Date: 05 October 2006
References: ESB-2006.0709
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2006.0732 -- [Debian]
New openssh-krb5 packages fix denial of service and
potential execution of arbitrary code
5 October 2006
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: openssh-krb5
Publisher: Debian
Operating System: Debian GNU/Linux 3.1
Impact: Execute Arbitrary Code/Commands
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2006-5051 CVE-2006-4924
Ref: ESB-2006.0709
Original Bulletin: http://www.debian.org/security/2006/dsa-1189
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1189-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
October 4th, 2006 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------
Package : openssh-krb5
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-4924 CVE-2006-5051
Several remote vulnerabilities have been discovered in OpenSSH, a free
implementation of the Secure Shell protocol, which may lead to denial of
service and potentially the execution of arbitrary code. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2006-4924
Tavis Ormandy of the Google Security Team discovered a denial of
service vulnerability in the mitigation code against complexity
attacks, which might lead to increased CPU consumption until a
timeout is triggered. This is only exploitable if support for
SSH protocol version 1 is enabled.
CVE-2006-5051
Mark Dowd discovered that insecure signal handler usage could
potentially lead to execution of arbitrary code through a double
free. The Debian Security Team doesn't believe the general openssh
package without Kerberos support to be exploitable by this issue.
However, due to the complexity of the underlying code we will
issue an update to rule out all eventualities.
For the stable distribution (sarge) these problems have been fixed in
version 3.8.1p1-7sarge1.
For the unstable distribution (sid) these problems have been fixed in
version 4.3p2-4 of openssh. openssh-krb5 will soon be converted towards
a transitional package against openssh.
We recommend that you upgrade your openssh-krb5 packages.
Upgrade Instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- - --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.8.1p1-7sarge1.dsc
Size/MD5 checksum: 693 d0a8ac5b868c5f84fd372c9ef597f3a6
http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.8.1p1-7sarge1.diff.gz
Size/MD5 checksum: 167076 1fcdbc92c7a0992711b2dc67b9923ba7
http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.8.1p1.orig.tar.gz
Size/MD5 checksum: 795948 9ce6f2fa5b2931ce2c4c25f3af9ad50d
Alpha architecture:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_alpha.deb
Size/MD5 checksum: 909896 44611f5a619acf0bccdeb366d76f39c5
AMD64 architecture:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_amd64.deb
Size/MD5 checksum: 773658 dc8335560cead18af3fa4eb52911af92
ARM architecture:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_arm.deb
Size/MD5 checksum: 689752 18e79d4e27c0ec313147e0951ef6082a
HP Precision architecture:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_hppa.deb
Size/MD5 checksum: 780142 5e692daa057c38f1fa1f0f877824e991
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_i386.deb
Size/MD5 checksum: 706910 a4eda3cc320f77d2dc1065976086c31f
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_ia64.deb
Size/MD5 checksum: 1004916 91f89e80f1a27f942bd5fe9e7ae2ba3e
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_m68k.deb
Size/MD5 checksum: 651232 8f41b159434ef7bf3187cd4954e816cc
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_mips.deb
Size/MD5 checksum: 790716 cbc586aa73bcf295cd61f1c09e8015d8
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_mipsel.deb
Size/MD5 checksum: 793644 3364603438fceb21bffdd3efb4887e0e
PowerPC architecture:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_powerpc.deb
Size/MD5 checksum: 757954 ddb9cbba0e84f84da8e60fcbcbaddbae
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_s390.deb
Size/MD5 checksum: 771520 2148d40fa59dc98b94ac6a03ed2c444f
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_sparc.deb
Size/MD5 checksum: 694800 9c059e2e4ba232774a522da0a2757f06
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFJAvbXm3vHE4uyloRAmqoAKChy0vZr6GVMubikUiysDHN7npstQCdF3dp
EYGwpqy2OkwF4WxfJwJX3zs=
=SWgg
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRSSH0Ch9+71yA2DNAQJlQwP/Wtiy0giCymL3ksyy7X2ueryKhAarEGQ1
v7RgXcXzVRQ8tjMNrEqylTJajdEC8DVS8AMXzeh6A+M40gPXBTN2wZ2j8fecXtZo
y/SoBCJiY+xjbGV9x6uxaQHs8mKfpptAwtDrZHsBir7OVhpngbbbvH5BWG3IirSk
q4/S3K5nouk=
=SUYi
-----END PGP SIGNATURE-----
|