Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-086-1 ssh-nonfree -- remote root exploit

Related Vulnerabilities: CVE-2001-0361  

We have received reports that the "SSH CRC-32 compensation attack detector vulnerability" is being actively exploited. This is the same integer type error previously corrected for OpenSSH in DSA-027-1. OpenSSH (the Debian ssh package) was fixed at that time, but ssh-nonfree and ssh-socks were not. Though packages in the non-free section of the archive are not officially supported by the Debian project, we are taking the unusual step of releasing updated ssh-nonfree/ssh-socks packages for those users who have not yet migrated to OpenSSH. However, we do recommend that our users migrate to the regularly supported, DFSG-free "ssh" package as soon as possible. ssh 1.2.3-9.3 is the OpenSSH package available in Debian 2.2r4. The fixed ssh-nonfree/ssh-socks packages are available in version 1.2.27-6.2 for use with Debian 2.2 (potato) and version 1.2.27-8 for use with the Debian unstable/testing distribution. Note that the new ssh-nonfree/ssh-socks packages remove the setuid bit from the ssh binary, disabling rhosts-rsa authentication. If you need this functionality, run chmod u+s /usr/bin/ssh1 after installing the new package.

Source

Debian Security Advisory

DSA-086-1 ssh-nonfree -- remote root exploit

Date Reported:
13 Nov 2001
Affected Packages:
ssh-nonfree, ssh-socks
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2001-0361.
More information:

We have received reports that the "SSH CRC-32 compensation attack detector vulnerability" is being actively exploited. This is the same integer type error previously corrected for OpenSSH in DSA-027-1. OpenSSH (the Debian ssh package) was fixed at that time, but ssh-nonfree and ssh-socks were not.

Though packages in the non-free section of the archive are not officially supported by the Debian project, we are taking the unusual step of releasing updated ssh-nonfree/ssh-socks packages for those users who have not yet migrated to OpenSSH. However, we do recommend that our users migrate to the regularly supported, DFSG-free "ssh" package as soon as possible. ssh 1.2.3-9.3 is the OpenSSH package available in Debian 2.2r4.

The fixed ssh-nonfree/ssh-socks packages are available in version 1.2.27-6.2 for use with Debian 2.2 (potato) and version 1.2.27-8 for use with the Debian unstable/testing distribution. Note that the new ssh-nonfree/ssh-socks packages remove the setuid bit from the ssh binary, disabling rhosts-rsa authentication. If you need this functionality, run

chmod u+s /usr/bin/ssh4

after installing the new package.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Source:
http://security.debian.org/dists/potato/updates/non-free/source/ssh-nonfree_1.2.27-6.2.diff.gz
http://security.debian.org/dists/potato/updates/non-free/source/ssh-nonfree_1.2.27-6.2.dsc
http://security.debian.org/dists/potato/updates/non-free/source/ssh-nonfree_1.2.27.orig.tar.gz
Alpha:
http://security.debian.org/dists/potato/updates/non-free/binary-alpha/ssh-askpass-nonfree_1.2.27-6.2_alpha.deb
http://security.debian.org/dists/potato/updates/non-free/binary-alpha/ssh-nonfree_1.2.27-6.2_alpha.deb
http://security.debian.org/dists/potato/updates/non-free/binary-alpha/ssh-socks_1.2.27-6.2_alpha.deb
ARM: Not yet available
Intel ia32:
http://security.debian.org/dists/potato/updates/non-free/binary-i386/ssh-askpass-nonfree_1.2.27-6.2_i386.deb
http://security.debian.org/dists/potato/updates/non-free/binary-i386/ssh-nonfree_1.2.27-6.2_i386.deb
http://security.debian.org/dists/potato/updates/non-free/binary-i386/ssh-socks_1.2.27-6.2_i386.deb
Motorola M680x0:
http://security.debian.org/dists/potato/updates/non-free/binary-m68k/ssh-askpass-nonfree_1.2.27-6.2_m68k.deb
http://security.debian.org/dists/potato/updates/non-free/binary-m68k/ssh-nonfree_1.2.27-6.2_m68k.deb
http://security.debian.org/dists/potato/updates/non-free/binary-m68k/ssh-socks_1.2.27-6.2_m68k.deb
PowerPC:
http://security.debian.org/dists/potato/updates/non-free/binary-powerpc/ssh-askpass-nonfree_1.2.27-6.2_powerpc.deb
http://security.debian.org/dists/potato/updates/non-free/binary-powerpc/ssh-nonfree_1.2.27-6.2_powerpc.deb
http://security.debian.org/dists/potato/updates/non-free/binary-powerpc/ssh-socks_1.2.27-6.2_powerpc.deb
Sun Sparc:
http://security.debian.org/dists/potato/updates/non-free/binary-sparc/ssh-askpass-nonfree_1.2.27-6.2_sparc.deb
http://security.debian.org/dists/potato/updates/non-free/binary-sparc/ssh-nonfree_1.2.27-6.2_sparc.deb
http://security.debian.org/dists/potato/updates/non-free/binary-sparc/ssh-socks_1.2.27-6.2_sparc.deb

MD5 checksums of the listed files are available in the original advisory.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started