Advisories

Mandriva Advisories

Package name	openssh
Date	March 7th, 2002
Advisory ID	MDKSA-2002:019
Affected versions	7.1, 7.2, 8.0, 8.1, CS1.0
Synopsis	Updated openssh packages fix local root vulnerability

Problem Description

Joost Pol found a bug in the channel code of all versions of OpenSSH
from 2.0 to 3.0.2. This bug can allow authenticated users with an
existing account on the vulnerable system to obtain root privilege or
by a malicious server attacking a vulnerable client. OpenSSH 3.1 is
not vulnerable to this problem. The provided packages fix this
vulnerability.

Updated Packages

Mandrakelinux 7.1

 bc34824969b478a98a5a5a76d8be06b5  7.1/RPMS/openssh-3.0.2p1-1.7mdk.i586.rpm
429ebe6c85060b520768175f1b739743  7.1/RPMS/openssh-askpass-3.0.2p1-1.7mdk.i586.rpm
889aa64afb4602f5f170b8669b8008b0  7.1/RPMS/openssh-askpass-gnome-3.0.2p1-1.7mdk.i586.rpm
90607450de8453562bad9dbf45bb1f2d  7.1/RPMS/openssh-clients-3.0.2p1-1.7mdk.i586.rpm
333454f7b2a6b16eb67742ae93c08fce  7.1/RPMS/openssh-server-3.0.2p1-1.7mdk.i586.rpm
616f318fe1a6a4edb33f299f75916747  7.1/SRPMS/openssh-3.0.2p1-1.7mdk.src.rpm

Mandrakelinux 7.2

 c14977e0a4b7298dd81ab19fdc88440b  7.2/RPMS/openssh-3.0.2p1-1.6mdk.i586.rpm
35a7b31ed5bda3881677daac6201ef01  7.2/RPMS/openssh-askpass-3.0.2p1-1.6mdk.i586.rpm
a3dfd2f05699e31617e5f92805efbd01  7.2/RPMS/openssh-askpass-gnome-3.0.2p1-1.6mdk.i586.rpm
2312e6704c681a217542f18114e42975  7.2/RPMS/openssh-clients-3.0.2p1-1.6mdk.i586.rpm
26486934d611183d82f51f42e24bb1da  7.2/RPMS/openssh-server-3.0.2p1-1.6mdk.i586.rpm
93d28e0b0a54ba70a8948f8d099abcbd  7.2/SRPMS/openssh-3.0.2p1-1.6mdk.src.rpm

Mandrakelinux 8.0

 0fd791ab728bfcc7fe0378b6b24f168c  8.0/RPMS/openssh-3.1p1-1.1mdk.i586.rpm
23873cfc4e6fc201fbcf4ae70c858256  8.0/RPMS/openssh-askpass-3.1p1-1.1mdk.i586.rpm
c61377a9986bd903f7f965fc21db402e  8.0/RPMS/openssh-askpass-gnome-3.1p1-1.1mdk.i586.rpm
374702df268b15ce2d33b33916fdb0b0  8.0/RPMS/openssh-clients-3.1p1-1.1mdk.i586.rpm
56f2c487ae041ef662ac45f338f5c331  8.0/RPMS/openssh-server-3.1p1-1.1mdk.i586.rpm
15e3cdabaf6685e36f2a8c92cf8c68e9  8.0/SRPMS/openssh-3.1p1-1.1mdk.src.rpm

Mandrakelinux 8.0/PPC

 6bb51cef03c8c1d6ff84ac8a46be74f4  ppc/8.0/RPMS/openssh-3.1p1-1.1mdk.ppc.rpm
b655673634b667a27e0d67a49e44dfdc  ppc/8.0/RPMS/openssh-askpass-3.1p1-1.1mdk.ppc.rpm
e1d9f17730903e3c4d046d75d84bed52  ppc/8.0/RPMS/openssh-askpass-gnome-3.1p1-1.1mdk.ppc.rpm
bf68372dfee08ecc606d4db37f559722  ppc/8.0/RPMS/openssh-clients-3.1p1-1.1mdk.ppc.rpm
3c3f67d6ed2bd85174aa9c2654f222bf  ppc/8.0/RPMS/openssh-server-3.1p1-1.1mdk.ppc.rpm
15e3cdabaf6685e36f2a8c92cf8c68e9  ppc/8.0/SRPMS/openssh-3.1p1-1.1mdk.src.rpm

Mandrakelinux 8.1

 44ff50aad9a9696ee747d201b9a3bd5f  8.1/RPMS/openssh-3.1p1-1.1mdk.i586.rpm
a8d4315ed3b5fab0e8d8f3abcae36ce7  8.1/RPMS/openssh-askpass-3.1p1-1.1mdk.i586.rpm
4df4ec7a72c4c5dbda179799738b8bd7  8.1/RPMS/openssh-askpass-gnome-3.1p1-1.1mdk.i586.rpm
a332044cf9eaeaaae0af923d55678e2b  8.1/RPMS/openssh-clients-3.1p1-1.1mdk.i586.rpm
a2a39c0c29d0c3a7660d8c58023edbe4  8.1/RPMS/openssh-server-3.1p1-1.1mdk.i586.rpm
15e3cdabaf6685e36f2a8c92cf8c68e9  8.1/SRPMS/openssh-3.1p1-1.1mdk.src.rpm

Mandrakelinux 8.1/IA64

 f885782f2ff38dc6a49cc72a2b9d7275  ia64/8.1/RPMS/openssh-3.1p1-1.1mdk.ia64.rpm
d475cb384418532d86fbdf83833049c8  ia64/8.1/RPMS/openssh-askpass-3.1p1-1.1mdk.ia64.rpm
eedf9742b96bcc09149b27b0bcd0eec9  ia64/8.1/RPMS/openssh-askpass-gnome-3.1p1-1.1mdk.ia64.rpm
92d50a697f93113791c45f0e92afb5d8  ia64/8.1/RPMS/openssh-clients-3.1p1-1.1mdk.ia64.rpm
088704726b7b77d6bee5f16df3eeba09  ia64/8.1/RPMS/openssh-server-3.1p1-1.1mdk.ia64.rpm
15e3cdabaf6685e36f2a8c92cf8c68e9  ia64/8.1/SRPMS/openssh-3.1p1-1.1mdk.src.rpm

Corporate Server 1.0.1

 bc34824969b478a98a5a5a76d8be06b5  1.0.1/RPMS/openssh-3.0.2p1-1.7mdk.i586.rpm
429ebe6c85060b520768175f1b739743  1.0.1/RPMS/openssh-askpass-3.0.2p1-1.7mdk.i586.rpm
889aa64afb4602f5f170b8669b8008b0  1.0.1/RPMS/openssh-askpass-gnome-3.0.2p1-1.7mdk.i586.rpm
90607450de8453562bad9dbf45bb1f2d  1.0.1/RPMS/openssh-clients-3.0.2p1-1.7mdk.i586.rpm
333454f7b2a6b16eb67742ae93c08fce  1.0.1/RPMS/openssh-server-3.0.2p1-1.7mdk.i586.rpm
616f318fe1a6a4edb33f299f75916747  1.0.1/SRPMS/openssh-3.0.2p1-1.7mdk.src.rpm

References

http://www.pine.nl/advisories/pine-cert-20020301.txt
http://marc.theaimsgroup.com/?l=bugtraq&m=101553908201861&w=2

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer