7.2 - VU#921339

Executive Summary

Summary
Title	SSH Tectia Client and Server ssh-signer local privilege escalation

Informations
Name	VU#921339	First vendor Publication	2008-01-08
Vendor	VU-CERT	Last vendor Modification	2008-01-14
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	7.2	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#921339

SSH Tectia Client and Server ssh-signer local privilege escalation

Overview

The SSH Communications Security Tectia Client and Server products are vulnerable to privilege escalation, which may allow a local user to gain root access.

I. Description

The SSH Tectia Client and Server products contain an unspecified privilege escalation vulnerability in ssh-signer. A local user may be able to obtain root access. According to SSH Communications Security:

AFFECTED PRODUCTS
* SSH Tectia client and SSH Tectia Server 5.0, 5.1, 5.2 and 5.3 up to 5.2.3 and 5.3.5 (all Linux and Unix)

NOT AFFECTED PRODUCTS
* 4.x or older SSH Tectia client/server solution versions are NOT affected.
* Any version of SSH Tectia client/server solution for IBM mainframes is NOT affected.
* Any version of SSH Tectia client/server solution for Windows is NOT affected.

II. Impact

A local user may be able to obtain root access.

III. Solution

Apply an update

This issue is addressed in SSH Tectia Client/Server solution 5.2.4 and 5.3.6.

Remove ssh-signer

This vulnerability can be mitigated by removing the ssh-signer binary, which is located in /opt/tectia/libexec/. Note that this will disable host-based authentication of the SSH Tectia Client. This will have no adverse effect on SSH Tectia Server.

Systems Affected

Vendor	Status	Date Updated
SSH Communications Security Corp	Vulnerable	8-Jan-2008

References

http://www.ssh.com/products/client-server/
http://xforce.iss.net/xforce/xfdb/39569
http://www.securitytracker.com/id?1019167
http://secunia.com/advisories/28247/
http://www.securityfocus.com/bid/27191

Credit

Thanks to Tuomas Siren for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

Date Public	01/08/2008
Date First Published	01/08/2008 09:57:36 AM
Date Last Updated	01/14/2008
CERT Advisory
CVE Name	CVE-2007-5616
Metric	2.25
Document Revision	5

Original Source

Url : http://www.kb.cert.org/vuls/id/921339

CPE : Common Platform Enumeration

Type	Description	Count
Application	Ssh Tectia Client cpe:2.3:a:ssh:tectia_client:5.3.5:::::::* cpe:2.3:a:ssh:tectia_client:5.3.3:::::::* cpe:2.3:a:ssh:tectia_client:5.3.2:::::::* cpe:2.3:a:ssh:tectia_client:5.3.1:::::::* cpe:2.3:a:ssh:tectia_client:5.3.0:::::::* cpe:2.3:a:ssh:tectia_client:5.2.4:::::::* cpe:2.3:a:ssh:tectia_client:5.2.3:::::::* cpe:2.3:a:ssh:tectia_client:5.2.2:::::::* cpe:2.3:a:ssh:tectia_client:5.2.1:::::::* cpe:2.3:a:ssh:tectia_client:5.2.0:::::::* cpe:2.3:a:ssh:tectia_client:5.1.3:::::::* cpe:2.3:a:ssh:tectia_client:5.1.2:::::::* cpe:2.3:a:ssh:tectia_client:5.1.1:::::::* cpe:2.3:a:ssh:tectia_client:5.1.0:::::::* cpe:2.3:a:ssh:tectia_client:5.0.3f:::::::* cpe:2.3:a:ssh:tectia_client:5.0.3:::::::* cpe:2.3:a:ssh:tectia_client:5.0.2f:::::::* cpe:2.3:a:ssh:tectia_client:5.0.2:::::::* cpe:2.3:a:ssh:tectia_client:5.0.1f:::::::* cpe:2.3:a:ssh:tectia_client:5.0.1:::::::* cpe:2.3:a:ssh:tectia_client:5.0.0f:::::::* cpe:2.3:a:ssh:tectia_client:5.0.0:::::::* cpe:2.3:a:ssh:tectia_client:5.0:::::::* cpe:2.3:a:ssh:tectia_client:4.4.9:::::::* cpe:2.3:a:ssh:tectia_client:4.4.8:::::::* cpe:2.3:a:ssh:tectia_client:4.4.7:::::::* cpe:2.3:a:ssh:tectia_client:4.4.6:::::::* cpe:2.3:a:ssh:tectia_client:4.4.5:::::::* cpe:2.3:a:ssh:tectia_client:4.4.4:::::::* cpe:2.3:a:ssh:tectia_client:4.4.3:::::::* cpe:2.3:a:ssh:tectia_client:4.4.2:::::::* cpe:2.3:a:ssh:tectia_client:4.4.11:::::::* cpe:2.3:a:ssh:tectia_client:4.4.10:::::::* cpe:2.3:a:ssh:tectia_client:4.4.1:::::::* cpe:2.3:a:ssh:tectia_client:4.4:::::::* cpe:2.3:a:ssh:tectia_client:4.3.9k:::::::* cpe:2.3:a:ssh:tectia_client:4.3.8k:::::::* cpe:2.3:a:ssh:tectia_client:4.3.7:::::::* cpe:2.3:a:ssh:tectia_client:4.3.6:::::::* cpe:2.3:a:ssh:tectia_client:4.3.5:::::::* cpe:2.3:a:ssh:tectia_client:4.3.4:::::::* cpe:2.3:a:ssh:tectia_client:4.3.3:::::::* cpe:2.3:a:ssh:tectia_client:4.3.2j:::::::* cpe:2.3:a:ssh:tectia_client:4.3.2:::::::* cpe:2.3:a:ssh:tectia_client:4.3.1j:::::::* cpe:2.3:a:ssh:tectia_client:4.3.1:::::::* cpe:2.3:a:ssh:tectia_client:4.3:::::::* cpe:2.3:a:ssh:tectia_client:4.2.1:::::::* cpe:2.3:a:ssh:tectia_client:4.2:::::::* cpe:2.3:a:ssh:tectia_client:4.0.5:::::::* cpe:2.3:a:ssh:tectia_client:4.0.4:::::::* cpe:2.3:a:ssh:tectia_client:4.0.3:::::::* cpe:2.3:a:ssh:tectia_client:4.0.1:::::::* cpe:2.3:a:ssh:tectia_client:4.0:::::::* cpe:2.3:a:ssh:tectia_client::::::::	55
Application	Ssh Tectia Server cpe:2.3:a:ssh:tectia_server:5.3.5:::::::* cpe:2.3:a:ssh:tectia_server:5.3.4:::::::* cpe:2.3:a:ssh:tectia_server:5.3.3:::::::* cpe:2.3:a:ssh:tectia_server:5.3.2:::::::* cpe:2.3:a:ssh:tectia_server:5.3.1:::::::* cpe:2.3:a:ssh:tectia_server:5.3.0::ibm_zos::::: cpe:2.3:a:ssh:tectia_server:5.3.0:::::::* cpe:2.3:a:ssh:tectia_server:5.2.4:::::::* cpe:2.3:a:ssh:tectia_server:5.2.3:::::::* cpe:2.3:a:ssh:tectia_server:5.2.2:::::::* cpe:2.3:a:ssh:tectia_server:5.2.2::ibm_zos::::: cpe:2.3:a:ssh:tectia_server:5.2.1::ibm_zos::::: cpe:2.3:a:ssh:tectia_server:5.2.0::ibm_zos::::: cpe:2.3:a:ssh:tectia_server:5.2.0:::::::* cpe:2.3:a:ssh:tectia_server:5.1.3:::::::* cpe:2.3:a:ssh:tectia_server:5.1.2:::::::* cpe:2.3:a:ssh:tectia_server:5.1.1:::::::* cpe:2.3:a:ssh:tectia_server:5.1.1::ibm_zos::::: cpe:2.3:a:ssh:tectia_server:5.1.0::ibm_zos::::: cpe:2.3:a:ssh:tectia_server:5.1.0:::::::* cpe:2.3:a:ssh:tectia_server:5.0.3:::::::* cpe:2.3:a:ssh:tectia_server:5.0.2:::::::* cpe:2.3:a:ssh:tectia_server:5.0.1:::::::* cpe:2.3:a:ssh:tectia_server:5.0.0_t:::::::* cpe:2.3:a:ssh:tectia_server:5.0.0_f:::::::* cpe:2.3:a:ssh:tectia_server:5.0.0_a:::::::* cpe:2.3:a:ssh:tectia_server:5.0.0:::::::* cpe:2.3:a:ssh:tectia_server:5.0::ibm_zos::::: cpe:2.3:a:ssh:tectia_server:5.0:::::::* cpe:2.3:a:ssh:tectia_server:4.4.9:::::::* cpe:2.3:a:ssh:tectia_server:4.4.8:::::::* cpe:2.3:a:ssh:tectia_server:4.4.7:::::::* cpe:2.3:a:ssh:tectia_server:4.4.6:::::::* cpe:2.3:a:ssh:tectia_server:4.4.5:::::::* cpe:2.3:a:ssh:tectia_server:4.4.4:::::::* cpe:2.3:a:ssh:tectia_server:4.4.3:::::::* cpe:2.3:a:ssh:tectia_server:4.4.2:::::::* cpe:2.3:a:ssh:tectia_server:4.4.11:::::::* cpe:2.3:a:ssh:tectia_server:4.4.10:::::::* cpe:2.3:a:ssh:tectia_server:4.4.1:::::::* cpe:2.3:a:ssh:tectia_server:4.4.0:::::::* cpe:2.3:a:ssh:tectia_server:4.4:::::::* cpe:2.3:a:ssh:tectia_server:4.3.7:::::::* cpe:2.3:a:ssh:tectia_server:4.3.6:::::::* cpe:2.3:a:ssh:tectia_server:4.3.5:::::::* cpe:2.3:a:ssh:tectia_server:4.3.4:::::::* cpe:2.3:a:ssh:tectia_server:4.3.3:::::::* cpe:2.3:a:ssh:tectia_server:4.3.2:::::::* cpe:2.3:a:ssh:tectia_server:4.3.1:::::::* cpe:2.3:a:ssh:tectia_server:4.3.0:::::::* cpe:2.3:a:ssh:tectia_server:4.3:::::::* cpe:2.3:a:ssh:tectia_server:4.2.2:::::::* cpe:2.3:a:ssh:tectia_server:4.2.1:::::::* cpe:2.3:a:ssh:tectia_server:4.2.0:::::::* cpe:2.3:a:ssh:tectia_server:4.1.5:::::::* cpe:2.3:a:ssh:tectia_server:4.1.3:::::::* cpe:2.3:a:ssh:tectia_server:4.1.2:::::::* cpe:2.3:a:ssh:tectia_server:4.0.7:::::::* cpe:2.3:a:ssh:tectia_server:4.0.5:::::::* cpe:2.3:a:ssh:tectia_server:4.0.4:::::::* cpe:2.3:a:ssh:tectia_server:4.0.3:::::::* cpe:2.3:a:ssh:tectia_server:4.0:::::::* cpe:2.3:a:ssh:tectia_server::::::::	63

Open Source Vulnerability Database (OSVDB)

Id	Description
42767	SSH Tectia Client/Server ssh-signer Unspecified Local Privilege Escalation

Global Informations

Type	Count
CPE ID(s)	118
osvdb(s)	1

	Related
7.2	CVE-2007-5616
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)