-----BEGIN PGP SIGNED MESSAGE-----

===========================================================================
             AUSCERT External Security Bulletin Redistribution

            ESB-2002.313 -- Debian Security Advisory DSA-134-4
                  OpenSSH Remote Challenge Vulnerability
                               28 June 2002

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:                OpenSSH
Vendor:                 Debian
Operating System:       Debian GNU/Linux 2.2 alias potato
                        Debian GNU/Linux 3.0 alias woody
Impact:                 Execute Arbitrary Code/Commands
Access Required:        Remote

Ref:                    AL-2002.05
                        AA-2002.05
                        ESB-2002.303
                        ESB-2002.306

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----

- - ------------------------------------------------------------------------
Debian Security Advisory DSA-134-4                   security@debian.org
http://www.debian.org/security/                            Michael Stone
June 27, 2002
- - ------------------------------------------------------------------------

Package        : ssh
Problem type   : remote exploit
Debian-specific: no
CERT advisory  : CA-2002-18

This advisory is an update to DSA-134-3: this advisory contains
updated information that is relevant to all Debian installations of
OpenSSH (the ssh package). DSA-134-4 supersedes previous versions of
DSA-134.

ISS X-Force released an advisory about an OpenSSH "Remote Challenge
Vulnerability". Unfortunately, the advisory was incorrect on some
points, leading to widespread confusion about the impact of this
vulnerability. No version of OpenSSH in Debian is affected by the
SKEY and BSD_AUTH authentication methods described in the ISS
advisory. However, Debian does include OpenSSH servers with the PAM
feature described as vulnerable in the later advisory by the OpenSSH
team. (This vulnerable feature is authentication using PAM via the
keyboard-interactive mechanism [kbdint].) This vulnerability affects
OpenSSH versions 2.3.1 through 3.3. No exploit is currently known for
the PAM/kbdint vulnerability, but the details are publicly known. All
of these vulnerabilities were corrected in OpenSSH 3.4.

In addition to the vulnerabilities fixes outlined above, our OpenSSH
packages version 3.3 and higher support the new privilege separation
feature from Niels Provos, which changes ssh to use a separate
non-privileged process to handle most of the work. Vulnerabilities in
the unprivileged parts of OpenSSH will lead to compromise of an
unprivileged account restricted to an empty chroot, rather than a
direct root compromise. Privilege separation should help to mitigate
the risks of any future OpenSSH compromise.

Debian 2.2 (potato) shipped with an ssh package based on OpenSSH
1.2.3, and is not vulnerable to the vulnerabilities covered by this
advisory. Users still running a version 1.2.3 ssh package do not have
an immediate need to upgrade to OpenSSH 3.4. Users who upgraded to the
OpenSSH version 3.3 packages released in previous iterations of
DSA-134 should upgrade to the new version 3.4 OpenSSH packages, as the
version 3.3 packages are vulnerable. We suggest that users running
OpenSSH 1.2.3 consider a move to OpenSSH 3.4 to take advantage of the
privilege separation feature. (Though, again, we have no specific
knowledge of any vulnerability in OpenSSH 1.2.3. Please carefully read
the caveats listed below before upgrading from OpenSSH 1.2.3.) We
recommend that any users running a back-ported version of OpenSSH
version 2.0 or higher on potato move to OpenSSH 3.4.

The current pre-release version of Debian (woody) includes an OpenSSH
version 3.0.2p1 package (ssh), which is vulnerable to the PAM/kbdint
problem described above. We recommend that users upgrade to OpenSSH
3.4 and enable privilege separation. Please carefully read the release
notes below before upgrading. Updated packages for ssh-krb5 (an
OpenSSH package supporting kerberos authentication) are currently
being developed. Users who cannot currently upgrade their OpenSSH
packages may work around the known vulnerabilities by disabling the
vulnerable features: make sure the following lines are uncommented and
present in /etc/ssh/sshd_config and restart ssh
  PAMAuthenticationViaKbdInt no
  ChallengeResponseAuthentication no
There should be no other PAMAuthenticationViaKbdInt or
ChallengeResponseAuthentication entries in sshd_config.

That concludes the vulnerability section of this advisory. What
follows are release notes related to the OpenSSH 3.4 package and the
privilege separation feature. URLs for the OpenSSH 3.4 packages are at
the bottom.

Some notes on possible issues associated with this upgrade:

* This package introduce a new account called `sshd' that is used in
  the privilege separation code. If no sshd account exists the package
  will try to create one. If the account already exists it will be
  re-used. If you do not want this to happen you will have to fix this
  manually. 

* (relevant for potato only) This update adds a back-port of version
  0.9.6c of the SSL library. This means you will have to upgrade the
  libssl0.9.6 package as well.

* (relevant for potato only) This update uses version 2 of the SSH
  protocol by default (even if configured to support version 1 of the
  SSH protocol) This can break existing setups where RSA
  authentication is used. You will either have to 
    - add -1 to the ssh invocation to keep using SSH protocol 1 and
      your existing keys, or 
    - change the Protocol line in /etc/ssh/ssh_config and/or
      /etc/ssh/sshd_config to "Protocol 1,2" to try protocol 1 before
      protocol 2, or
    - create new rsa or dsa keys for SSH protocol 2

* sshd defaults to enabling privilege separation, even if you do not
  explicitly enable it in /etc/ssh/sshd_config

* ssh fall-back to rsh is no longer available.

* (relevant for potato only) Privilege separation does not currently
  work with Linux 2.0 kernels.

* Privilege separation does not currently work with PAM authentication
  via the KeyboardInteractive mechanism

* Privilege separation causes some PAM modules which expect to run
  with root privileges to fail.

* If you are unable to use privilege separation at this time due to
  one of the issues describe above, you can disable it by adding
  "UsePrivilegeSeparation no" to your /etc/ssh/sshd_config

Some issues from previous OpenSSH 3.3p1 packages corrected in this
advisory (not a complete change log):

* (relevant for potato only) the installation question, "[do you want
  to allow protocol 2 only" no longer defaults to "yes" for the potato
  packages. Users who answered yes to this question and also chose to
  regenerate their sshd_config file found that they could no longer
  connect to their server via protocol 1. See
  /usr/doc/ssh/README.Debian for instructions on how to enable
  protocol 1 if caught in this situation. Since the default in the
  potato packages is now "no", this should not be an issue for people
  upgrading from version 1.2.3 in the future

* (relevant for potato only) the ssh package no longer conflicts with
  rsh-server, nor does it provide an rsh alternative

* installation will no longer fail if users choose to generate
  protocol 1 keys

Again, we regret having to release packages with larger changes and
less testing than is our usual practice; given the potential severity
and non-specific nature of the original threat we decided that our
users were best served by having packages available for evaluation as
quickly as possible. We will send additional information as it comes
to us, and will continue to work on the outstanding issues.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.


Debian GNU/Linux 2.2 alias potato
- - ---------------------------------

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc

  Source archives:

    http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1.orig.tar.gz
      Size/MD5 checksum:   837668 459c1d0262e939d6432f193c7a4ba8a8
    http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-0.0potato1.dsc
      Size/MD5 checksum:      871 dd0f18d576520cb7110f5791bce67708
    http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-0.0potato1.diff.gz
      Size/MD5 checksum:    33706 ff798880b0835dcc77e42a2b9a075148
    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz
      Size/MD5 checksum:  2153980 c8261d93317635d56df55650c6aeb3dc
    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.1.diff.gz
      Size/MD5 checksum:    37925 718ffc86669ae06b22d77c659400f4e8
    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.1.dsc
      Size/MD5 checksum:      784 b197de235e0d10f7bb66b4751808a033

  Architecture independent packages:

    http://security.debian.org/pool/updates/main/o/openssl/ssleay_0.9.6c-0.potato.1_all.deb
      Size/MD5 checksum:      976 6b39f5a320b1c8bdbba05e2c8b041b70

  alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0potato1_alpha.deb
      Size/MD5 checksum:    34968 3e1792f1e5746c5ba7db3e025df60cbe
    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0potato1_alpha.deb
      Size/MD5 checksum:   865634 52934fd0175f560735a9a4664363791a
    http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.1_alpha.deb
      Size/MD5 checksum:   589696 f0263fe6848b8bd09ad07a370ed6310a
    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.1_alpha.deb
      Size/MD5 checksum:   746344 5a06b3db8f6eabf063c3099cb539ffe9
    http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.1_alpha.deb
      Size/MD5 checksum:  1548926 377068d478722db72c2fe52f3c23312b

  arm architecture (ARM)

    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0potato1_arm.deb
      Size/MD5 checksum:    34202 ee81aaf2953dc0524878e906ff47a3f2
    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0potato1_arm.deb
      Size/MD5 checksum:   664270 a61eb2a3cac706dcc6e6985bf7cf7817
    http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.1_arm.deb
      Size/MD5 checksum:   468106 c1dc499d7a06db8e831906f942d1192e
    http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.1_arm.deb
      Size/MD5 checksum:  1348440 7fb0b6f32b6eb2dfc78391a302bd0e02
    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.1_arm.deb
      Size/MD5 checksum:   728932 0a9872153979c364d41208082c80772d

  i386 architecture (Intel ia32)

    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0potato1_i386.deb
      Size/MD5 checksum:   642966 b782a41d2d37003242835772cfc24c88
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0potato1_i386.deb
      Size/MD5 checksum:    34500 ecb44504ec7c8f6470162f74d62b278f
    http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.1_i386.deb
      Size/MD5 checksum:  1290006 362451bafdf4fe2104e54a0336893519
    http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.1_i386.deb
      Size/MD5 checksum:   461994 a1c785ce6982b9031410362f124d873a
    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.1_i386.deb
      Size/MD5 checksum:   730338 747306c7e4ef0b767cb2985b74047b05

  m68k architecture (Motorola Mc680x0)

    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0potato1_m68k.deb
      Size/MD5 checksum:   613530 fc862c3af90dffffc6c242e035a75f3f
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0potato1_m68k.deb
      Size/MD5 checksum:    34394 5c0cdae07253816a06e38b62072a9fff

  powerpc architecture (PowerPC)

    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0potato1_powerpc.deb
      Size/MD5 checksum:   683270 33c05eb5d85edf818f5debf7e70d7f13
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0potato1_powerpc.deb
      Size/MD5 checksum:    34200 50f02ba4453b05c82f4921649b900d95
    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.1_powerpc.deb
      Size/MD5 checksum:   726602 93f47a77404ad9164565aac7ff901e43
    http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.1_powerpc.deb
      Size/MD5 checksum:  1384596 ff8ce54bc5fa3e0913ad1f359c36161b
    http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.1_powerpc.deb
      Size/MD5 checksum:   502776 a09451aa914242e199eb8e5de529ec26

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0potato1_sparc.deb
      Size/MD5 checksum:   690020 0d1648eaa5decb1b9dc179b3b139b2e4
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0potato1_sparc.deb
      Size/MD5 checksum:    37052 d9e57346084641ee6ed13803e5758872
    http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.1_sparc.deb
      Size/MD5 checksum:  1338558 812adef25bd5abab26c47451dde84ba8
    http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.1_sparc.deb
      Size/MD5 checksum:   482712 d821248f15cc4e1fa6574e4cdfdf02e0
    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.1_sparc.deb
      Size/MD5 checksum:   738056 d27a607775a80eb4aba24d29b35fe6ff


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

  Woody will be released for alpha, arm, hppa, i386, ia64, m68k, mips,
  mipsel, powerpc, s390 and sparc.

  Source archives:

    http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1.orig.tar.gz
      Size/MD5 checksum:   837668 459c1d0262e939d6432f193c7a4ba8a8
    http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-0.0woody1.dsc
      Size/MD5 checksum:      815 2b3e82272d126f8f722a940f43d7f8a0
    http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-0.0woody1.diff.gz
      Size/MD5 checksum:    34048 6363fd68a6404a2af641bb07f46d2ba6

  alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_alpha.deb
      Size/MD5 checksum:    35384 2e675e8257987714e031e985b01ca676
    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_alpha.deb
      Size/MD5 checksum:   848660 e7d6c59e3536e5c41962002c3e442a2c


  arm architecture (ARM)

    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_arm.deb
      Size/MD5 checksum:    34618 30e270a4276f09edc4cfdeba2d6393e0
    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_arm.deb
      Size/MD5 checksum:   656864 04c71d6586dfd977f9adaa9c2b5da94a

  hppa architecture (HP PA RISC)

    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_hppa.deb
      Size/MD5 checksum:    34978 b558d6f79876fb65f63c46b8cf60bb7c
    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_hppa.deb
      Size/MD5 checksum:   754418 f471dedc5599abd8f2c8bbce7f4761e8

  i386 architecture (Intel ia32)

    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_i386.deb
      Size/MD5 checksum:   641268 9964e6000e78aa9fb68d5633becc1b84
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_i386.deb
      Size/MD5 checksum:    34888 4c50455ef97e38c30c43a5eb5f32dfe9

  ia64 architecture (Intel ia64)

    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_ia64.deb
      Size/MD5 checksum:    36392 7978c2995bb7985dbb7c854f0417b4e0
    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_ia64.deb
      Size/MD5 checksum:  1001450 5d7e38d2631a5a249edfbbb7c3b810cd

  m68k architecture (Motorola Mc680x0)

    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_m68k.deb
      Size/MD5 checksum:   611224 6233339888e254a469a38b277a35f2b7
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_m68k.deb
      Size/MD5 checksum:    34920 790fd8ba665277d21d54c8a443950fbe

  mips architecture (MIPS (Big Endian))

    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_mips.deb
      Size/MD5 checksum:    34900 2600da5dc8ea7d339afe25f7c2a66c65
    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_mips.deb
      Size/MD5 checksum:   728584 d12098d0b37c7ac0110cf730148b6dcb

  mipsel architecture (MIPS (Little Endian))

    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_mipsel.deb
      Size/MD5 checksum:    34870 3cba136ff66798c32763a986480565db
    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_mipsel.deb
      Size/MD5 checksum:   726062 b1a4e99482e493e88ec648b4046d543f

  powerpc architecture (PowerPC)

    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_powerpc.deb
      Size/MD5 checksum:   680140 4b5285ea717b81e6e6c41e2139b3d5d2
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_powerpc.deb
      Size/MD5 checksum:    34630 697a13bc303bf3f6dec83a334a34b1ab

  s390 architecture (IBM S/390)

    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_s390.deb
      Size/MD5 checksum:    35248 ece9e2298f59df19af4212820e768556
    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_s390.deb
      Size/MD5 checksum:   669320 b87c69c0f4a273f80165774057d83ffe

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_sparc.deb
      Size/MD5 checksum:   684810 54999fa878b73b1915b7f536ef4f1ab5
    http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_sparc.deb
      Size/MD5 checksum:    34686 d50d3087a60ff6bf9676bfa41e12f0cd

- - -- 
- - ----------------------------------------------------------------------------
apt-get: deb http://security.debian.org/ stable/updates main
dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iQCVAwUBPRsJJw0hVr09l8FJAQEpkwP/f8TCf1QU3VM0o6kwiGREUN7UHbYiGU3s
Vsw5732UeQVv0X4wZcgV9remrclP26cdkIm6a9OxkljXCzx0OZWDyhtD0HbEjjvl
3CHj1zkjul2JLc1LlJFVKDN8JGuv96xNSaUYzeIRYjSPuweSGcsCiC7pdKSHwGDi
MF5kDePCmmQ=
=8M4/
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content.  The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

	http://www.auscert.org.au/Information/advisories.html

If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).

Internet Email: auscert@auscert.org.au
Facsimile:	(07) 3365 7031
Telephone:	(07) 3365 4417 (International: +61 7 3365 4417)
		AusCERT personnel answer during Queensland business hours
		which are GMT+10:00 (AEST).
		On call after hours for member emergencies.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key

iQCVAwUBPRx63yh9+71yA2DNAQHbeAP/V9jaUmQPizD44QjvSpKodnP4TJ9R+7eF
uhffjHvJOA5cT8totDVh71gsSlYT2G2LDhj0t8Zm+FDRdQOKlxbK6/4fHFPmknxR
E4FH5FFf4mhdeoM/nXLoXowrLAiZu1rk1zXk29S4BSlTTKQm3m3LLHCM45c94XSO
ZDwRHuAl5Qg=
=de2G
-----END PGP SIGNATURE-----