SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   SSH Vendors:   Sun
Sun Solaris sshd May Fail to Log SSH Client IP Addresses
SecurityTracker Alert ID:  1009708
SecurityTracker URL:  http://securitytracker.com/id/1009708
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 8 2004
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in the Sun Secure Shell Daemon (sshd(1M)). In a certain configuration, the system may not log SSH client IP addresses.

Sun reported that there is a flaw in the Sun Secure Shell Daemon (sshd(1M)) when in a certain configuration. The daemon may fail to log the IP address of client systems that connect using the ssh(1) client utility. Instead, the daemon will log all zeros rather than the correct IP address.

An example of an incorrect log entry is provided:

Apr 2 16:38:16 sunhost sshd[124383]: [ID 800047 auth.info] Accepted
password for username from 0.0.0.0 port 53979 ssh2

Sun states that the system is only affected if the sshd configuration file (sshd_config(4); '/etc/ssh/sshd_config') has the "ListenAddress" keyword configured as "0.0.0.0".

Solaris 9 is affected. Solaris 7 and 8 are not affected because they do not include the Sun Secure Shell Daemon (sshd(1M)).

Impact:   The system may fail to log SSH client IP addresses.
Solution:   Sun has issued the following fixes:

SPARC Platform

Solaris 9 with patch 113273-05 or later

x86 Platform

Solaris 9 with patch 114858-04 or later

Also, a workaround is provided in the Sun Alert, available at:

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57538

Vendor URL:  sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57538 (Links to External Site)
Cause:   State error
Underlying OS:  UNIX (Solaris - SunOS)
Underlying OS Comments:  Solaris 9

Message History:   None.


 Source Message Contents

Subject:  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57538


http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57538

57538   The Sun Secure Shell Daemon (sshd(1M)) May Fail to Log SSH Client IP Addresses   7 
Apr 2004

Sun reported that there is a flaw in the Sun Secure Shell Daemon (sshd(1M)) when in a 
certain configuration.  The daemon may fail to log the IP address of client systems that 
connect using the ssh(1) client utility.  Instead, the daemon will log all zeros rather 
than the correct IP address.

Solaris 9 is affected.  Solaris 7 and 8 are not affected because they do not include the 
Sun Secure Shell Daemon (sshd(1M)).

Sun reports that the system is only affected if the sshd configuration file 
(sshd_config(4); '/etc/ssh/sshd_config') has the "ListenAddress" keyword configured as 
"0.0.0.0".



An example of an incorrect log entry is provided:

     Apr  2 16:38:16 sunhost sshd[124383]: [ID 800047 auth.info] Accepted
     password for username from 0.0.0.0 port 53979 ssh2


Sun has issued the following fixes:

SPARC Platform

Solaris 9 with patch 113273-05 or later

x86 Platform

Solaris 9 with patch 114858-04 or later


Also, a workaround is provided in the Sun Alert.


-----

Sun Alert ID: 57538
Synopsis: The Sun Secure Shell Daemon (sshd(1M)) May Fail to Log SSH Client IP Addresses
Category: Security
Product: Solaris
BugIDs: 4725702
Avoidance: Patch, Workaround
State: Resolved
Date Released: 07-Apr-2004
Date Closed: 07-Apr-2004
Date Modified:

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC