[SECURITY] [DSA-134-4] OpenSSH Remote Challenge Vulnerability
Date: Thu, 27 Jun 2002 14:50:54 +0200
From: Michael Stone <[email protected]>
To: [email protected]
Subject: [SECURITY] [DSA-134-4] OpenSSH Remote Challenge Vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
- ------------------------------------------------------------------------
Debian Security Advisory DSA-134-4 [email protected]
http://www.debian.org/security/ Michael Stone
June 27, 2002
- ------------------------------------------------------------------------
Package : ssh
Problem type : remote exploit
Debian-specific: no
CERT advisory : CA-2002-18
This advisory is an update to DSA-134-3: this advisory contains
updated information that is relevant to all Debian installations of
OpenSSH (the ssh package). DSA-134-4 supersedes previous versions of
DSA-134.
ISS X-Force released an advisory about an OpenSSH "Remote Challenge
Vulnerability". Unfortunately, the advisory was incorrect on some
points, leading to widespread confusion about the impact of this
vulnerability. No version of OpenSSH in Debian is affected by the
SKEY and BSD_AUTH authentication methods described in the ISS
advisory. However, Debian does include OpenSSH servers with the PAM
feature described as vulnerable in the later advisory by the OpenSSH
team. (This vulnerable feature is authentication using PAM via the
keyboard-interactive mechanism [kbdint].) This vulnerability affects
OpenSSH versions 2.3.1 through 3.3. No exploit is currently known for
the PAM/kbdint vulnerability, but the details are publicly known. All
of these vulnerabilities were corrected in OpenSSH 3.4.
In addition to the vulnerabilities fixes outlined above, our OpenSSH
packages version 3.3 and higher support the new privilege separation
feature from Niels Provos, which changes ssh to use a separate
non-privileged process to handle most of the work. Vulnerabilities in
the unprivileged parts of OpenSSH will lead to compromise of an
unprivileged account restricted to an empty chroot, rather than a
direct root compromise. Privilege separation should help to mitigate
the risks of any future OpenSSH compromise.
Debian 2.2 (potato) shipped with an ssh package based on OpenSSH
1.2.3, and is not vulnerable to the vulnerabilities covered by this
advisory. Users still running a version 1.2.3 ssh package do not have
an immediate need to upgrade to OpenSSH 3.4. Users who upgraded to the
OpenSSH version 3.3 packages released in previous iterations of
DSA-134 should upgrade to the new version 3.4 OpenSSH packages, as the
version 3.3 packages are vulnerable. We suggest that users running
OpenSSH 1.2.3 consider a move to OpenSSH 3.4 to take advantage of the
privilege separation feature. (Though, again, we have no specific
knowledge of any vulnerability in OpenSSH 1.2.3. Please carefully read
the caveats listed below before upgrading from OpenSSH 1.2.3.) We
recommend that any users running a back-ported version of OpenSSH
version 2.0 or higher on potato move to OpenSSH 3.4.
The current pre-release version of Debian (woody) includes an OpenSSH
version 3.0.2p1 package (ssh), which is vulnerable to the PAM/kbdint
problem described above. We recommend that users upgrade to OpenSSH
3.4 and enable privilege separation. Please carefully read the release
notes below before upgrading. Updated packages for ssh-krb5 (an
OpenSSH package supporting kerberos authentication) are currently
being developed. Users who cannot currently upgrade their OpenSSH
packages may work around the known vulnerabilities by disabling the
vulnerable features: make sure the following lines are uncommented and
present in /etc/ssh/sshd_config and restart ssh
PAMAuthenticationViaKbdInt no
ChallengeResponseAuthentication no
There should be no other PAMAuthenticationViaKbdInt or
ChallengeResponseAuthentication entries in sshd_config.
That concludes the vulnerability section of this advisory. What
follows are release notes related to the OpenSSH 3.4 package and the
privilege separation feature. URLs for the OpenSSH 3.4 packages are at
the bottom.
Some notes on possible issues associated with this upgrade:
* This package introduce a new account called `sshd' that is used in
the privilege separation code. If no sshd account exists the package
will try to create one. If the account already exists it will be
re-used. If you do not want this to happen you will have to fix this
manually.
* (relevant for potato only) This update adds a back-port of version
0.9.6c of the SSL library. This means you will have to upgrade the
libssl0.9.6 package as well.
* (relevant for potato only) This update uses version 2 of the SSH
protocol by default (even if configured to support version 1 of the
SSH protocol) This can break existing setups where RSA
authentication is used. You will either have to
- add -1 to the ssh invocation to keep using SSH protocol 1 and
your existing keys, or
- change the Protocol line in /etc/ssh/ssh_config and/or
/etc/ssh/sshd_config to "Protocol 1,2" to try protocol 1 before
protocol 2, or
- create new rsa or dsa keys for SSH protocol 2
* sshd defaults to enabling privilege separation, even if you do not
explicitly enable it in /etc/ssh/sshd_config
* ssh fall-back to rsh is no longer available.
* (relevant for potato only) Privilege separation does not currently
work with Linux 2.0 kernels.
* Privilege separation does not currently work with PAM authentication
via the KeyboardInteractive mechanism
* Privilege separation causes some PAM modules which expect to run
with root privileges to fail.
* If you are unable to use privilege separation at this time due to
one of the issues describe above, you can disable it by adding
"UsePrivilegeSeparation no" to your /etc/ssh/sshd_config
Some issues from previous OpenSSH 3.3p1 packages corrected in this
advisory (not a complete change log):
* (relevant for potato only) the installation question, "[do you want
to allow protocol 2 only" no longer defaults to "yes" for the potato
packages. Users who answered yes to this question and also chose to
regenerate their sshd_config file found that they could no longer
connect to their server via protocol 1. See
/usr/doc/ssh/README.Debian for instructions on how to enable
protocol 1 if caught in this situation. Since the default in the
potato packages is now "no", this should not be an issue for people
upgrading from version 1.2.3 in the future
* (relevant for potato only) the ssh package no longer conflicts with
rsh-server, nor does it provide an rsh alternative
* installation will no longer fail if users choose to generate
protocol 1 keys
Again, we regret having to release packages with larger changes and
less testing than is our usual practice; given the potential severity
and non-specific nature of the original threat we decided that our
users were best served by having packages available for evaluation as
quickly as possible. We will send additional information as it comes
to us, and will continue to work on the outstanding issues.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
- ---------------------------------
Potato was released for alpha, arm, i386, m68k, powerpc and sparc
Source archives:
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1.orig.tar.gz
Size/MD5 checksum: 837668 459c1d0262e939d6432f193c7a4ba8a8
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-0.0potato1.dsc
Size/MD5 checksum: 871 dd0f18d576520cb7110f5791bce67708
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-0.0potato1.diff.gz
Size/MD5 checksum: 33706 ff798880b0835dcc77e42a2b9a075148
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz
Size/MD5 checksum: 2153980 c8261d93317635d56df55650c6aeb3dc
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.1.diff.gz
Size/MD5 checksum: 37925 718ffc86669ae06b22d77c659400f4e8
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.1.dsc
Size/MD5 checksum: 784 b197de235e0d10f7bb66b4751808a033
Architecture independent packages:
http://security.debian.org/pool/updates/main/o/openssl/ssleay_0.9.6c-0.potato.1_all.deb
Size/MD5 checksum: 976 6b39f5a320b1c8bdbba05e2c8b041b70
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0potato1_alpha.deb
Size/MD5 checksum: 34968 3e1792f1e5746c5ba7db3e025df60cbe
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0potato1_alpha.deb
Size/MD5 checksum: 865634 52934fd0175f560735a9a4664363791a
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.1_alpha.deb
Size/MD5 checksum: 589696 f0263fe6848b8bd09ad07a370ed6310a
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.1_alpha.deb
Size/MD5 checksum: 746344 5a06b3db8f6eabf063c3099cb539ffe9
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.1_alpha.deb
Size/MD5 checksum: 1548926 377068d478722db72c2fe52f3c23312b
arm architecture (ARM)
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0potato1_arm.deb
Size/MD5 checksum: 34202 ee81aaf2953dc0524878e906ff47a3f2
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0potato1_arm.deb
Size/MD5 checksum: 664270 a61eb2a3cac706dcc6e6985bf7cf7817
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.1_arm.deb
Size/MD5 checksum: 468106 c1dc499d7a06db8e831906f942d1192e
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.1_arm.deb
Size/MD5 checksum: 1348440 7fb0b6f32b6eb2dfc78391a302bd0e02
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.1_arm.deb
Size/MD5 checksum: 728932 0a9872153979c364d41208082c80772d
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0potato1_i386.deb
Size/MD5 checksum: 642966 b782a41d2d37003242835772cfc24c88
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0potato1_i386.deb
Size/MD5 checksum: 34500 ecb44504ec7c8f6470162f74d62b278f
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.1_i386.deb
Size/MD5 checksum: 1290006 362451bafdf4fe2104e54a0336893519
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.1_i386.deb
Size/MD5 checksum: 461994 a1c785ce6982b9031410362f124d873a
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.1_i386.deb
Size/MD5 checksum: 730338 747306c7e4ef0b767cb2985b74047b05
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0potato1_m68k.deb
Size/MD5 checksum: 613530 fc862c3af90dffffc6c242e035a75f3f
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0potato1_m68k.deb
Size/MD5 checksum: 34394 5c0cdae07253816a06e38b62072a9fff
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0potato1_powerpc.deb
Size/MD5 checksum: 683270 33c05eb5d85edf818f5debf7e70d7f13
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0potato1_powerpc.deb
Size/MD5 checksum: 34200 50f02ba4453b05c82f4921649b900d95
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.1_powerpc.deb
Size/MD5 checksum: 726602 93f47a77404ad9164565aac7ff901e43
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.1_powerpc.deb
Size/MD5 checksum: 1384596 ff8ce54bc5fa3e0913ad1f359c36161b
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.1_powerpc.deb
Size/MD5 checksum: 502776 a09451aa914242e199eb8e5de529ec26
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0potato1_sparc.deb
Size/MD5 checksum: 690020 0d1648eaa5decb1b9dc179b3b139b2e4
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0potato1_sparc.deb
Size/MD5 checksum: 37052 d9e57346084641ee6ed13803e5758872
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.1_sparc.deb
Size/MD5 checksum: 1338558 812adef25bd5abab26c47451dde84ba8
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.1_sparc.deb
Size/MD5 checksum: 482712 d821248f15cc4e1fa6574e4cdfdf02e0
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.1_sparc.deb
Size/MD5 checksum: 738056 d27a607775a80eb4aba24d29b35fe6ff
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Woody will be released for alpha, arm, hppa, i386, ia64, m68k, mips,
mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1.orig.tar.gz
Size/MD5 checksum: 837668 459c1d0262e939d6432f193c7a4ba8a8
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-0.0woody1.dsc
Size/MD5 checksum: 815 2b3e82272d126f8f722a940f43d7f8a0
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-0.0woody1.diff.gz
Size/MD5 checksum: 34048 6363fd68a6404a2af641bb07f46d2ba6
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_alpha.deb
Size/MD5 checksum: 35384 2e675e8257987714e031e985b01ca676
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_alpha.deb
Size/MD5 checksum: 848660 e7d6c59e3536e5c41962002c3e442a2c
arm architecture (ARM)
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_arm.deb
Size/MD5 checksum: 34618 30e270a4276f09edc4cfdeba2d6393e0
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_arm.deb
Size/MD5 checksum: 656864 04c71d6586dfd977f9adaa9c2b5da94a
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_hppa.deb
Size/MD5 checksum: 34978 b558d6f79876fb65f63c46b8cf60bb7c
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_hppa.deb
Size/MD5 checksum: 754418 f471dedc5599abd8f2c8bbce7f4761e8
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_i386.deb
Size/MD5 checksum: 641268 9964e6000e78aa9fb68d5633becc1b84
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_i386.deb
Size/MD5 checksum: 34888 4c50455ef97e38c30c43a5eb5f32dfe9
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_ia64.deb
Size/MD5 checksum: 36392 7978c2995bb7985dbb7c854f0417b4e0
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_ia64.deb
Size/MD5 checksum: 1001450 5d7e38d2631a5a249edfbbb7c3b810cd
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_m68k.deb
Size/MD5 checksum: 611224 6233339888e254a469a38b277a35f2b7
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_m68k.deb
Size/MD5 checksum: 34920 790fd8ba665277d21d54c8a443950fbe
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_mips.deb
Size/MD5 checksum: 34900 2600da5dc8ea7d339afe25f7c2a66c65
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_mips.deb
Size/MD5 checksum: 728584 d12098d0b37c7ac0110cf730148b6dcb
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_mipsel.deb
Size/MD5 checksum: 34870 3cba136ff66798c32763a986480565db
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_mipsel.deb
Size/MD5 checksum: 726062 b1a4e99482e493e88ec648b4046d543f
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_powerpc.deb
Size/MD5 checksum: 680140 4b5285ea717b81e6e6c41e2139b3d5d2
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_powerpc.deb
Size/MD5 checksum: 34630 697a13bc303bf3f6dec83a334a34b1ab
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_s390.deb
Size/MD5 checksum: 35248 ece9e2298f59df19af4212820e768556
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_s390.deb
Size/MD5 checksum: 669320 b87c69c0f4a273f80165774057d83ffe
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_sparc.deb
Size/MD5 checksum: 684810 54999fa878b73b1915b7f536ef4f1ab5
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_sparc.deb
Size/MD5 checksum: 34686 d50d3087a60ff6bf9676bfa41e12f0cd
- --
- ----------------------------------------------------------------------------
apt-get: deb http://security.debian.org/ stable/updates main
dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iQCVAwUBPRsJJw0hVr09l8FJAQEpkwP/f8TCf1QU3VM0o6kwiGREUN7UHbYiGU3s
Vsw5732UeQVv0X4wZcgV9remrclP26cdkIm6a9OxkljXCzx0OZWDyhtD0HbEjjvl
3CHj1zkjul2JLc1LlJFVKDN8JGuv96xNSaUYzeIRYjSPuweSGcsCiC7pdKSHwGDi
MF5kDePCmmQ=
=8M4/
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]