SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   SSH Vendors:   SSH Communications
SSH Communications SSH Secure Shell on IBM AIX Systems Lets Authenticated Remote Users Escape Their 'chroot' Directory
SecurityTracker Alert ID:  1004849
SecurityTracker URL:  http://securitytracker.com/id/1004849
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 26 2002
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.2.0 (Only vulnerable when the chroot functionality is used)
Description:   SSH Communications has released a security advisory warning of a vulnerability in version 3.2.0 of SSH Secure Shell for Servers and Secure Shell for Workstations, only affecting IBM AIX platforms. When chroot functionality is used, a remote authenticated user may be able to access directories and files located outside of the user's chroot directory.

According to the report, there is 'incorrect code' in SSH Secure Shell for Servers and SSH Secure Shell for Workstations version 3.2.0 on AIX when chroot functionality is used that allows all users to have access to all directories in the server. Normally, chroot functionality limits user access below a specified directory tree on the server. Access is typically limited to the user's home directory and it's subdirectories.

The specific nature of the flaw was not disclosed.

Impact:   An authenticated remote user could gain access to files on the system located outside of the user's chroot'd directory.
Solution:   The vendor has released a patch (in diff format), an AIX installation package, and instructions on how to perform the update. These are available at:

ftp://ftp.ssh.com/pub/ssh/patches

Commercial and non-commercial customers can apply the source diff file to the 3.2.0 release source code and create binaries for 3.2.1.

SSH notes that the installation package binaries require a license.dat file, which is available to all 3.2.0 customers on their installation CD or on the package they have downloaded from our e-commerce site.

SSH strongly recommendeds that affected users update their software immediately.

Vendor URL:  www.ssh.com/products/ssh/advisories/AIX-chroot.cfm (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (AIX)

Message History:   None.


 Source Message Contents

Subject:  SSH Secure Shell 3.2.0 for AIX Vulnerability


http://www.ssh.com/products/ssh/advisories/AIX-chroot.cfm

SSH has released a security advisory warning of a vulnerability in SSH
Secure Shell for Servers & Secure Shell for Workstations, version 3.2.0
only.  Only customers using AIX platforms with chroot functionality are
affected.

According to the report, there is 'incorrect code' in 3.2.0 on AIX when
chroot functionality is used that allows all users to have access to all
directories in the server.  Normally, chroot functionality limits user
access below a specified directory tree on the server.  Access is
typically limited to the user's home directory and it's subdirectories. 

An authorized remote user could gain access to files on the system
located outside of the user's chroot'd directory.

SSH strongly recommendeds that affected users update their software
immediately.  

The vendor has released a patch (in diff format), an AIX installation
package, and instructions on how to perform the update.  These are
available at:

ftp://ftp.ssh.com/pub/ssh/patches

Commercial and non-commercial customers can apply the source diff file
to the 3.2.0 release source code and create binaries for 3.2.1.

SSH notes that the installation package binaries require a license.dat
file, which is available to all 3.2.0 customers on their installation CD
or on the package they have downloaded from our e-commerce site.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC