漏洞信息详情
OpenSSH 'Channel'代码实现off-by-one漏洞
- CNNVD编号:CNNVD-200203-034
- 危害等级: 高危
- CVE编号: CVE-2002-0083
- 漏洞类型: 数字错误
- 发布时间: 2002-03-15
- 威胁类型: 远程
- 更新时间: 2006-09-15
- 厂 商: redhat
- 漏洞来源: Joost Pol※ joost@p...
漏洞简介
OpenSSH是一个对SSH协议开放源码的,免费的实现。它对所有网络通讯进行加密传输,从而避开了许多网络层的攻击,是个很有用的网络连接工具。 OpenSSH实现上存在缓冲区溢出漏洞,一个有合法登录帐号的用户可以利用此漏洞得到主机的root权限。 为了实现X11、TCP和代理转发,OpenSSH在一个TCP连接上复用多个\"channel\"。OpenSSH在管理\"channel\"的代码实现上存在一个off-by-one(偏移一个单位)漏洞,程序可能会错误地使用正常范围之外的内存数据,一个有合法登录帐号的攻击者登录到系统以后可以利用此漏洞让sshd以root权限执行任意指令。一个恶意的ssh服务器也可能利用此漏洞在用户的客户机上执行任意指令。
漏洞公告
临时解决方法: 如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
* 此问题没有好的临时解决方法,您应该尽快升级软件。如果不能及时升级,您应该限制不可信用户对sshd的访问。
* 您也可以使用下列补丁:
--- channels_old.c Mon Mar 4 02:07:06 2002
+++ channels.c Mon Mar 4 02:07:16 2002
@@ -151,7 +151,7 @@
channel_lookup(int id)
{
Channel *c;
- if (id < 0="" ||="" id=""> channels_alloc) {
+ if (id < 0="" ||="" id="">= channels_alloc) {
log("channel_lookup: %d: bad id", id);
return NULL;
} 厂商补丁: Caldera ------- Caldera已经为此发布了一个安全公告(CSSA-2002-SCO.10)以及相应补丁:
CSSA-2002-SCO.10:OpenServer: OpenSSH channel code vulnerability
链接:ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.10
补丁下载:
OpenServer:
ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/openssh-3.1p1-VOLS.tar
从上述地址将补丁下载到/tmp目录下并展开:
# cd /tmp
# tar xvf openssh-3.1p1-VOLS.tar
运行custom命令,指定从媒介映像中安装,将/tmp目录作为映像所在位置。 Conectiva --------- Conectiva已经为此发布了一个安全公告(CLA-2002:467)以及相应补丁:
CLA-2002:467:openssh
链接: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467
补丁下载:
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/openssh-3.0.2p1-1U50_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/openssh-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/openssh-askpass-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/openssh-askpass-gnome-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/openssh-clients-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/openssh-server-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/openssh-3.0.2p1-1U51_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/openssh-3.0.2p1-1U51_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/openssh-askpass-3.0.2p1-1U51_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/openssh-askpass-gnome-3.0.2p1-1U51_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/openssh-clients-3.0.2p1-1U51_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/openssh-server-3.0.2p1-1U51_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/openssh-3.0.2p1-1U60_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openssh-3.0.2p1-1U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openssh-askpass-3.0.2p1-1U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openssh-askpass-gnome-3.0.2p1-1U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openssh-clients-3.0.2p1-1U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openssh-server-3.0.2p1-1U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/openssh-3.0.2p1-1U70_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-3.0.2p1-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-askpass-3.0.2p1-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-askpass-gnome-3.0.2p1-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-clients-3.0.2p1-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-server-3.0.2p1-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/openssh-3.0.2p1-1U50_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/openssh-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/openssh-askpass-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/openssh-askpass-gnome-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/openssh-clients-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/openssh-server-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/openssh-3.0.2p1-1U50_2cl.src.rpm
参考网址
来源: ENGARDE 名称: ESA-20020307-007 链接:http://www.linuxsecurity.com/advisories/other_advisory-1937.HTML 来源: BID 名称: 4241 链接:http://www.securityfocus.com/bid/4241 来源: REDHAT 名称: RHSA-2002:043 链接:http://www.redhat.com/support/errata/RHSA-2002-043.HTML 来源: OSVDB 名称: 730 链接:http://www.osvdb.org/730 来源: www.openbsd.org 链接:http://www.openbsd.org/advisories/ssh_channelalloc.txt 来源: SUSE 名称: SuSE-SA:2002:009 链接:http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.HTML 来源: MANDRAKE 名称: MDKSA-2002:019 链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php 来源: XF 名称: openssh-channel-error(8383) 链接:http://www.iss.net/security_center/static/8383.php 来源: DEBIAN 名称: DSA-119 链接:http://www.debian.org/security/2002/dsa-119 来源: CALDERA 名称: CSSA-2002-012.0 链接:http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt 来源: BUGTRAQ 名称: 20020328 OpenSSH channel_lookup() off by one exploit 链接:http://online.securityfocus.com/archive/1/264657 来源: HP 名称: HPSBTL0203-029 链接:http://online.securityfocus.com/advisories/3960 来源: BUGTRAQ 名称: 20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=101586991827622&w=2 来源: BUGTRAQ 名称: 20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh) 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=101561384821761&w=2 来源: BUGTRAQ 名称: 20020307 OpenSSH Security Advisory (adv.channelalloc) 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=101553908201861&w=2 来源: BUGTRAQ 名称: 20020307 [PINE-CERT-20020301] OpenSSH off-by-one 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=101552065005254&w=2 来源: CONECTIVA 名称: CLA-2002:467 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467 来源: VULNWATCH 名称: 20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one 链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.HTML 来源: BUGTRAQ 名称: 20020311 TSLSA-2002-0039 - openssh 链接:http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.HTML 来源: CALDERA 名称: CSSA-2002-SCO.11 链接:ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt 来源: CALDERA 名称: CSSA-2002-SCO.10 链接:ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt 来源: NETBSD 名称: NetBSD-SA2002-004 链接:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc 来源: FREEBSD 名称: FreeBSD-SA-02:13 链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc
受影响实体
- Redhat Linux:7.1
补丁
暂无
评论