OpenSSH Buffer Mismanagement Vulnerabilities

OpenSSH Buffer Mismanagement Vulnerabilities

Solution:
HP have released a revised advisory (HPSBUX0309-282) and fixes for HP-UX 11.00, 11.11, 11.22 and 11.23. Customers are advised to apply appropriate fixes as soon as possible. Further information regarding obtaining and applying these fixes is available in the referenced advisory.

Revised Cisco advisory (ID:45322) is available. The advisory announces the release of a fix for CatOS and lists Cisco PGW 2200 Softswitch as a vulnerable product. See the referenced advisory for additional details.

SCO have released a revised advisory (CSSA-2003-SCO.24.1) that fixes a bug in previous fixes that caused SSH to work for a root login only. Affected users are advised to apply appropriate fixes as soon as possible. See referenced advisory for more details.

Sun has released an updated Sun Alert 56861 to address this issue. Additionally, fixes have been made available to address this issue and are linked below. See referenced advisory for additional details.

Patches to address this issue on affected Blue Coat Systems are pending release.

SCO has released an advisory (CSSA-2003-027.0) to address these issues on OpenLinux systems. Please see the referenced advisory for further detail regarding obtaining and applying fixes.

Cisco has released a revised security advisory (cisco-sa-20030917-openssh) containing details on affected and unaffected platforms. Additionally Cisco has released workarounds for CatOS in this advisory. Customers who are affected by this issue are advised to see the referenced Cisco advisory for further details. Fixes to address these issues are reported to be pending release. A fix release schedule for Cisco CatOS and other products is included in the advisory.

Cisco has also noted that attempts to exploit this issue may also trigger other SSH-related vulnerabilities that were previously reported. It is also possible that attempts to exploit those issues could also trigger a denial of service due to these issues.

Mandrake has released an advisory (MDKSA-2003:090-1) and fixes to address this issue. Affected users are advised to apply these fixes as soon as possible. Further information regarding the application of these fixes is available in the referenced advisory.

Debian has released an advisory (DSA-383-1) and fixes to address this issue in ssh-krb5. Affected users are advised to apply these fixes as soon as possible. Further information regarding the application of these fixes is available in the referenced advisory.

SuSE has released an updated advisory (SuSE-SA:2003:039) and fixes to address all of the reported issues. Please refer to the advisory for details on obtaining and applying fixes.

Slackware has updated their advisory (SSA:2003-259-01) to include fixes for the subsequent issues that have been reported. Affected users are advised to apply these fixes as soon as possible.

Mandrake has released an advisory (MDKSA-2003:090) and fixes to address this issue. Affected users are advised to apply these fixes as soon as possible. Further information regarding the application of these fixes is available in the referenced advisory. This advisory does not appear to address the subsequent issues.

Immunix has released a revised advisory (IMNX-2003-7+-020-02) and fixes to address these issues. Affected users are advised to apply these fixes as soon as possible. Further information regarding applying fixes is available in the referenced advisory.

Debian has released a revised advisory (DSA-382-2) and fixes to address all of the buffer mismanagement issues. Affected users are advised to apply these fixes as soon as possible. Further information regarding applying fixes is available in the referenced advisory.

FreeBSD has updated FreeBSD-SA-03:12 to include fix information for all reported issues. Please see the attached advisory for details on obtaining and applying fixes.

Red Hat has released an updated version of their advisory (RHSA-2003:279-02) and fixes to address all of the issues. Affected users are advised to apply these fixes as soon as possible. Further information regarding applying fixes is available in the referenced advisory.

EnGarde has released a revised advisory (ESA-20030916-024) to address all of the reported issues. Please see the attached advisory for details on obtaining and applying fixes. EnGarde customers can apply updates automatically via the Guardian Digital WebTool.

Gentoo has released an updated advisory (200309-12) for this issue. Gentoo upgrades can still be applied using the following commands:

emerge sync
emerge openssh
emerge clean

Revised OpenBSD patches are available.

Trustix has released an advisory (TSLSA-2003-0033) that addresses these issues. Please see the attached advisory for details on obtaining and applying fixes.

OpenPKG has released an advisory (OpenPKG-SA-2003.040) to address these issues. See the attached advisory for details on obtaining and applying fixes.

TurboLinux has released an advisory. Please see the attached advisory reference for details on obtaining and applying fixes for TurboLinux.

An advisory has been released for Sorcerer Linux (SORCERER2003-09-17). This advisory only appears to address the initial buffer.c issue and not the additional issues. Please see the advisory for details on applying upgrades.

Conectiva has released an updated advisory (CLA-2003:741) that addresses all of the reported issues. This advisory supercedes CLSA-2003:739. Please refer to CLA-2003:741 for details on obtaining and applying fixes.

NetBSD has released an advisory to address the reported issues. Please see the advisory for details on how to upgrade. NetBSD sources dated 2003-09-17 and prior should be updated to sources dated 2003-09-18 or later.

An advisory is available for Yellow Dog Linux that addresses all of the issues. Yellow Dog may be updated automatically with the yum program. Manual updates are also available.

F-Secure SSH versions (supporting SSH1 only) that were shipped prior to 1998 are prone to these issues, up to and including 1.3.14. These issues are not present in SSH versions 1.3.15 and later. Users are advised to upgrade to recent versions that support SSH2.

OpenSSH included in Openwall GNU/*/Linux is prone to these issues. Updates have been released for Openwall. Users should contact the vendor to obtain these updates.

Sun has confirmed that OpenSSH on Solaris 9 is prone to the issue. Sun Alert 56861 has been released to address this issue. Additionally, temporary fixes have been made available to address this issue. See referenced advisory for additional details.

Network Appliance has stated that SecureAdmin 3.0 on filer and SecureAdmin for NetCache releases 5.5 and above are prone to these issues. Workaround and fix information can be obtained from the vendor.

Cray has stated that the Cray Open Software (COS) package is vulnerable. Fixes will be included in the next COS release.

IBM has stated that vulnerable versions are included in the AIX Toolbox for Linux and the Bonus Pack. OpenSSH 3.4p1, revision 9 in the AIX Toolbox for Linux contains fixes for these issues. Fixes for the Bonus Pack are pending.

** OpenSSH has updated their advisory, suggesting that users upgrade to 3.7.1 instead of 3.7 due to additional issues. The initial vendor fixes do not appear to address these additional issues and many vendors are re-issuing fixes.

Additional Debian advisory DSA-382-3 and fixes have been released. Please see the referenced advisory for more details.

Debian advisory DSA-383-2 and updated fixes have been released. Please see the references advisory for more details.

HP advisory HPSBUX0309-282 and updated fixes have been released. Please see the references advisory for more details.

Stonesoft has released an advisory to address this issue. Please see the web reference for more information.

NetScreen has released an advisory to address this issue. Please see the web reference for more information.

Apple has released security advisory APPLE-SA-2003-09-22 to address this issue. See referenced advisory for additional details.

Sun has released an advisory for Sun Linux to address this issue. Affected users are advised to disable OpenSSH until fixes are available. See referenced advisory for additional details.

SCO has released a fixes for UnixWare 7.1.1, 7.1.3 and Open UNIX 8.0.0. It is listed in advisory CSSA-2003-SCO.22. SCO has also made fixes available for OpenServer 5.0.7, released with advisory CSSA-2003-SCO.24.

CERT has released an advisory CA-2003-24.2 to address this issue. Please see the referenced advisory for more details.

SGI has released advisory 20030904-01-P with fixes to address this issue. SGI has also released an updated advisory 20030904-02-P that includes patches with a more explicit version number to help to differentiate between fixed versions.

Novell has released an advisory (TID2967067) to address these issues. Please see the advisory for further information on how to apply fixes.

Sun have released fixes to address this issue in Sun Linux 5.0.7. Users
who are affected by this issue are advised to apply relevant fixes as soon
as possible. Please see Sun reference (Sun Linux Support - Sun Linux
Patches (Sun)) for further details regarding obtaining and applying
appropriate fixes.

Snapgear has released a pre-release (1.8.5) to address this issue.

Foundry Networks has stated that patches for their affected products are pended. Customers have been advised to contact Foundry?s Technical Assistance Center (TAC) for more information on their release.

Sun has released an update to address this issue in Sun Cobalt RaQ550. Please see the referenced web page for more information.

HP has released a security advisory containing fixes to address this issue for OpenSSH on VirtualVault releases. Users are advised to upgrade by applying the PHSS referenced below.

Revised HP security advisory HPSBUX0311-302 (Rev.1) has been released.

Novell has released Technical Information Document TID2968534 to address issues with NetWare 6.5 Support Pack 1.1(a), which included a fix for these issues. Novell has also released NetWare 6.5 Support Pack 1.1(b) to fix NetWare 6.5 Support Pack 1.1(a). Please see the document in web references for more information.

Fixes available:

RedHat openssh-2.9p2-7.i386.rpm