Boletines de Vulnerabilidades |
Aumento de privilegios en OpenSSH |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Aumento de privilegios |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado | OpenSSH < 4.7 |
Descripción |
|
Se ha encontrado una vulnerabilidad en OpenSSH en las versiones anteriores a la 4.7 en ssh. La vulnerabilidad reside al reaccionar de forma incorrecta cuando una cookie, que no es de confianza, no se puede crear y en su lugar sea utilizada una cookie X11 de confianza. Un atacante remoto podría aumentar sus privilegios mediante causar que un cliente X sea tratado como de confianza. |
|
Solución |
|
Actualización de software OpenSSH OpenSSH version 4.7 ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ Mandriva (MDKSA-2007:236) Corporate Server 3.0 X86 corporate/3.0/i586/openssh-4.3p1-0.4.C30mdk.i586.rpm corporate/3.0/i586/openssh-askpass-4.3p1-0.4.C30mdk.i586.rpm corporate/3.0/i586/openssh-askpass-gnome-4.3p1-0.4.C30mdk.i586.rpm corporate/3.0/i586/openssh-clients-4.3p1-0.4.C30mdk.i586.rpm corporate/3.0/i586/openssh-server-4.3p1-0.4.C30mdk.i586.rpm corporate/3.0/SRPMS/openssh-4.3p1-0.4.C30mdk.src.rpm X86_64 corporate/3.0/x86_64/openssh-4.3p1-0.4.C30mdk.x86_64.rpm corporate/3.0/x86_64/openssh-askpass-4.3p1-0.4.C30mdk.x86_64.rpm corporate/3.0/x86_64/openssh-askpass-gnome-4.3p1-0.4.C30mdk.x86_64.rpm corporate/3.0/x86_64/openssh-clients-4.3p1-0.4.C30mdk.x86_64.rpm corporate/3.0/x86_64/openssh-server-4.3p1-0.4.C30mdk.x86_64.rpm corporate/3.0/SRPMS/openssh-4.3p1-0.4.C30mdk.src.rpm Multi Network Firewall 2.0 X86 mnt/2.0/i586/openssh-4.3p1-0.4.M20mdk.i586.rpm mnt/2.0/i586/openssh-askpass-4.3p1-0.4.M20mdk.i586.rpm mnt/2.0/i586/openssh-askpass-gnome-4.3p1-0.4.M20mdk.i586.rpm mnt/2.0/i586/openssh-clients-4.3p1-0.4.M20mdk.i586.rpm mnt/2.0/i586/openssh-server-4.3p1-0.4.M20mdk.i586.rpm mnt/2.0/SRPMS/openssh-4.3p1-0.4.M20mdk.src.rpm Mandriva Linux 2007 X86 ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/i586/media/main/updates/openssh-4.5p1-0.2mdv2007.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/i586/media/main/updates/openssh-askpass-4.5p1-0.2mdv2007.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/i586/media/main/updates/openssh-askpass-common-4.5p1-0.2mdv2007.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/i586/media/main/updates/openssh-askpass-gnome-4.5p1-0.2mdv2007.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/i586/media/main/updates/openssh-clients-4.5p1-0.2mdv2007.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/i586/media/main/updates/openssh-server-4.5p1-0.2mdv2007.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/SRPMS/main/updates/openssh-4.5p1-0.2mdv2007.0.src.rpm X86_64 ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/x86_64/media/main/updates/openssh-4.5p1-0.2mdv2007.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/x86_64/media/main/updates/openssh-askpass-4.5p1-0.2mdv2007.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/x86_64/media/main/updates/openssh-askpass-common-4.5p1-0.2mdv2007.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/x86_64/media/main/updates/openssh-askpass-gnome-4.5p1-0.2mdv2007.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/x86_64/media/main/updates/openssh-clients-4.5p1-0.2mdv2007.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/x86_64/media/main/updates/openssh-server-4.5p1-0.2mdv2007.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/SRPMS/main/updates/openssh-4.5p1-0.2mdv2007.0.src.rpm Corporate Server 4.0 X86 corporate/4.0/i586/openssh-4.3p1-0.5.20060mlcs4.i586.rpm corporate/4.0/i586/openssh-askpass-4.3p1-0.5.20060mlcs4.i586.rpm corporate/4.0/i586/openssh-askpass-gnome-4.3p1-0.5.20060mlcs4.i586.rpm corporate/4.0/i586/openssh-clients-4.3p1-0.5.20060mlcs4.i586.rpm corporate/4.0/i586/openssh-server-4.3p1-0.5.20060mlcs4.i586.rpm corporate/4.0/SRPMS/openssh-4.3p1-0.5.20060mlcs4.src.rpm X86_64 corporate/4.0/x86_64/openssh-4.3p1-0.5.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/openssh-askpass-4.3p1-0.5.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/openssh-askpass-gnome-4.3p1-0.5.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/openssh-clients-4.3p1-0.5.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/openssh-server-4.3p1-0.5.20060mlcs4.x86_64.rpm corporate/4.0/SRPMS/openssh-4.3p1-0.5.20060mlcs4.src.rpm Mandriva Linux 2007.1 X86 ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/i586/media/main/updates/openssh-4.6p1-1.1mdv2007.1.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/i586/media/main/updates/openssh-askpass-4.6p1-1.1mdv2007.1.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/i586/media/main/updates/openssh-askpass-common-4.6p1-1.1mdv2007.1.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/i586/media/main/updates/openssh-askpass-gnome-4.6p1-1.1mdv2007.1.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/i586/media/main/updates/openssh-clients-4.6p1-1.1mdv2007.1.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/i586/media/main/updates/openssh-server-4.6p1-1.1mdv2007.1.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/SRPMS/main/updates/openssh-4.6p1-1.1mdv2007.1.src.rpm X86_64 ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/x86_64/media/main/updates/openssh-4.6p1-1.1mdv2007.1.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/x86_64/media/main/updates/openssh-askpass-4.6p1-1.1mdv2007.1.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/x86_64/media/main/updates/openssh-askpass-common-4.6p1-1.1mdv2007.1.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/x86_64/media/main/updates/openssh-askpass-gnome-4.6p1-1.1mdv2007.1.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/x86_64/media/main/updates/openssh-clients-4.6p1-1.1mdv2007.1.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/x86_64/media/main/updates/openssh-server-4.6p1-1.1mdv2007.1.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/SRPMS/main/updates/openssh-4.6p1-1.1mdv2007.1.src.rpm Ubuntu (USN-566-1) Ubuntu 6.06 LTS openssh-client / patch 1:4.2p1-7ubuntu3.2 Ubuntu 6.10 openssh-client / patch 1:4.3p2-5ubuntu1.1 Ubuntu 7.04 openssh-client / patch 1:4.3p2-8ubuntu1.1 Ubuntu 7.10 openssh-client / patch 1:4.6p1-5ubuntu0.1 IBM AIX 6.1 http://downloads.sourceforge.net/openssh-aix/openssh-4.5p1-r2.tar.Z AIX 5.3 http://downloads.sourceforge.net/openssh-aix/openssh-4.5p1-r2.tar.Z AIX 5.2 De momento, no existe actualización. Visite periódicamente la siguiente página web: http://sourceforge.net/projects/openssh-aix Debian (DSA-1576-1) Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch1.diff.gz http://security.debian.org/pool/updates/main/o/openssh-blacklist/openssh-blacklist_0.1.1.tar.gz http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch1.dsc http://security.debian.org/pool/updates/main/o/openssh-blacklist/openssh-blacklist_0.1.1.dsc http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2.orig.tar.gz Arquitectura independiente http://security.debian.org/pool/updates/main/o/openssh-blacklist/openssh-blacklist_0.1.1_all.deb http://security.debian.org/pool/updates/main/o/openssh/ssh_4.3p2-9etch1_all.deb http://security.debian.org/pool/updates/main/o/openssh/ssh-krb5_4.3p2-9etch1_all.deb alpha (DEC Alpha) http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_alpha.udeb http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_alpha.deb http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_alpha.deb http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_alpha.udeb http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_alpha.deb amd64 (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_amd64.udeb http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_amd64.deb http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_amd64.udeb http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_amd64.deb http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_amd64.deb hppa (HP PA RISC) http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_hppa.udeb http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_hppa.deb http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_hppa.deb http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_hppa.udeb http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_hppa.deb i386 (Intel ia32) http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_i386.deb http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_i386.deb http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_i386.deb http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_i386.udeb http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_i386.udeb ia64 (Intel ia64) http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_ia64.udeb http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_ia64.deb http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_ia64.deb http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_ia64.udeb http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_ia64.deb powerpc (PowerPC) http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_powerpc.deb http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_powerpc.udeb http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_powerpc.deb http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_powerpc.deb http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_powerpc.udeb sparc (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_sparc.deb http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_sparc.deb http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_sparc.deb http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_sparc.udeb http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_sparc.udeb Red Hat (RHSA-2008:0855-6) Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 servidor) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux AS (v. 4.5.z) Red Hat Enterprise Linux Desktop (v. 5 cliente) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux ES (v. 4.5.z) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CVE-2007-4752 |
BID | 25628 |
Recursos adicionales |
|
OpenSSH security http://www.openssh.com/txt/release-4.7 Mandriva Security Advisory (MDKSA-2007:236) http://www.mandriva.com/security/advisories?name=MDKSA-2007:236 Ubuntu Security Advisory (USN-566-1) http://www.ubuntu.com/usn/usn-566-1 IBM Security Advisory http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=%2F200802%2FSECURITY%2F20080205%2Fdatafile155518 Debian Security Advisory (DSA-1576-1) http://lists.debian.org/debian-security-announce/2008/msg00153.html Red Hat Security Advisory (RHSA-2008:0855-6) http://rhn.redhat.com/errata/RHSA-2008-0855.html |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2007-09-14 |
1.1 | Aviso emitido por Mandriva (MDKSA-2007:236) | 2007-12-05 |
1.2 | Aviso emitido por Ubuntu (USN-566-1) | 2008-01-11 |
1.3 | Aviso emitido por IBM | 2008-02-07 |
1.4 | Aviso emitido por Debian (DSA-1576-1) | 2008-05-15 |
1.5 | Aviso emitido por Red Hat (RHSA-2008:0855-6) | 2008-08-25 |