Vulnerable Supported Versions

        System Package
        ----------------------------------------------------------------------

        OpenLinux 3.1.1 Server prior to and including openssh-3.2.3p1-2
        OpenLinux 3.1.1 Workstation prior to and including openssh-3.2.3p1-2
        OpenLinux 3.1 Server prior to and including openssh-3.2.3p1-2
        OpenLinux 3.1 Workstation prior to and including openssh-3.2.3p1-2

3. Solution

        Caldera OpenLinux OpenSSH has neither the S/KEY nor BSD Auth
        features compiled in, so it is not vulnerable to the
        Challenge/Response vulnerability.

        We do have the ChallengeResponseAuthentication option on by
        default, however, so to be safe, we recommend that the option
        be disabled (set to no) in the /etc/ssh/sshd_config file.

        In addition, the sshd_config PAMAuthenticationViaKbdInt option
        is disabled by default, so OpenLinux is not vulnerable to the
        other alleged vulnerability in a default configuration,
        either. However, Caldera recommends that this option also be
        disabled (set to no) if it has been enabled by the system
        administrator.

4. References

        Specific references for this advisory:
                http://www.cert.org/advisories/CA-2002-18.html

        Caldera security resources:
                http://www.caldera.com/support/security/index.html

5. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on this website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera products.

______________________________________________________________________________

---

• application/pgp-signature attachment: stored

---

• Previous message: NetBSD Security Officer: "NetBSD Security Advisory 2002-005: OpenSSH protocol version 2 challenge-response authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2002-06