OpenSSH绕过ForceCommand指令漏洞

admin
admin
admin
0
文章
0
评论
2022-07-19 11:44:07 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

OpenSSH绕过ForceCommand指令漏洞

  • CNNVD编号:CNNVD-200804-051
  • 危害等级: 中危
  • CVE编号: CVE-2008-1657
  • 漏洞类型: 权限许可和访问控制
  • 发布时间: 2008-03-31
  • 威胁类型: 远程
  • 更新时间: 2009-02-21
  • 厂        商: openbsd
  • 漏洞来源: Damien Miller djm@...

漏洞简介

OpenSSH是一种开放源码的SSH协议的实现,初始版本用于OpenBSD平台,现在已经被移植到多种Unix/Linux类操作系统下。

OpenSSH没有正确地实现ForceCommand指令,如果本地攻击者修改了~/.ssh/rc会话文件的话,则即使ForceCommand指令仍有效,攻击者仍可以执行任意代码。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

Ubuntu Ubuntu Linux 7.10 powerpc

Ubuntu openssh-client-udeb_4.6p1-5ubuntu0.6_powerpc.udeb

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-u deb_4.6p1-5ubuntu0.6_powerpc.udeb

Ubuntu openssh-client_4.6p1-5ubuntu0.6_powerpc.deb

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4 .6p1-5ubuntu0.6_powerpc.deb

Ubuntu openssh-server-udeb_4.6p1-5ubuntu0.6_powerpc.udeb

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-u deb_4.6p1-5ubuntu0.6_powerpc.udeb

Ubuntu openssh-server_4.6p1-5ubuntu0.6_powerpc.deb

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4 .6p1-5ubuntu0.6_powerpc.deb

Ubuntu ssh-askpass-gnome_4.6p1-5ubuntu0.6_powerpc.deb

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnom e_4.6p1-5ubuntu0.6_powerpc.deb

Ubuntu ssh-krb5_4.6p1-5ubuntu0.6_all.deb

http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/ssh-krb5_4.6 p1-5ubuntu0.6_all.deb

Ubuntu ssh_4.6p1-5ubuntu0.6_all.deb

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.6p1-5ubunt u0.6_all.deb

OpenBSD Portable OpenSSH 4.4p1

OpenBSD openssh-4.9p1.tar.gz

ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-4.9p1.tar.g z

OpenBSD Portable OpenSSH 4.7p1

OpenBSD openssh-4.9p1.tar.gz

ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-4.9p1.tar.g z

Ubuntu Ubuntu Linux 7.04 i386

Ubuntu openssh-client-udeb_4.3p2-8ubuntu1.5_i386.udeb

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-u deb_4.3p2-8ubuntu1.5_i386.udeb

Ubuntu openssh-client_4.3p2-8ubuntu1.5_i386.deb

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4 .3p2-8ubuntu1.5_i386.deb

Ubuntu openssh-server-udeb_4.3p2-8ubuntu1.5_i386.udeb

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-u deb_4.3p2-8ubuntu1.5_i386.udeb

Ubuntu openssh-server_4.3p2-8ubuntu1.5_i386.deb

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4 .3p2-8ubuntu1.5_i386.deb

Ubuntu ssh-askpass-gnome_4.3p2-8ubuntu1.5_i386.deb

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnom e_4.3p2-8ubuntu1.5_i386.deb

Ubuntu ssh-krb5_4.3p2-8ubuntu1.5_all.deb

http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/ssh-krb5_4.3 p2-8ubuntu1.5_all.deb

Ubuntu ssh_4.3p2-8ubuntu1.5_all.deb

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.3p2-8ubunt u1.5_all.deb

OpenBSD Portable OpenSSH 4.0p1

OpenBSD openssh-4.9p1.tar.gz

ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-4.9p1.tar.g z

OpenBSD Portable OpenSSH 4.5p1

OpenBSD openssh-4.9p1.tar.gz

ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-4.9p1.tar.g z

Ubuntu Ubuntu Linux 7.04 amd64

Ubuntu openssh-client-udeb_4.3p2-8ubuntu1.5_amd64.udeb

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-u deb_4.3p2-8ubuntu1.5_amd64.udeb

Ubuntu openssh-client_4.3p2-8ubuntu1.5_amd64.deb

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4 .3p2-8ubuntu1.5_amd64.deb

Ubuntu openssh-server-udeb_4.3p2-8ubuntu1.5_amd64.udeb

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-u deb_4.3p2-8ubuntu1.5_amd64.udeb

Ubuntu openssh-server_4.3p2-8ubuntu1.5_amd64.deb

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4 .3p2-8ubuntu1.5_amd64.deb

Ubuntu ssh-askpass-gnome_4.3p2-8ubuntu1.5_amd64.deb

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnom e_4.3p2-8ubuntu1.5_amd64.deb

Ubuntu ssh-krb5_4.3p2-8ubuntu1.5_all.deb

http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/ssh-krb5_4.3 p2-8ubuntu1.5_all.deb

Ubuntu ssh_4.3p2-8ubuntu1.5_all.deb

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.3p2-8ubunt u1.5_all.deb

OpenBSD Portable OpenSSH 4.6p1

OpenBSD openssh-4.9p1.tar.gz

ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-4.9p1.tar.g z

Ubuntu Ubuntu Linux 6.06 LTS i386

Ubuntu openssh-client-udeb_4.2p1-7ubuntu3.5_i386.udeb

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-u deb_4.2p1-7ubunt

参考网址

来源: BID

名称: 28531

链接:http://www.securityfocus.com/bid/28531

来源: OPENBSD

名称: [4.3] 001: SECURITY FIX: March 30, 2008

链接:http://www.openbsd.org/errata43.HTML#001_openssh

来源: VUPEN

名称: ADV-2008-1035

链接:http://www.frsirt.com/english/advisories/2008/1035/references

来源: issues.rpath.com

链接:https://issues.rpath.com/browse/RPL-2419

来源: XF

名称: openssh-forcecommand-command-execution(41549)

链接:http://xforce.iss.net/xforce/xfdb/41549

来源: UBUNTU

名称: USN-649-1

链接:http://www.ubuntu.com/usn/usn-649-1

来源: SECTRACK

名称: 1019733

链接:http://www.securitytracker.com/id?1019733

来源: BUGTRAQ

名称: 20080404 rPSA-2008-0139-1 gnome-ssh-askpass openssh openssh-client openssh-server

链接:http://www.securityfocus.com/archive/1/archive/1/490488/100/0/threaded

来源: CONFIRM

名称: http://www.openssh.com/txt/release-4.9

链接:http://www.openssh.com/txt/release-4.9

来源: MANDRIVA

名称: MDVSA-2008:098

链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:098

来源: GENTOO

名称: GLSA-200804-03

链接:http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml

来源: VUPEN

名称: ADV-2008-2584

链接:http://www.frsirt.com/english/advisories/2008/2584

来源: VUPEN

名称: ADV-2008-2396

链接:http://www.frsirt.com/english/advisories/2008/2396

来源: VUPEN

名称: ADV-2008-1624

链接:http://www.frsirt.com/english/advisories/2008/1624/references

来源: CONFIRM

名称: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139

链接:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139

来源: CONFIRM

名称: http://support.attachmate.com/techdocs/2374.HTML

链接:http://support.attachmate.com/techdocs/2374.HTML

来源: SECUNIA

名称: 32110

链接:http://secunia.com/advisories/32110

来源: SECUNIA

名称: 32080

链接:http://secunia.com/advisories/32080

来源: SECUNIA

名称: 31882

链接:http://secunia.com/advisories/31882

来源: SECUNIA

名称: 31531

链接:http://secunia.com/advisories/31531

来源: SECUNIA

名称: 30361

链接:http://secunia.com/advisories/30361

来源: SECUNIA

名称: 29939

链接:http://secunia.com/advisories/29939

来源: SECUNIA

名称: 29735

链接:http://secunia.com/advisories/29735

来源: SECUNIA

名称: 29693

链接:http://secunia.com/advisories/29693

来源: SECUNIA

名称: 29683

链接:http://secunia.com/advisories/29683

来源: SECUNIA

名称: 29609

链接:http://secunia.com/advisories/29609

来源: SECUNIA

名称: 29602

链接:http://secunia.com/advisories/29602

来源: SUSE

名称: SUSE-SR:2008:009

链接:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.HTML

来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple

名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2008-09-15

链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce//2008/Sep/msg00005.HTML

来源: aix.software.ibm.com

链接:http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc

来源: NETBSD

名称: NetBSD-SA2008-005

链接:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc

受影响实体

  • Openbsd Openssh:4.4  
  • Openbsd Openssh:4.4p1  
  • Openbsd Openssh:4.5  
  • Openbsd Openssh:4.6  
  • Openbsd Openssh:4.7  

补丁

    暂无

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0