漏洞信息详情
OpenSSH绕过ForceCommand指令漏洞
- CNNVD编号:CNNVD-200804-051
- 危害等级: 中危
- CVE编号: CVE-2008-1657
- 漏洞类型: 权限许可和访问控制
- 发布时间: 2008-03-31
- 威胁类型: 远程
- 更新时间: 2009-02-21
- 厂 商: openbsd
- 漏洞来源: Damien Miller djm@...
漏洞简介
OpenSSH是一种开放源码的SSH协议的实现,初始版本用于OpenBSD平台,现在已经被移植到多种Unix/Linux类操作系统下。
OpenSSH没有正确地实现ForceCommand指令,如果本地攻击者修改了~/.ssh/rc会话文件的话,则即使ForceCommand指令仍有效,攻击者仍可以执行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Ubuntu Ubuntu Linux 7.10 powerpc
Ubuntu openssh-client-udeb_4.6p1-5ubuntu0.6_powerpc.udeb
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-u deb_4.6p1-5ubuntu0.6_powerpc.udeb
Ubuntu openssh-client_4.6p1-5ubuntu0.6_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4 .6p1-5ubuntu0.6_powerpc.deb
Ubuntu openssh-server-udeb_4.6p1-5ubuntu0.6_powerpc.udeb
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-u deb_4.6p1-5ubuntu0.6_powerpc.udeb
Ubuntu openssh-server_4.6p1-5ubuntu0.6_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4 .6p1-5ubuntu0.6_powerpc.deb
Ubuntu ssh-askpass-gnome_4.6p1-5ubuntu0.6_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnom e_4.6p1-5ubuntu0.6_powerpc.deb
Ubuntu ssh-krb5_4.6p1-5ubuntu0.6_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/ssh-krb5_4.6 p1-5ubuntu0.6_all.deb
Ubuntu ssh_4.6p1-5ubuntu0.6_all.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.6p1-5ubunt u0.6_all.deb
OpenBSD Portable OpenSSH 4.4p1
OpenBSD openssh-4.9p1.tar.gz
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-4.9p1.tar.g z
OpenBSD Portable OpenSSH 4.7p1
OpenBSD openssh-4.9p1.tar.gz
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-4.9p1.tar.g z
Ubuntu Ubuntu Linux 7.04 i386
Ubuntu openssh-client-udeb_4.3p2-8ubuntu1.5_i386.udeb
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-u deb_4.3p2-8ubuntu1.5_i386.udeb
Ubuntu openssh-client_4.3p2-8ubuntu1.5_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4 .3p2-8ubuntu1.5_i386.deb
Ubuntu openssh-server-udeb_4.3p2-8ubuntu1.5_i386.udeb
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-u deb_4.3p2-8ubuntu1.5_i386.udeb
Ubuntu openssh-server_4.3p2-8ubuntu1.5_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4 .3p2-8ubuntu1.5_i386.deb
Ubuntu ssh-askpass-gnome_4.3p2-8ubuntu1.5_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnom e_4.3p2-8ubuntu1.5_i386.deb
Ubuntu ssh-krb5_4.3p2-8ubuntu1.5_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/ssh-krb5_4.3 p2-8ubuntu1.5_all.deb
Ubuntu ssh_4.3p2-8ubuntu1.5_all.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.3p2-8ubunt u1.5_all.deb
OpenBSD Portable OpenSSH 4.0p1
OpenBSD openssh-4.9p1.tar.gz
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-4.9p1.tar.g z
OpenBSD Portable OpenSSH 4.5p1
OpenBSD openssh-4.9p1.tar.gz
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-4.9p1.tar.g z
Ubuntu Ubuntu Linux 7.04 amd64
Ubuntu openssh-client-udeb_4.3p2-8ubuntu1.5_amd64.udeb
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-u deb_4.3p2-8ubuntu1.5_amd64.udeb
Ubuntu openssh-client_4.3p2-8ubuntu1.5_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4 .3p2-8ubuntu1.5_amd64.deb
Ubuntu openssh-server-udeb_4.3p2-8ubuntu1.5_amd64.udeb
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-u deb_4.3p2-8ubuntu1.5_amd64.udeb
Ubuntu openssh-server_4.3p2-8ubuntu1.5_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4 .3p2-8ubuntu1.5_amd64.deb
Ubuntu ssh-askpass-gnome_4.3p2-8ubuntu1.5_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnom e_4.3p2-8ubuntu1.5_amd64.deb
Ubuntu ssh-krb5_4.3p2-8ubuntu1.5_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/ssh-krb5_4.3 p2-8ubuntu1.5_all.deb
Ubuntu ssh_4.3p2-8ubuntu1.5_all.deb
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.3p2-8ubunt u1.5_all.deb
OpenBSD Portable OpenSSH 4.6p1
OpenBSD openssh-4.9p1.tar.gz
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-4.9p1.tar.g z
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu openssh-client-udeb_4.2p1-7ubuntu3.5_i386.udeb
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-u deb_4.2p1-7ubunt
参考网址
来源: BID
名称: 28531
链接:http://www.securityfocus.com/bid/28531
来源: OPENBSD
名称: [4.3] 001: SECURITY FIX: March 30, 2008
链接:http://www.openbsd.org/errata43.HTML#001_openssh
来源: VUPEN
名称: ADV-2008-1035
链接:http://www.frsirt.com/english/advisories/2008/1035/references
来源: issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-2419
来源: XF
名称: openssh-forcecommand-command-execution(41549)
链接:http://xforce.iss.net/xforce/xfdb/41549
来源: UBUNTU
名称: USN-649-1
链接:http://www.ubuntu.com/usn/usn-649-1
来源: SECTRACK
名称: 1019733
链接:http://www.securitytracker.com/id?1019733
来源: BUGTRAQ
名称: 20080404 rPSA-2008-0139-1 gnome-ssh-askpass openssh openssh-client openssh-server
链接:http://www.securityfocus.com/archive/1/archive/1/490488/100/0/threaded
来源: CONFIRM
名称: http://www.openssh.com/txt/release-4.9
链接:http://www.openssh.com/txt/release-4.9
来源: MANDRIVA
名称: MDVSA-2008:098
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:098
来源: GENTOO
名称: GLSA-200804-03
链接:http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml
来源: VUPEN
名称: ADV-2008-2584
链接:http://www.frsirt.com/english/advisories/2008/2584
来源: VUPEN
名称: ADV-2008-2396
链接:http://www.frsirt.com/english/advisories/2008/2396
来源: VUPEN
名称: ADV-2008-1624
链接:http://www.frsirt.com/english/advisories/2008/1624/references
来源: CONFIRM
名称: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139
链接:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0139
来源: CONFIRM
名称: http://support.attachmate.com/techdocs/2374.HTML
链接:http://support.attachmate.com/techdocs/2374.HTML
来源: SECUNIA
名称: 32110
链接:http://secunia.com/advisories/32110
来源: SECUNIA
名称: 32080
链接:http://secunia.com/advisories/32080
来源: SECUNIA
名称: 31882
链接:http://secunia.com/advisories/31882
来源: SECUNIA
名称: 31531
链接:http://secunia.com/advisories/31531
来源: SECUNIA
名称: 30361
链接:http://secunia.com/advisories/30361
来源: SECUNIA
名称: 29939
链接:http://secunia.com/advisories/29939
来源: SECUNIA
名称: 29735
链接:http://secunia.com/advisories/29735
来源: SECUNIA
名称: 29693
链接:http://secunia.com/advisories/29693
来源: SECUNIA
名称: 29683
链接:http://secunia.com/advisories/29683
来源: SECUNIA
名称: 29609
链接:http://secunia.com/advisories/29609
来源: SECUNIA
名称: 29602
链接:http://secunia.com/advisories/29602
来源: SUSE
名称: SUSE-SR:2008:009
链接:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.HTML
来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2008-09-15
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce//2008/Sep/msg00005.HTML
来源: aix.software.ibm.com
链接:http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc
来源: NETBSD
名称: NetBSD-SA2008-005
链接:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc
受影响实体
- Openbsd Openssh:4.4
- Openbsd Openssh:4.4p1
- Openbsd Openssh:4.5
- Openbsd Openssh:4.6
- Openbsd Openssh:4.7
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论