6069967 2001-02-08 19:19 -0500 /51 rader/ Niels Provos <provos@CITI.UMICH.EDU> Sänt av: joel@lysator.liu.se Importerad: 2001-02-09 02:44 av Brevbäraren (som är implementerad i) Python Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM Externa svar till: provos@CITI.UMICH.EDU Mottagare: Bugtraq (import) <15318> Ärende: Authentication By-Pass Vulnerability in OpenSSH-2.3.1 (devel ------------------------------------------------------------ snapshot) From: Niels Provos <provos@CITI.UMICH.EDU> To: BUGTRAQ@SECURITYFOCUS.COM Message-ID: <20010209001953.7A804207C1@citi.umich.edu> Please, check http://www.openssh.com/security.html for a full summary of security related issues in OpenSSH. ---------------------------------------------------------------------------- OpenBSD Security Advisory February 8, 2001 Authentication By-Pass Vulnerability in OpenSSH-2.3.1 ---------------------------------------------------------------------------- SYNOPSIS OpenSSH-2.3.1, a development snapshot, only checked if a public key for public key authentication was permitted. In the protocol 2 part of the server, the challenge-response step that ensures that the connecting client is in possession of the corresponding private key has been omitted. As a result, anyone who could obtain the public key listed in the users authorized_keys file could log in as that user without authentication. A fix for this problem was committed on Februrary 8th. The problem was introduced on January 18th. This is a three week time window. ---------------------------------------------------------------------------- AFFECTED SYSTEMS This vulnerability affects only OpenSSH version 2.3.1 with support for protocol 2 enabled. The latest official release OpenSSH 2.3.0 is not affected by this problem. The latest snapshot version OpenSSH 2.3.2 is not affected either. ---------------------------------------------------------------------------- RESOLUTION If you installed the OpenSSH 2.3.1 development snapshot, install the latest snapshot. Currently, the latest snapshot is OpenSSH 2.3.2 which is available via http://www.openssh.com/. ---------------------------------------------------------------------------- (6069967) --------------------------------(Ombruten)