Vulnerability Bulletins

int(3431)

Vulnerability Bulletins

Aumento de privilegios en OpenSSH
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Aumento de privilegios
Dificulty	Experto
Required attacker level	Acceso remoto sin cuenta a un servicio estandar
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	OpenSSH < 4.7
Description
Se ha encontrado una vulnerabilidad en OpenSSH en las versiones anteriores a la 4.7 en ssh. La vulnerabilidad reside al reaccionar de forma incorrecta cuando una cookie, que no es de confianza, no se puede crear y en su lugar sea utilizada una cookie X11 de confianza. Un atacante remoto podría aumentar sus privilegios mediante causar que un cliente X sea tratado como de confianza.
Solution
Actualización de software OpenSSH OpenSSH version 4.7 ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ Mandriva (MDKSA-2007:236) Corporate Server 3.0 X86 corporate/3.0/i586/openssh-4.3p1-0.4.C30mdk.i586.rpm corporate/3.0/i586/openssh-askpass-4.3p1-0.4.C30mdk.i586.rpm corporate/3.0/i586/openssh-askpass-gnome-4.3p1-0.4.C30mdk.i586.rpm corporate/3.0/i586/openssh-clients-4.3p1-0.4.C30mdk.i586.rpm corporate/3.0/i586/openssh-server-4.3p1-0.4.C30mdk.i586.rpm corporate/3.0/SRPMS/openssh-4.3p1-0.4.C30mdk.src.rpm X86_64 corporate/3.0/x86_64/openssh-4.3p1-0.4.C30mdk.x86_64.rpm corporate/3.0/x86_64/openssh-askpass-4.3p1-0.4.C30mdk.x86_64.rpm corporate/3.0/x86_64/openssh-askpass-gnome-4.3p1-0.4.C30mdk.x86_64.rpm corporate/3.0/x86_64/openssh-clients-4.3p1-0.4.C30mdk.x86_64.rpm corporate/3.0/x86_64/openssh-server-4.3p1-0.4.C30mdk.x86_64.rpm corporate/3.0/SRPMS/openssh-4.3p1-0.4.C30mdk.src.rpm Multi Network Firewall 2.0 X86 mnt/2.0/i586/openssh-4.3p1-0.4.M20mdk.i586.rpm mnt/2.0/i586/openssh-askpass-4.3p1-0.4.M20mdk.i586.rpm mnt/2.0/i586/openssh-askpass-gnome-4.3p1-0.4.M20mdk.i586.rpm mnt/2.0/i586/openssh-clients-4.3p1-0.4.M20mdk.i586.rpm mnt/2.0/i586/openssh-server-4.3p1-0.4.M20mdk.i586.rpm mnt/2.0/SRPMS/openssh-4.3p1-0.4.M20mdk.src.rpm Mandriva Linux 2007 X86 ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/i586/media/main/updates/openssh-4.5p1-0.2mdv2007.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/i586/media/main/updates/openssh-askpass-4.5p1-0.2mdv2007.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/i586/media/main/updates/openssh-askpass-common-4.5p1-0.2mdv2007.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/i586/media/main/updates/openssh-askpass-gnome-4.5p1-0.2mdv2007.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/i586/media/main/updates/openssh-clients-4.5p1-0.2mdv2007.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/i586/media/main/updates/openssh-server-4.5p1-0.2mdv2007.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/SRPMS/main/updates/openssh-4.5p1-0.2mdv2007.0.src.rpm X86_64 ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/x86_64/media/main/updates/openssh-4.5p1-0.2mdv2007.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/x86_64/media/main/updates/openssh-askpass-4.5p1-0.2mdv2007.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/x86_64/media/main/updates/openssh-askpass-common-4.5p1-0.2mdv2007.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/x86_64/media/main/updates/openssh-askpass-gnome-4.5p1-0.2mdv2007.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/x86_64/media/main/updates/openssh-clients-4.5p1-0.2mdv2007.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/x86_64/media/main/updates/openssh-server-4.5p1-0.2mdv2007.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/SRPMS/main/updates/openssh-4.5p1-0.2mdv2007.0.src.rpm Corporate Server 4.0 X86 corporate/4.0/i586/openssh-4.3p1-0.5.20060mlcs4.i586.rpm corporate/4.0/i586/openssh-askpass-4.3p1-0.5.20060mlcs4.i586.rpm corporate/4.0/i586/openssh-askpass-gnome-4.3p1-0.5.20060mlcs4.i586.rpm corporate/4.0/i586/openssh-clients-4.3p1-0.5.20060mlcs4.i586.rpm corporate/4.0/i586/openssh-server-4.3p1-0.5.20060mlcs4.i586.rpm corporate/4.0/SRPMS/openssh-4.3p1-0.5.20060mlcs4.src.rpm X86_64 corporate/4.0/x86_64/openssh-4.3p1-0.5.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/openssh-askpass-4.3p1-0.5.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/openssh-askpass-gnome-4.3p1-0.5.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/openssh-clients-4.3p1-0.5.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/openssh-server-4.3p1-0.5.20060mlcs4.x86_64.rpm corporate/4.0/SRPMS/openssh-4.3p1-0.5.20060mlcs4.src.rpm Mandriva Linux 2007.1 X86 ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/i586/media/main/updates/openssh-4.6p1-1.1mdv2007.1.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/i586/media/main/updates/openssh-askpass-4.6p1-1.1mdv2007.1.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/i586/media/main/updates/openssh-askpass-common-4.6p1-1.1mdv2007.1.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/i586/media/main/updates/openssh-askpass-gnome-4.6p1-1.1mdv2007.1.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/i586/media/main/updates/openssh-clients-4.6p1-1.1mdv2007.1.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/i586/media/main/updates/openssh-server-4.6p1-1.1mdv2007.1.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/SRPMS/main/updates/openssh-4.6p1-1.1mdv2007.1.src.rpm X86_64 ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/x86_64/media/main/updates/openssh-4.6p1-1.1mdv2007.1.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/x86_64/media/main/updates/openssh-askpass-4.6p1-1.1mdv2007.1.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/x86_64/media/main/updates/openssh-askpass-common-4.6p1-1.1mdv2007.1.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/x86_64/media/main/updates/openssh-askpass-gnome-4.6p1-1.1mdv2007.1.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/x86_64/media/main/updates/openssh-clients-4.6p1-1.1mdv2007.1.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/x86_64/media/main/updates/openssh-server-4.6p1-1.1mdv2007.1.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/SRPMS/main/updates/openssh-4.6p1-1.1mdv2007.1.src.rpm Ubuntu (USN-566-1) Ubuntu 6.06 LTS openssh-client / patch 1:4.2p1-7ubuntu3.2 Ubuntu 6.10 openssh-client / patch 1:4.3p2-5ubuntu1.1 Ubuntu 7.04 openssh-client / patch 1:4.3p2-8ubuntu1.1 Ubuntu 7.10 openssh-client / patch 1:4.6p1-5ubuntu0.1 IBM AIX 6.1 http://downloads.sourceforge.net/openssh-aix/openssh-4.5p1-r2.tar.Z AIX 5.3 http://downloads.sourceforge.net/openssh-aix/openssh-4.5p1-r2.tar.Z AIX 5.2 De momento, no existe actualización. Visite periódicamente la siguiente página web: http://sourceforge.net/projects/openssh-aix Debian (DSA-1576-1) Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch1.diff.gz http://security.debian.org/pool/updates/main/o/openssh-blacklist/openssh-blacklist_0.1.1.tar.gz http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch1.dsc http://security.debian.org/pool/updates/main/o/openssh-blacklist/openssh-blacklist_0.1.1.dsc http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2.orig.tar.gz Arquitectura independiente http://security.debian.org/pool/updates/main/o/openssh-blacklist/openssh-blacklist_0.1.1_all.deb http://security.debian.org/pool/updates/main/o/openssh/ssh_4.3p2-9etch1_all.deb http://security.debian.org/pool/updates/main/o/openssh/ssh-krb5_4.3p2-9etch1_all.deb alpha (DEC Alpha) http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_alpha.udeb http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_alpha.deb http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_alpha.deb http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_alpha.udeb http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_alpha.deb amd64 (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_amd64.udeb http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_amd64.deb http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_amd64.udeb http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_amd64.deb http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_amd64.deb hppa (HP PA RISC) http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_hppa.udeb http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_hppa.deb http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_hppa.deb http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_hppa.udeb http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_hppa.deb i386 (Intel ia32) http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_i386.deb http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_i386.deb http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_i386.deb http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_i386.udeb http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_i386.udeb ia64 (Intel ia64) http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_ia64.udeb http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_ia64.deb http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_ia64.deb http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_ia64.udeb http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_ia64.deb powerpc (PowerPC) http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_powerpc.deb http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_powerpc.udeb http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_powerpc.deb http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_powerpc.deb http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_powerpc.udeb sparc (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_sparc.deb http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_sparc.deb http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_sparc.deb http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_sparc.udeb http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_sparc.udeb Red Hat (RHSA-2008:0855-6) Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 servidor) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux AS (v. 4.5.z) Red Hat Enterprise Linux Desktop (v. 5 cliente) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux ES (v. 4.5.z) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/
Standar resources
Property	Value
CVE	CVE-2007-4752
BID	25628
Other resources
OpenSSH security http://www.openssh.com/txt/release-4.7 Mandriva Security Advisory (MDKSA-2007:236) http://www.mandriva.com/security/advisories?name=MDKSA-2007:236 Ubuntu Security Advisory (USN-566-1) http://www.ubuntu.com/usn/usn-566-1 IBM Security Advisory http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=%2F200802%2FSECURITY%2F20080205%2Fdatafile155518 Debian Security Advisory (DSA-1576-1) http://lists.debian.org/debian-security-announce/2008/msg00153.html Red Hat Security Advisory (RHSA-2008:0855-6) http://rhn.redhat.com/errata/RHSA-2008-0855.html

Version history
Version	Comments	Date
1.0	Aviso emitido	2007-09-14
1.1	Aviso emitido por Mandriva (MDKSA-2007:236)	2007-12-05
1.2	Aviso emitido por Ubuntu (USN-566-1)	2008-01-11
1.3	Aviso emitido por IBM	2008-02-07
1.4	Aviso emitido por Debian (DSA-1576-1)	2008-05-15
1.5	Aviso emitido por Red Hat (RHSA-2008:0855-6)	2008-08-25

Vulnerability Bulletins

Aumento de privilegios en OpenSSH

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history