OpenSSH privilege separation monitor authentication verification weakness

openssh-separation-verificaton-weakness (30120)

Low Risk

Description:

The OpenSSH sshd privilege separation monitor could allow a remote attacker to bypass security restrictions, caused by an unspecified error that results in a weak authentication verification process.

Note: This security weakness requires the use of other vulnerabilities to be exploited to bypass security.

Platforms Affected:

• copssh, copssh before 1.4.1
• MandrakeSoft, Mandrake Linux 2006 X86_64
• MandrakeSoft, Mandrake Linux 2006
• MandrakeSoft, Mandrake Linux 2007 X86_64
• MandrakeSoft, Mandrake Linux 2007
• MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
• MandrakeSoft, Mandrake Linux Corporate Server 3.0
• MandrakeSoft, Mandrake Linux Corporate Server 4.0 X86_64
• MandrakeSoft, Mandrake Linux Corporate Server 4.0
• MandrakeSoft, Mandrake Multi Network Firewall 2.0
• OpenBSD, OpenSSH 1.2
• OpenBSD, OpenSSH 1.2.1
• OpenBSD, OpenSSH 1.2.2
• OpenBSD, OpenSSH 1.2.27
• OpenBSD, OpenSSH 1.2.3
• OpenBSD, OpenSSH 2.1
• OpenBSD, OpenSSH 2.1.1
• OpenBSD, OpenSSH 2.1.1p4
• OpenBSD, OpenSSH 2.2
• OpenBSD, OpenSSH 2.2.0p1
• OpenBSD, OpenSSH 2.3
• OpenBSD, OpenSSH 2.3.0p1
• OpenBSD, OpenSSH 2.5
• OpenBSD, OpenSSH 2.5.1
• OpenBSD, OpenSSH 2.5.1p1
• OpenBSD, OpenSSH 2.5.1p2
• OpenBSD, OpenSSH 2.5.2
• OpenBSD, OpenSSH 2.5.2p1
• OpenBSD, OpenSSH 2.5.2p2
• OpenBSD, OpenSSH 2.9
• OpenBSD, OpenSSH 2.9.9
• OpenBSD, OpenSSH 2.9.9p1
• OpenBSD, OpenSSH 2.9.9p2
• OpenBSD, OpenSSH 2.9p1
• OpenBSD, OpenSSH 2.9p2
• OpenBSD, OpenSSH 3.0
• OpenBSD, OpenSSH 3.0.1
• OpenBSD, OpenSSH 3.0.1p1
• OpenBSD, OpenSSH 3.0.2
• OpenBSD, OpenSSH 3.0.2p1
• OpenBSD, OpenSSH 3.0p1
• OpenBSD, OpenSSH 3.1
• OpenBSD, OpenSSH 3.1p1
• OpenBSD, OpenSSH 3.2
• OpenBSD, OpenSSH 3.2.2
• OpenBSD, OpenSSH 3.2.2p1
• OpenBSD, OpenSSH 3.2.3
• OpenBSD, OpenSSH 3.2.3p1
• OpenBSD, OpenSSH 3.3
• OpenBSD, OpenSSH 3.3p1
• OpenBSD, OpenSSH 3.4
• OpenBSD, OpenSSH 3.4p1
• OpenBSD, OpenSSH 3.5
• OpenBSD, OpenSSH 3.5p1
• OpenBSD, OpenSSH 3.6
• OpenBSD, OpenSSH 3.6.1
• OpenBSD, OpenSSH 3.6.1p1
• OpenBSD, OpenSSH 3.6.1p2
• OpenBSD, OpenSSH 3.7
• OpenBSD, OpenSSH 3.7.1
• OpenBSD, OpenSSH 3.7.1p1
• OpenBSD, OpenSSH 3.7.1p2
• OpenBSD, OpenSSH 3.8
• OpenBSD, OpenSSH 3.8.1
• OpenBSD, OpenSSH 3.8.1p1
• OpenBSD, OpenSSH 3.9
• OpenBSD, OpenSSH 3.9.1
• OpenBSD, OpenSSH 3.9.1p1
• OpenBSD, OpenSSH 4.0
• OpenBSD, OpenSSH 4.0p1
• OpenBSD, OpenSSH 4.1
• OpenBSD, OpenSSH 4.1p1
• OpenBSD, OpenSSH 4.2
• OpenBSD, OpenSSH 4.2p1
• OpenBSD, OpenSSH 4.3
• OpenBSD, OpenSSH 4.3p1
• OpenBSD, OpenSSH 4.3p2
• OpenBSD, OpenSSH 4.4
• OpenBSD, OpenSSH 4.4p1
• OpenPKG, OpenPKG CURRENT
• OpenPKG, OpenPKG Enterprise E1.0-SOLID
• RedHat, Enterprise Linux 3 Desktop
• RedHat, Enterprise Linux 3 AS
• RedHat, Enterprise Linux 3 ES
• RedHat, Enterprise Linux 3 WS
• RedHat, Enterprise Linux 4 AS
• RedHat, Enterprise Linux 4 WS
• RedHat, Enterprise Linux 4 Desktop
• RedHat, Enterprise Linux 4 ES
• Turbolinux, Turbolinux 10 Desktop
• Turbolinux, Turbolinux 10 F...
• Turbolinux, Turbolinux 10 Server
• Turbolinux, Turbolinux 10 Server x64 Ed
• Turbolinux, Turbolinux 8 Server
• Turbolinux, Turbolinux FUJI
• Turbolinux, Turbolinux Home
• Turbolinux, Turbolinux Multimedia
• Turbolinux, Turbolinux Personal
• Turbolinux, Turbolinux Appliance Server 1.0 Hosting Ed
• Turbolinux, Turbolinux Appliance Server 1.0 Workgroup Ed
• Turbolinux, Turbolinux Appliance Server 2.0

Remedy:

For OpenSSH:
Upgrade to the latest version of OpenSSH (version 4.5 or later), available from the OpenSSH Web site. See References.

For copssh:
Upgrade to the latest version of copssh (version 1.4.1 or later), available from the SourceForge.net Web site. See References.

For Red Hat Linux:
Refer to RHSA-2006:0738-4 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Apply the appropriate update for your system. See References.

Consequences:

Bypass Security

References:

• IBM Systems Support Web site, Support for HMC at https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v61.Readme.html#MH01110.
• OpenSSH Web site, OpenSSH 4.5/4.5p1 at http://www.openssh.org/txt/release-4.5.
• OpenSSH Web site, OpenSSH at http://openssh.com/.
• SourceForge.net, copssh - Secure and Remote Software Distribution at http://sourceforge.net/project/showfiles.php?group_id=69227.
• SourceForge.net: Files, Secure and Remote Software Distribution - File Release Notes and Changelog - Release Name: 1.4.1 at http://sourceforge.net/project/shownotes.php?release_id=461854&group_id=69227.
• ASA-2007-048: openssh security update (RHSA-2006-0738)
• BID-20956: OpenSSH Privilege Separation Key Signature Weakness
• CVE-2006-5794: Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.
• MDKSA-2006:204: Updated openssh packages fix vulnerability
• OpenPKG-SA-2006.032: OpenSSH
• RHSA-2006-0738: Low: openssh security update
• SA22771: OpenSSH Privilege Separation Monitor Weakness
• SA22772: cwRsync OpenSSL Vulnerabilities and OpenSSH Weakness
• SA22773: copssh Privilege Separation Monitor Weakness
• SA23680: VMWare ESX Server Multiple Vulnerabilities
• SA24055: Avaya Products OpenSSH Privilege Separation Monitor Weakness
• SECTRACK ID: 1017183: OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
• SUSE-SR:2006:026: SUSE Security Summary Report

Reported:

Nov 07, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page