SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   OpenSSH Vendors:   OpenSSH.org
(TurboLinux Issues Fix) Re: Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
SecurityTracker Alert ID:  1007810
SecurityTracker URL:  http://securitytracker.com/id/1007810
CVE Reference:   CVE-2003-0786, CVE-2003-0787   (Links to External Site)
Updated:  Dec 1 2003
Original Entry Date:  Sep 25 2003
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Portable Version Only; 3.7p1 and 3.7.1p1
Description:   A vulnerability was reported in two specific portable versions of OpenSSH in the PAM implementation. A remote user may be able to execute arbitrary code.

It is reported that there are multiple flaws in the new PAM code in portable OpenSSH versions 3.7p1 and 3.7.1p1. In at least one bug, a remote user can cause arbitrary code to be executed on the target system when the target system is in a non-standard configuration (with privsep disabled).

The vendor notes that the OpenBSD releases of OpenSSH do not contain this code and, therefore, are not vulnerable. Also, portable OpenSSH versions prior to 3.6.1p2 are also not affected.

Impact:   A remote user may be able to execute arbitrary code on the target system wtih root privileges.
Solution:   Turbolinux has issued a fix.

Turbolinux 8 Server:

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
841803 28e1c71d64011fdeb6890bd1d8804388

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-3.7.1p2-1.i586.rpm
194122 9a47b953d0e74bfa79a9c1f43f71dc0b
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-askpass-3.7.1p2-1.i586.rpm
33827 dd95b2007be192ee180fa1ebf9a88507
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-askpass-gnome-3.7.1p2-1.i586.rpm
15063 773ec94a46423affa6f2fcfa7eb2bf69
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-clients-3.7.1p2-1.i586.rpm
216067 a564350ed7e95eae22c67f93dc257a7d
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-server-3.7.1p2-1.i586.rpm
232433 e5190c2645f2434bcdd8efaaf4380a6c

Turbolinux 8 Workstation:

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
841803 9b3681f7e3b5d46476f9b2dadbf656d6

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-3.7.1p2-1.i586.rpm
194125 72f3152f1a0d92b008656484e52721a4
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-askpass-3.7.1p2-1.i586.rpm
33851 1e24e132581470557f0298c49c1c3911
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-clients-3.7.1p2-1.i586.rpm
216079 b33a5ac4e3e955aa20bfb1597d72678c
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-server-3.7.1p2-1.i586.rpm
232441 3b100ecab1d481348b2d9c34bc13eefd

Turbolinux 7 Server:

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
841803 5b7552ce227d1fa6e31164dfd74fe579

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-3.7.1p2-1.i586.rpm
189907 91aa0affe5082af3a66c8d4e5d2c577e
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-askpass-3.7.1p2-1.i586.rpm
33396 2755d5054107224c792cffce76cd886c
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-clients-3.7.1p2-1.i586.rpm
209945 352a3c633c8f743475cb9a31a81f7d2d
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-server-3.7.1p2-1.i586.rpm
224672 05227a78e45e52c5188719e8431877ef

Turbolinux 7 Workstation:

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
841803 0cf920c645518accdd6d1369d5902fca

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-3.7.1p2-1.i586.rpm
189890 138e1ba2457c3bd1b23fadb3723b2e5b
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-askpass-3.7.1p2-1.i586.rpm
33390 b9f74e65f3a22c8bf97b374d4ae4f5c7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-clients-3.7.1p2-1.i586.rpm
209892 dab0ba262edcbaf7de1c380f163a7475
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-server-3.7.1p2-1.i586.rpm
224652 74f5869f1ed88d43f1f04de91a8312c4

Turbolinux Server 6.5:

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
841803 b83358d4ddc0e16c0971ea11044c532b

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-3.7.1p2-1.i386.rpm
212515 5c62cd0702ef1f0d17beb453063ae00d
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-askpass-3.7.1p2-1.i386.rpm
33089 c8c9718c5eefbc43b3117677d891b07f
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-clients-3.7.1p2-1.i386.rpm
242671 1af40c215cd0a70a9dea6604aeff7a6a
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-server-3.7.1p2-1.i386.rpm
256928 70b46c9f15a3f89f40a9ef29415a7737

Turbolinux Advanced Server 6:

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
841803 9d91a813f8000917735ae48e17111ca1

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-3.7.1p2-1.i386.rpm
212519 16a6bd62fbb4b552b373934e383ae77e
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-askpass-3.7.1p2-1.i386.rpm
33052 60e792b20c88e9a72269f8228f097927
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-askpass-gnome-3.7.1p2-1.i386.rpm
14745 a9b3b17c787aedc36de18e5fb8e7386c
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-clients-3.7.1p2-1.i386.rpm
242660 9784f16ae31a3b60c9f4816a47097419
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-server-3.7.1p2-1.i386.rpm
256937 2d9143191ee571ce825cfa7b2328d798

Turbolinux Server 6.1:

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
841803 c1c1d4080e488c7268e3d07d93721e54

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-3.7.1p2-1.i386.rpm
212493 a3303ce5d8840e9dea2d37953aed1533
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-askpass-gnome-3.7.1p2-1.i386.rpm
14746 9719a5b46e279e51f79f2d62d9f2e486
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-clients-3.7.1p2-1.i386.rpm
242653 1ad928affe945c9f4ed16a88fd50d27c
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-server-3.7.1p2-1.i386.rpm
256900 20678d3a42f343f719ee5714935b7145

Turbolinux Workstation 6.0:

Source Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
841803 7ab6a9ff0498668f34d5808765241c24

Binary Packages
Size : MD5

ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-3.7.1p2-1.i386.rpm
212455 91b1c2bac21f19fcf164ace0cb35738a
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-askpass-3.7.1p2-1.i386.rpm
33059 9c0cbfc3c6e95c93bf46ce4ce5b46647
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-askpass-gnome-3.7.1p2-1.i386.rpm
14741 f7f2f56a8926f035f7a88a0056b59fd7
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-clients-3.7.1p2-1.i386.rpm
242573 4ac5947c8216e9126a86b6e817a42636
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-server-3.7.1p2-1.i386.rpm
256873 12261912bdd5ede5abcbbd868f936ffe

Vendor URL:  www.openssh.com/txt/sshpam.adv (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Turbo Linux)
Underlying OS Comments:  6.0, 6.1, 6.5, 7, 8

Message History:   This archive entry is a follow-up to the message listed below.
Sep 23 2003 Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code



 Source Message Contents

Subject:  [Full-Disclosure] [TURBOLINUX SECURITY INFO] 24/Sep/2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is an announcement only email list for the x86 architecture.
============================================================
Turbolinux Security Announcement 24/Sep/2003
============================================================

The following page contains the security information of Turbolinux Inc.

 - Turbolinux Security Center
   http://www.turbolinux.com/security/

 (1) openssh -> Multiple PAM vulnerabilities in portable OpenSSH


===========================================================
* openssh -> Multiple PAM vulnerabilities in portable OpenSSH
===========================================================

More information :
    OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools
    that increasing numbers of people on the Internet are coming to rely on. 
    Portable OpenSSH versions 3.7p1 and 3.7.1p1 contain multiple vulnerabilities
    in the new PAM code.

 Impact :
    This vulnerability may allow a remote attacker to execute arbitrary code.

 Affected Products :
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1
    - Turbolinux Workstation 6.0


 Solution :
    Please use turbopkg tool to apply the update.


 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
       841803 28e1c71d64011fdeb6890bd1d8804388

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-3.7.1p2-1.i586.rpm
       194122 9a47b953d0e74bfa79a9c1f43f71dc0b
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-askpass-3.7.1p2-1.i586.rpm
        33827 dd95b2007be192ee180fa1ebf9a88507
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-askpass-gnome-3.7.1p2-1.i586.rpm
        15063 773ec94a46423affa6f2fcfa7eb2bf69
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-clients-3.7.1p2-1.i586.rpm
       216067 a564350ed7e95eae22c67f93dc257a7d
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-server-3.7.1p2-1.i586.rpm
       232433 e5190c2645f2434bcdd8efaaf4380a6c

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
       841803 9b3681f7e3b5d46476f9b2dadbf656d6

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-3.7.1p2-1.i586.rpm
       194125 72f3152f1a0d92b008656484e52721a4
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-askpass-3.7.1p2-1.i586.rpm
        33851 1e24e132581470557f0298c49c1c3911
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-clients-3.7.1p2-1.i586.rpm
       216079 b33a5ac4e3e955aa20bfb1597d72678c
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-server-3.7.1p2-1.i586.rpm
       232441 3b100ecab1d481348b2d9c34bc13eefd

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
       841803 5b7552ce227d1fa6e31164dfd74fe579

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-3.7.1p2-1.i586.rpm
       189907 91aa0affe5082af3a66c8d4e5d2c577e
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-askpass-3.7.1p2-1.i586.rpm
        33396 2755d5054107224c792cffce76cd886c
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-clients-3.7.1p2-1.i586.rpm
       209945 352a3c633c8f743475cb9a31a81f7d2d
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-server-3.7.1p2-1.i586.rpm
       224672 05227a78e45e52c5188719e8431877ef

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
       841803 0cf920c645518accdd6d1369d5902fca

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-3.7.1p2-1.i586.rpm
       189890 138e1ba2457c3bd1b23fadb3723b2e5b
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-askpass-3.7.1p2-1.i586.rpm
        33390 b9f74e65f3a22c8bf97b374d4ae4f5c7
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-clients-3.7.1p2-1.i586.rpm
       209892 dab0ba262edcbaf7de1c380f163a7475
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/openssh-server-3.7.1p2-1.i586.rpm
       224652 74f5869f1ed88d43f1f04de91a8312c4

 <Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
       841803 b83358d4ddc0e16c0971ea11044c532b

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-3.7.1p2-1.i386.rpm
       212515 5c62cd0702ef1f0d17beb453063ae00d
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-askpass-3.7.1p2-1.i386.rpm
        33089 c8c9718c5eefbc43b3117677d891b07f
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-clients-3.7.1p2-1.i386.rpm
       242671 1af40c215cd0a70a9dea6604aeff7a6a
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/openssh-server-3.7.1p2-1.i386.rpm
       256928 70b46c9f15a3f89f40a9ef29415a7737

 <Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
       841803 9d91a813f8000917735ae48e17111ca1

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-3.7.1p2-1.i386.rpm
       212519 16a6bd62fbb4b552b373934e383ae77e
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-askpass-3.7.1p2-1.i386.rpm
        33052 60e792b20c88e9a72269f8228f097927
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-askpass-gnome-3.7.1p2-1.i386.rpm
        14745 a9b3b17c787aedc36de18e5fb8e7386c
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-clients-3.7.1p2-1.i386.rpm
       242660 9784f16ae31a3b60c9f4816a47097419
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/openssh-server-3.7.1p2-1.i386.rpm
       256937 2d9143191ee571ce825cfa7b2328d798

 <Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
       841803 c1c1d4080e488c7268e3d07d93721e54

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-3.7.1p2-1.i386.rpm
       212493 a3303ce5d8840e9dea2d37953aed1533
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-askpass-gnome-3.7.1p2-1.i386.rpm
        14746 9719a5b46e279e51f79f2d62d9f2e486
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-clients-3.7.1p2-1.i386.rpm
       242653 1ad928affe945c9f4ed16a88fd50d27c
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/openssh-server-3.7.1p2-1.i386.rpm
       256900 20678d3a42f343f719ee5714935b7145

 <Turbolinux Workstation 6.0>

   Source Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/openssh-3.7.1p2-1.src.rpm
       841803 7ab6a9ff0498668f34d5808765241c24

   Binary Packages
   Size : MD5

   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-3.7.1p2-1.i386.rpm
       212455 91b1c2bac21f19fcf164ace0cb35738a
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-askpass-3.7.1p2-1.i386.rpm
        33059 9c0cbfc3c6e95c93bf46ce4ce5b46647
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-askpass-gnome-3.7.1p2-1.i386.rpm
        14741 f7f2f56a8926f035f7a88a0056b59fd7
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-clients-3.7.1p2-1.i386.rpm
       242573 4ac5947c8216e9126a86b6e817a42636
   ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/openssh-server-3.7.1p2-1.i386.rpm
       256873 12261912bdd5ede5abcbbd868f936ffe


 Notice :
    After performing the update, it is necessary to restart the sshd secure shell daemon.
    To do this, run the following command as user root.
 ---------------------------------------------
 # /etc/init.d/sshd restart
 or
 # /etc/rc.d/init.d/sshd restart
 ---------------------------------------------


 References :

 OpenSSH Security Advisory
   [Portable OpenSSH Security Advisory: sshpam.adv]
   http://www.openssh.com/txt/sshpam.adv

 openssh-unix-announce
   [Multiple PAM vulnerabilities in portable OpenSSH]
   http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000068.html

 CVE
   [CAN-2003-0682]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0682

 Turbolinux Security Advisory
   [TLSA-2003-51]
   http://www.turbolinux.com/security/TLSA-2003-51.txt


 --------------------------------------------------------------------------
 Revision History
    24 Sep 2003 Initial release
 --------------------------------------------------------------------------


 * You may need to update the turbopkg tool before applying the update.
Please refer to the following URL for detailed information.

  http://www.turbolinux.com/download/zabom.html
  http://www.turbolinux.com/download/zabomupdate.html

Package Update Path
http://www.turbolinux.com/update

============================================================
 * To obtain the public key

Here is the public key

 http://www.turbolinux.com/security/

 * To unsubscribe from the list

If you ever want to remove yourself from this mailing list,
  you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
the word `unsubscribe' in the body (don't include the quotes).

unsubscribe

 * To change your email address

If you ever want to chage email address in this mailing list,
  you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
the following command in the message body:

  chaddr 'old address' 'new address'

If you have any questions or problems, please contact
<supp_info@turbolinux.co.jp>

Thank you!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/cZ0NK0LzjOqIJMwRAkS3AJsGtRi1QFl5vBginyoaGgPUy3GzDQCgtQH+
d7cm7WRRif3u1VaFh6xfW2o=
=JtIU
-----END PGP SIGNATURE-----



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC