TUCoPS :: Unix :: General
:: n-158.txt
CERT Portable OpenSSH server PAM vulnerability (CIAC N-158)
__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
CERT: Portable OpenSSH server PAM Vulnerability
[Vulnerability Note VU#209807]
September 30, 2003 18:00 GMT Number N-158
______________________________________________________________________________
PROBLEM: A vulnerability in the Portable OpenSSH server that may corrupt
the PAM conversion stack.
PLATFORM: OpenSSH 3.7.1p1 (portable)
DAMAGE: The complete impact of this vulnerability is not yet known, but
may lead to privilege escalation, or a denial of service.
SOLUTION: Change the config file or apply upgrades.
(Note--changing the config file for CIAC N-157 CERT OpenSSH
PAM challenge authentication failure, fixes this.)
______________________________________________________________________________
VULNERABILITY The risk is MEDIUM. The complete impact of this vulnerability
ASSESSMENT: is not yet known, but may lead to privilege escalation, or a
denial of service.
______________________________________________________________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/n-158.shtml
ORIGINAL BULLETIN: http://www.kb.cert.org/vuls/id/209807
______________________________________________________________________________
[***** Start Vulnerability Note VU#209807 *****]
Vulnerability Note VU#209807
Portable OpenSSH server PAM conversion stack corruption
Overview
There is a vulnerability in the Portable OpenSSH server that may corrupt the PAM
conversion stack.
I. Description
The Portable OpenSSH server contains a vulnerability that may permit an attacker to
corrupt the PAM conversion stack. Versions 3.7p1 and 3.7.1p1 are affected. Note that
the OpenBSD-specific releases are not affected by this issue.
II. Impact
The complete impact of this vulnerability is not yet known, but may lead to privilege
escalation, or a denial of service.
III. Solution
OpenSSH has announced version 3.7.1p2 to resolve this issue.
This issue can be mitigated by not using PAM. Set "UsePAM no" in sshd_config.
Systems Affected
Vendor Status Date Updated
OpenSSH Vulnerable 24-Sep-2003
References
http://marc.theaimsgroup.com/?l=openbsd-misc&m=106432248311634&w=2
http://www.openssh.com/txt/sshpam.adv
Credit
Thanks to OpenSSH for reporting this vulnerability.
This document was written by Jason A Rafail.
Other Information
Date Public 09/23/2003
Date First Published 09/24/2003 11:06:09 AM
Date Last Updated 09/24/2003
CERT Advisory
CVE Name CAN-2003-0787
Metric 1.50
Document Revision 2
[***** End Vulnerability Note VU#209807 *****]
Site design & layout copyright © 1986-2025 AOH