Date: Tue, 6 Sep 2005 15:25:26 +0200
From: OpenPKG <openpkg@openpkg.org.>
To: [email protected]Subject: [OpenPKG-SA-2005.019] OpenPKG Security Advisory (openssh)
Message-ID: <OpenPKG-SA-2005.019@openpkg.org.>
Reply-To: [email protected]
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Organization: The OpenPKG Project, http://www.openpkg.org/
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org[email protected][email protected]
OpenPKG-SA-2005.019 06-Sep-2005
________________________________________________________________________
Package: openssh
Vulnerability: privilege escalation
OpenPKG Specific: no
Affected Releases: Affected Packages: Corrected Packages:
OpenPKG CURRENT <= openssh-4.1p1-20050812 >= openssh-4.2p1-20050901
OpenPKG 2.4 <= openssh-4.1p1-2.4.0 >= openssh-4.1p1-2.4.1
OpenPKG 2.3 none N.A.
Dependent Packages: none
Description:
A security bug introduced in OpenSSH [1] version 4.0 caused gateway
ports (SSH client command line option "-o 'GatewayPorts yes'") to
be accidentally activated for dynamic port forwardings (SSH client
command line option "-D [address:]port") when the listen address
was not explicitly specified. As a result, the SSH client performed
a wildcard bind for the listening socket on the SSH client machine
instead of a bind to just "localhost". This way the dynamic port
forwardings can be accessed also from outside the SSH client machine.
Please check whether you are affected by running "<prefix>/bin/rpm -q
openssh". If you have the "openssh" package installed and its version
is affected (see above), we recommend that you immediately upgrade it
(see Solution). [2][3]
Solution:
Select the updated source RPM appropriate for your OpenPKG release
[4], fetch it from the OpenPKG FTP service [5] or a mirror location,
verify its integrity [6], build a corresponding binary RPM from it
[2] and update your OpenPKG installation by applying the binary RPM
[3]. For the most recent release OpenPKG 2.4, perform the following
operations to permanently fix the security problem (for other releases
adjust accordingly).
$ ftp ftp.openpkg.org
ftp> bin
ftp> cd current/SRC
ftp> get openssh-4.1p1-2.4.1.src.rpm
ftp> bye
$ <prefix>/bin/rpm --rebuild openssh-4.1p1-2.4.1.src.rpm
$ su -
# <prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/openssh-4.1p1-2.4.1.*.rpm
________________________________________________________________________
References:
[1] http://www.openssh.com/
[2] http://www.openpkg.org/tutorial.html#regular-source
[3] http://www.openpkg.org/tutorial.html#regular-binary
[4] ftp://ftp.openpkg.org/release/2.4/UPD/openssh-4.1p1-2.4.1.src.rpm
[5] ftp://ftp.openpkg.org/release/2.4/UPD/
[6] http://www.openpkg.org/security.html#signature
________________________________________________________________________
For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@openpkg.org.>" (ID 63C4CB9F) of the
OpenPKG project which you can retrieve from http://pgp.openpkg.org and
hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/
for details on how to verify the integrity of this advisory.
________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg@openpkg.org.>
iD8DBQFDHZi1gHWT4GPEy58RAnrTAJ0dKA35YVj6Tltklch+O0bkXgxQkACg6R4Y
IzIjDHb0pjTYiVqySMyBV2w=
=/6Zk
-----END PGP SIGNATURE-----
