Date: 29 March 2001
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2001.129 -- RHSA-2001:033-04
Updated openssh packages available
29 March 2001
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: openssh
Vendor: Red Hat
Operating System: Red Hat Linux 7.0
Platform: alpha
i386
Impact: Access Confidential Data
Access Required: Remote
- --------------------------BEGIN INCLUDED TEXT--------------------
- ---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated openssh packages available
Advisory ID: RHSA-2001:033-04
Issue date: 2001-03-23
Updated on: 2001-03-27
Product: Red Hat Linux
Keywords: openssh passive analysis
Cross references:
Obsoletes: RHBA-2000-076 RHSA-2000-111
- ---------------------------------------------------------------------
1. Topic:
Updated openssh packages are now available for Red Hat Linux 7. These
packages reduce the amount of information a passive attacker can deduce
from observing an encrypted session.
2. Relevant releases/architectures:
Red Hat Linux 7.0 - alpha, i386
3. Problem description:
Weaknesses in the SSH protocols can be used by a passive attacker to deduce
information about passwords entered over an encrypted connection. This
information can be used to reduce the number of possible solutions which
need to be tested to perform a brute-force attack. This reduces the amount
of time and resources required to mount such an attack successfully.
OpenSSH 2.5.1 and 2.5.2 include modifications which, while not completely
resolving this problem, reduce the risks by changing certain server
behaviors to make passive analysis more difficult.
4. Solution:
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directly *only* contains the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
30293 - Where is sftp?
32977 - ssh unable to connect to certain servers using v2
6. RPMs required:
Red Hat Linux 7.0:
SRPMS:
ftp://updates.redhat.com/7.0/SRPMS/openssh-2.5.2p2-1.7.src.rpm
alpha:
ftp://updates.redhat.com/7.0/alpha/openssh-2.5.2p2-1.7.alpha.rpm
ftp://updates.redhat.com/7.0/alpha/openssh-askpass-2.5.2p2-1.7.alpha.rpm
ftp://updates.redhat.com/7.0/alpha/openssh-askpass-gnome-2.5.2p2-1.7.alpha.rpm
ftp://updates.redhat.com/7.0/alpha/openssh-clients-2.5.2p2-1.7.alpha.rpm
ftp://updates.redhat.com/7.0/alpha/openssh-server-2.5.2p2-1.7.alpha.rpm
i386:
ftp://updates.redhat.com/7.0/i386/openssh-2.5.2p2-1.7.i386.rpm
ftp://updates.redhat.com/7.0/i386/openssh-askpass-2.5.2p2-1.7.i386.rpm
ftp://updates.redhat.com/7.0/i386/openssh-askpass-gnome-2.5.2p2-1.7.i386.rpm
ftp://updates.redhat.com/7.0/i386/openssh-clients-2.5.2p2-1.7.i386.rpm
ftp://updates.redhat.com/7.0/i386/openssh-server-2.5.2p2-1.7.i386.rpm
7. Verification:
MD5 sum Package Name
- --------------------------------------------------------------------------
2249d15ecdca22482c03e8059dd8b31d 7.0/SRPMS/openssh-2.5.2p2-1.7.src.rpm
2c1705e525c6f07d611520374ddfe451 7.0/alpha/openssh-2.5.2p2-1.7.alpha.rpm
da69ea875b494a81b91caa65bad4b3b0 7.0/alpha/openssh-askpass-2.5.2p2-1.7.alpha.rpm
52f445b91c77c4aa1e63624aaca56a2a 7.0/alpha/openssh-askpass-gnome-2.5.2p2-1.7.alpha.rpm
997f39e0755a36d7633e6ddbde8b5e5d 7.0/alpha/openssh-clients-2.5.2p2-1.7.alpha.rpm
df2d8919c4c2ff8b0a57a4826c20e764 7.0/alpha/openssh-server-2.5.2p2-1.7.alpha.rpm
59fe7436fb6736b7948bfaec706c5628 7.0/i386/openssh-2.5.2p2-1.7.i386.rpm
f80b1952bd5caf65d0e724a26b421635 7.0/i386/openssh-askpass-2.5.2p2-1.7.i386.rpm
04723384928efd09e4f96ef142409135 7.0/i386/openssh-askpass-gnome-2.5.2p2-1.7.i386.rpm
8e387b44bd433e71c1caecb899a680f4 7.0/i386/openssh-clients-2.5.2p2-1.7.i386.rpm
99a219f6c0708203f4982a4998b4e401 7.0/i386/openssh-server-2.5.2p2-1.7.i386.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
8. References:
http://www.openwall.com/advisories/OW-003-ssh-traffic-analysis.txt
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=98525792903526&w=2
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=98527416918430&w=2
Copyright(c) 2000, 2001 Red Hat, Inc.
- --------------------------END INCLUDED TEXT--------------------
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/Information/advisories.html
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for emergencies.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key
iQCVAwUBOsNSxih9+71yA2DNAQFVxQQAmo+qjn62+Ykx3NpgITmqF9tmRSue293a
rGXkHq4+cIMglmhVEvmtvceiIgYoNZZZmSfMf+dW4okNSkLXs0OzyR31AGAZDmPJ
JzZLhtaI3p8khUAgn0dkDsuOuPhVEl10yyPu+R2HhIL16qYC89Zs/TYLOJfjNSNl
O1ZL28rLg1U=
=JnfJ
-----END PGP SIGNATURE-----
|