SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   OpenSSH Vendors:   OpenSSH.org
(Trustix Issues Fix) OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
SecurityTracker Alert ID:  1002570
SecurityTracker URL:  http://securitytracker.com/id/1002570
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Oct 18 2001
Original Entry Date:  Oct 18 2001
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Versions of OpenSSH between 2.5 and 2.9.9
Description:   OpenSSH reported a weakness in OpenSSH's IP-based access control functions when configured for SSH v2 public key authentication. Remote users connecting from IP addresses that are to be restricted may be able to connect.

The vulnerability is due to a weakness in the source IP address access control features in the key file option handling. When source IP based access control is used for SSH protocol v2 public key authentication, the access controls may fail if the 'from=' key file option is enabled in combination with both RSA and DSA keys in the '~/.ssh/authorized_keys2' file.

Whether the vulnerability can be triggered or not reportedly depends on the order of the user keys in the file. If a source IP restricted key (e.g., DSA key) is immediately followed by a different type of key (e.g., RSA key), then the key options for the second key will be applied to both keys. These options include the 'from=' restriction.

OpenSSH reports that the fixed version (2.9.9) contains some changes that may affect users upgrading from previous versions. See the Source Message for details.

Impact:   Remote users with valid authentication credentials can circumvent the system policy and login from disallowed source IP addresses.
Solution:   The vendor has released a fix, available at:

<URI:http://www.trustix.net/pub/Trustix/updates/>
<URI:ftp://ftp.trustix.net/pub/Trustix/updates/>

Users of the SWUP tool can have updates automatically installed using 'swup --upgrade'.

MD5sums of the packages:
ce27541cececa243b00eb7f0fe014b52 ./1.5/SRPMS/openssh-2.9.9p2-2tr.src.rpm
25e1041233671118904e33a4a635ec25 ./1.5/RPMS/openssh-server-2.9.9p2-2tr.i586.rpm
d52614ffe8699d70ab38e232f4e6cdee ./1.5/RPMS/openssh-clients-2.9.9p2-2tr.i586.rpm
f35edee01e9cd64f8fc2c7d9ca1d69a6 ./1.5/RPMS/openssh-2.9.9p2-2tr.i586.rpm
ce27541cececa243b00eb7f0fe014b52 ./1.2/SRPMS/openssh-2.9.9p2-2tr.src.rpm
e0b703f2aa122ffcc227e3221662c79b ./1.2/RPMS/openssh-server-2.9.9p2-2tr.i586.rpm
f72cfcff2e0c6015a82907199c4c1f8d ./1.2/RPMS/openssh-clients-2.9.9p2-2tr.i586.rpm
1993d5406aea3b5cee61382fd8251c7b ./1.2/RPMS/openssh-2.9.9p2-2tr.i586.rpm
ce27541cececa243b00eb7f0fe014b52 ./1.1/SRPMS/openssh-2.9.9p2-2tr.src.rpm
59a2901dbb94b7fccd8b70ed6e8a397e ./1.1/RPMS/openssh-server-2.9.9p2-2tr.i586.rpm
030c0299b0d2d6a1be73af507e615439 ./1.1/RPMS/openssh-clients-2.9.9p2-2tr.i586.rpm
a2663f08c24cedcc9a4bef80b524ea2d ./1.1/RPMS/openssh-2.9.9p2-2tr.i586.rpm

Vendor URL:  www.openssh.org/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Trustix)

Message History:   This archive entry is a follow-up to the message listed below.
Sep 26 2001 OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations



 Source Message Contents

Subject:  TSLSA-2001-0023 - OpenSSH


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2001-0023

Package name:      OpenSSH
Summary:           Possible login from disallowed source IP addresses.
Date:              2001-10-17
Affected versions: TSL 1.01, 1.1, 1.2, 1.5

- --------------------------------------------------------------------------

Problem description:
  From the OpenSSH Security Advisory (adv.option):
    Depending on the order of the user keys in ~/.ssh/authorized_keys2
    sshd might fail to apply the source IP based access control
    restriction (e.g.  from="10.0.0.1") to the correct key.

    Impact:
    Users can circumvent the system policy and login from disallowed
    source IP addresses.

Action:
  We recommend that all systems with this package installed are upgraded.


Location:
  All TSL updates are available from
  <URI:http://www.trustix.net/pub/Trustix/updates/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/updates/>


Automatic updates:
  Users of the SWUP tool, can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Get SWUP from:
  <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.net/support/>


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key available from:
  <URI:http://www.trustix.net/TSL-GPG-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.net/errata/trustix-1.2/>
  <URI:http://www.trustix.net/errata/trustix-1.5/>
  or directly at
  <URI:http://www.trustix.net/errata/misc/2001/TSL-2001-0023-openssh.asc.txt>

MD5sums of the packages:
- --------------------------------------------------------------------------
ce27541cececa243b00eb7f0fe014b52 ./1.5/SRPMS/openssh-2.9.9p2-2tr.src.rpm
25e1041233671118904e33a4a635ec25 ./1.5/RPMS/openssh-server-2.9.9p2-2tr.i586.rpm
d52614ffe8699d70ab38e232f4e6cdee ./1.5/RPMS/openssh-clients-2.9.9p2-2tr.i586.rpm
f35edee01e9cd64f8fc2c7d9ca1d69a6 ./1.5/RPMS/openssh-2.9.9p2-2tr.i586.rpm
ce27541cececa243b00eb7f0fe014b52 ./1.2/SRPMS/openssh-2.9.9p2-2tr.src.rpm
2f78f08cf93f1fd4df969d4d060e51b3 ./1.2/RPMS/openssh-server-2.9.9p2-2tr.i586.rpm
56121327d5df59a7cf496cf5e432bfd5 ./1.2/RPMS/openssh-clients-2.9.9p2-2tr.i586.rpm
e9ad319aab3476f39f36394b39c82aa0 ./1.2/RPMS/openssh-2.9.9p2-2tr.i586.rpm
ce27541cececa243b00eb7f0fe014b52 ./1.1/SRPMS/openssh-2.9.9p2-2tr.src.rpm
566819db6cf81de6c7a6ec94d1c7ad01 ./1.1/RPMS/openssh-server-2.9.9p2-2tr.i586.rpm
517fdde2a4a9009cc6c5918280bd4bc2 ./1.1/RPMS/openssh-clients-2.9.9p2-2tr.i586.rpm
6d1ea6e77a9ded67380eab90252b2487 ./1.1/RPMS/openssh-2.9.9p2-2tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7zYOCwRTcg4BxxS0RAupfAJ9W0A4do56ym1b8Rc7wZ+QUCalKlACfS/xA
FRIYqiGZyGts8sZyqbh/dl0=
=+H9Y
-----END PGP SIGNATURE-----

_______________________________________________
tsl-announce mailing list
tsl-announce@trustix.org
http://www.trustix.org/mailman/listinfo.cgi/tsl-announce


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC