Executive Summary

Summary
Title openssh security update
Informations
Name RHSA-2005:527 First vendor Publication 2005-10-05
Vendor RedHat Last vendor Modification 2005-10-05
Severity (Vendor) Moderate Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated openssh packages that fix a security issue, bugs, and add support for recording login user IDs for audit are now available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation.

An error in the way OpenSSH handled GSSAPI credential delegation was discovered. OpenSSH as distributed with Red Hat Enterprise Linux 4 contains support for GSSAPI user authentication, typically used for supporting Kerberos. On OpenSSH installations which have GSSAPI enabled, this flaw could allow a user who sucessfully authenticates using a method other than GSSAPI to be delegated with GSSAPI credentials. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2798 to this issue.

Additionally, the following bugs have been addressed:

The ssh command incorrectly failed when it was issued by the root user with a non-default group set.

The sshd daemon could fail to properly close the client connection if multiple X clients were forwarded over the connection and the client session exited.

The sshd daemon could bind only on the IPv6 address family for X forwarding if the port on IPv4 address family was already bound. The X forwarding did not work in such cases.

This update also adds support for recording login user IDs for the auditing service. The user ID is attached to the audit records generated from the user's session.

All users of openssh should upgrade to these updated packages, which contain backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

159331 - sshd update for new audit system 167444 - CAN-2005-2798 Improper GSSAPI credential delegation

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2005-527.html

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1345
 
Oval ID: oval:org.mitre.oval:def:1345
Title: Leaking GSSAPI Credentials Vulnerability (B.11.23)
Description: sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.
Family: unix Class: vulnerability
Reference(s): CVE-2005-2798
 Version: 1
Platform(s): HP-UX 11
 Product(s): SecureShell
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1566
 
Oval ID: oval:org.mitre.oval:def:1566
Title: Leaking GSSAPI Credentials Vulnerability (B.11.00/B.11.11)
Description: sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.
Family: unix Class: vulnerability
Reference(s): CVE-2005-2798
 Version: 1
Platform(s): HP-UX 11
 Product(s): SecureShell
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9717
 
Oval ID: oval:org.mitre.oval:def:9717
Title: sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.
Description: sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.
Family: unix Class: vulnerability
Reference(s): CVE-2005-2798
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 32

OpenVAS Exploits

Date Description
2011-11-16 Name : OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
File : nvt/secpod_sshd_gssapi_credential_disclosure_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
19141 OpenSSH GSSAPIAuthentication Credential Escalation

OpenSSH contains a flaw that may allow a remote user to gain elevated privileges. The issue occurs when GSSAPIDelegateCredentials is enabled and may delegate GSSAPI credentials to arbitrary users that authenticate using non-GSSAPI methods.

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-08-16 IAVM : 2012-A-0136 - Multiple Vulnerabilities in Juniper Network Management Products
Severity : Category I - VMSKEY : V0033662

Nessus® Vulnerability Scanner

Date Description
2013-09-13 Name : The remote host is affected by multiple vulnerabilities.
File : juniper_nsm_2012_1.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2005-527.nasl - Type : ACT_GATHER_INFO
2011-08-29 Name : The SSH service running on the remote host has an information disclosure vuln...
File : sunssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO
2006-06-16 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_34566.nasl - Type : ACT_GATHER_INFO
2006-06-16 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_34567.nasl - Type : ACT_GATHER_INFO
2006-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-209-1.nasl - Type : ACT_GATHER_INFO
2005-10-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-527.nasl - Type : ACT_GATHER_INFO
2005-09-17 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-858.nasl - Type : ACT_GATHER_INFO
2005-09-17 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-860.nasl - Type : ACT_GATHER_INFO
2005-09-07 Name : The remote SSH server has multiple vulnerabilities.
File : openssh_42.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:49:28
  • Multiple Updates