aboutsummaryrefslogtreecommitdiff
path: root/share/security/advisories/FreeBSD-SA-02:13.openssh.asc
diff options
context:
space:
mode:
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-02:13.openssh.asc')
-rw-r--r--share/security/advisories/FreeBSD-SA-02:13.openssh.asc213
1 files changed, 0 insertions, 213 deletions
diff --git a/share/security/advisories/FreeBSD-SA-02:13.openssh.asc b/share/security/advisories/FreeBSD-SA-02:13.openssh.asc
deleted file mode 100644
index f0d44b375d..0000000000
--- a/share/security/advisories/FreeBSD-SA-02:13.openssh.asc
+++ /dev/null
@@ -1,213 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-
-=============================================================================
-FreeBSD-SA-02:13 Security Advisory
- FreeBSD, Inc.
-
-Topic: OpenSSH contains exploitable off-by-one bug
-
-Category: core, ports
-Module: openssh, ports_openssh, openssh-portable
-Announced: 2002-03-07
-Credits: Joost Pol <joost@pine.nl>
-Affects: FreeBSD 4.4-RELEASE, 4.5-RELEASE
- FreeBSD 4.5-STABLE prior to the correction date
- openssh port prior to openssh-3.0.2_1
- openssh-portable port prior to openssh-portable-3.0.2p1_1
-Corrected: 2002-03-06 13:57:54 UTC (RELENG_4)
- 2002-03-07 14:40:56 UTC (RELENG_4_5)
- 2002-03-07 14:40:07 UTC (RELENG_4_4)
- 2002-03-06 13:53:38 UTC (ports/security/openssh)
- 2002-03-06 13:53:39 UTC (ports/security/openssh-portable)
-CVE: CAN-2002-0083
-FreeBSD only: NO
-
-I. Background
-
-OpenSSH is a free version of the SSH protocol suite of network
-connectivity tools. OpenSSH encrypts all traffic (including
-passwords) to effectively eliminate eavesdropping, connection
-hijacking, and other network-level attacks. Additionally, OpenSSH
-provides a myriad of secure tunneling capabilities, as well as a
-variety of authentication methods. `ssh' is the client application,
-while `sshd' is the server.
-
-II. Problem Description
-
-OpenSSH multiplexes `channels' over a single TCP connection in order
-to implement X11, TCP, and agent forwarding. An off-by-one error in
-the code which manages channels can result in a reference to memory
-beyond that allocated for channels. A malicious client or server may
-be able to influence the contents of the memory so referenced.
-
-III. Impact
-
-An authorized remote user (i.e. a user that can successfully
-authenticate on the target system) may be able to cause sshd to
-execute arbitrary code with superuser privileges.
-
-A malicious server may be able to cause a connecting ssh client to
-execute arbitrary code with the privileges of the client user.
-
-IV. Workaround
-
-Do one of the following:
-
-1) The FreeBSD malloc implementation can be configured to overwrite
- or `junk' memory that is returned to the malloc arena. Due to the
- details of exploiting this bug, configuring malloc to junk memory
- will thwart the attack.
-
- To configure a FreeBSD system to junk memory, execute the following
- commands as root:
-
- # ln -fs J /etc/malloc.conf
-
- Note that this option will degrade system performance. See the
- malloc(3) man page for full details on malloc options.
-
-2) Disable the base system sshd by executing the following command as
- root:
-
- # kill `cat /var/run/sshd.pid`
-
- Be sure that sshd is not restarted when the system is restarted
- by adding the following line to the end of /etc/rc.conf:
-
- sshd_enable="NO"
-
- AND
-
- Deinstall the openssh or openssh-portable ports if you have one of
- them installed.
-
-V. Solution
-
-Do one of the following:
-
-[For OpenSSH included in the base system]
-
-1) Upgrade the vulnerable system to 4.4-RELEASEp9, 4.5-RELEASEp2,
- or 4.5-STABLE after the correction date and rebuild.
-
-2) FreeBSD 4.x systems prior to the correction date:
-
-The following patch has been verified to apply to FreeBSD 4.4-RELEASE,
-4.5-RELEASE, and 4.5-STABLE dated prior to the correction date. It
-may or may not apply to older, unsupported versions of FreeBSD.
-
-Download the patch and the detached PGP signature from the following
-locations, and verify the signature using your PGP utility.
-
-# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch
-# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch.asc
-
-Execute the following commands as root:
-
-# cd /usr/src
-# patch < /path/to/sshd.patch
-# cd /usr/src/secure/lib/libssh
-# make depend && make all
-# cd /usr/src/secure/usr.sbin/sshd
-# make depend && make all install
-# cd /usr/src/secure/usr.bin/ssh
-# make depend && make all install
-
-[For the OpenSSH ports]
-
-One of the following:
-
-1) Upgrade your entire ports collection and rebuild the OpenSSH port.
-
-2) Deinstall the old package and install a new package obtained from
-the following directory:
-
-[i386]
-ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/
-
-[other platforms]
-Packages are not automatically generated for other platforms at this
-time due to lack of build resources.
-
-3) Download a new port skeleton for the openssh or openssh-portable
-port from:
-
-http://www.freebsd.org/ports/
-
-and use it to rebuild the port.
-
-4) Use the portcheckout utility to automate option (3) above. The
-portcheckout port is available in /usr/ports/devel/portcheckout or the
-package can be obtained from:
-
-ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz
-ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz
-
-VI. Correction details
-
-The following list contains the revision numbers of each file that was
-corrected in the FreeBSD ports collection.
-
-Path Revision
- Branch
-- -------------------------------------------------------------------------
-[Base system]
-src/crypto/openssh/channels.c
- HEAD 1.8
- RELENG_4 1.1.1.1.2.6
- RELENG_4_5 1.1.1.1.2.5.2.1
- RELENG_4_4 1.1.1.1.2.4.4.1
-src/crypto/openssh/version.h
- HEAD 1.10
- RELENG_4 1.1.1.1.2.8
- RELENG_4_5 1.1.1.1.2.7.2.1
- RELENG_4_4 1.1.1.1.2.5.2.2
-src/sys/conf/newvers.sh
- RELENG_4_5 1.44.2.20.2.3
- RELENG_4_4 1.44.2.17.2.8
-
-[Ports]
-ports/security/openssh/Makefile 1.81
-ports/security/openssh/files/patch-channels.c 1.1
-ports/security/openssh-portable/Makefile 1.21
-ports/security/openssh-portable/files/patch-channels.c 1.1
-- -------------------------------------------------------------------------
-
-Branch Version string
-- -------------------------------------------------------------------------
-HEAD OpenSSH_2.9 FreeBSD localisations 20020307
-RELENG_4 OpenSSH_2.9 FreeBSD localisations 20020307
-RELENG_4_5 OpenSSH_2.9 FreeBSD localisations 20020307
-RELENG_4_4 OpenSSH_2.3.0 FreeBSD localisations 20020307
-- -------------------------------------------------------------------------
-
-To view the version string of the OpenSSH server, execute the
-following command:
-
- % /usr/sbin/sshd -\?
-
-The version string is also displayed when a client connects to the
-server.
-
-To view the version string of the OpenSSH client, execute the
-following command:
-
- % /usr/bin/ssh -V
-
-VII. References
-
-<URL:http://www.pine.nl/advisories/pine-cert-20020301.txt>
-
-The Common Vulnerabilities and Exposures project (cve.mitre.org) has
-assigned the name CAN-2002-0083 to this issue.
- <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0083>
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.0.6 (FreeBSD)
-Comment: For info see http://www.gnupg.org
-
-iQCVAwUBPId+x1UuHi5z0oilAQGvpAP+NDgcpdZAo8aB2ptAbbS7h3MzJULCnPlN
-BqnQ+AylR8HTcPt7XduF6Sh8KSpu75Y5uCJcrNvAoF2jmnH3DFa79GY4hEj7VvCl
-DiAzN3bwcTFBAPWSNaCXK6odyqCjumMOL3drgtibuMHZuQSKn5ZOvNKquVSXuaY+
-86MXQwGukUU=
-=csOr
------END PGP SIGNATURE-----
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-23 08:27:43 +0000