CVE-2003-0786
CVSS10.0
发布时间 :2003-11-17 00:00:00
修订时间 :2008-09-10 15:20:26
NMCOS    

[原文]The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.


[CNNVD]OpenSSH PAM多个安全漏洞(CNNVD-200311-068)

        
        OpenSSH是一种开放源码的SSH协议的实现,初始版本用于OpenBSD平台,现在已经被移植到多种Unix/Linux类操作系统下。
        OpenSSH 3.7p1和3.7.1p1存在多个相关PAM代码的漏洞,远程攻击者可以利用这些漏洞进行攻击,可能未授权访问系统。
        这些问题存在于非标准配置,不使用权限限制的情况下。目前没有详细漏洞细节提供。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:openbsd:openssh:3.7.1p1OpenBSD OpenSSH 3.7.1 p1
cpe:/a:openbsd:openssh:3.7.1OpenBSD OpenSSH 3.7.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0786
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0786
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200311-068
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/602204
(UNKNOWN)  CERT-VN  VU#602204
http://www.openssh.com/txt/sshpam.adv
(UNKNOWN)  CONFIRM  http://www.openssh.com/txt/sshpam.adv
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html
(UNKNOWN)  FULLDISC  20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)
http://www.securityfocus.com/bid/8677
(UNKNOWN)  BID  8677
http://www.securityfocus.com/archive/1/338617
(UNKNOWN)  BUGTRAQ  20030923 Multiple PAM vulnerabilities in portable OpenSSH
http://www.securityfocus.com/archive/1/338616
(UNKNOWN)  BUGTRAQ  20030923 Portable OpenSSH 3.7.1p2 released

- 漏洞信息

OpenSSH PAM多个安全漏洞
危急 未知
2003-11-17 00:00:00 2006-03-28 00:00:00
远程  
        
        OpenSSH是一种开放源码的SSH协议的实现,初始版本用于OpenBSD平台,现在已经被移植到多种Unix/Linux类操作系统下。
        OpenSSH 3.7p1和3.7.1p1存在多个相关PAM代码的漏洞,远程攻击者可以利用这些漏洞进行攻击,可能未授权访问系统。
        这些问题存在于非标准配置,不使用权限限制的情况下。目前没有详细漏洞细节提供。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 可以通过在sshd_config中设置"UsePam no"选项关闭PAM支持。
        厂商补丁:
        OpenSSH
        -------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载升级程序到OpenSSH 3.7.1p2版本:
        
        http://www.openssh.com/portable.html

- 漏洞信息

6071
OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
Local Access Required, Remote / Network Access Authentication Management, Input Manipulation, Misconfiguration
Loss of Confidentiality, Loss of Integrity
Exploit Public

- 漏洞描述

OpenSSH contains a flaw that may allow a malicious user to gain unauthorized privileges. The issue is triggered when the SSH server is configured to use PAM, SSHv1, and challenge-response authentication; the server fails to check the results of its authentication check, and will allow a challenge-response authentication even if the credentials supplied are insufficient. This flaw may lead to a loss of confidentiality and/or integrity.

- 时间线

2003-09-23 Unknow
2003-09-23 Unknow

- 解决方案

Upgrade to version 3.7.1p2 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the vendor-supplied patch, disabling support for PAM in the sshd_config file, disabling support for SSHv1, or by disabling challenge-response authentication.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Multiple Portable OpenSSH PAM Vulnerabilities
Unknown 8677
Yes No
2003-09-23 12:00:00 2007-11-15 12:38:00
Vulnerability announced by the OpenSSH Project.

- 受影响的程序版本

RedHat Linux 9.0 i386
RedHat Linux 8.0 i686
RedHat Linux 8.0 i386
RedHat Linux 8.0
OpenSSH OpenSSH 3.7.1 p1
+ SCO Open Server 5.0.7
OpenSSH OpenSSH 3.7 p1
OpenSSH OpenSSH 3.1 p1
+ Juniper Networks NetScreen-IDP 10 3.0 r2
+ Juniper Networks NetScreen-IDP 10 3.0 r1
+ Juniper Networks NetScreen-IDP 10 3.0
+ Juniper Networks NetScreen-IDP 100 3.0 r2
+ Juniper Networks NetScreen-IDP 100 3.0 r1
+ Juniper Networks NetScreen-IDP 100 3.0
+ Juniper Networks NetScreen-IDP 1000 3.0 r2
+ Juniper Networks NetScreen-IDP 1000 3.0 r1
+ Juniper Networks NetScreen-IDP 1000 3.0
+ Juniper Networks NetScreen-IDP 500 3.0 r2
+ Juniper Networks NetScreen-IDP 500 3.0 r1
+ Juniper Networks NetScreen-IDP 500 3.0
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.3
+ RedHat Linux 7.2
+ RedHat Linux 7.1
+ RedHat Linux for iSeries 7.1
+ RedHat Linux for pSeries 7.1
+ Slackware Linux 8.1
+ Sun Linux 5.0.7
+ Sun Solaris 9
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
Caldera OpenLinux Workstation 3.1.1
Caldera OpenLinux Server 3.1.1
OpenSSH OpenSSH 3.7 .1p2

- 不受影响的程序版本

OpenSSH OpenSSH 3.7 .1p2

- 漏洞讨论

Multiple vulnerabilities have been reported to affect the Portable OpenSSH PAM support implementation. Remote attackers may be able to exploit at least one of these vulnerabilities under a nonstandard configuration with 'privsep' disabled.

- 漏洞利用

UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

- 解决方案

The vendor has released an updated package to address these issues.


OpenSSH OpenSSH 3.1 p1

OpenSSH OpenSSH 3.7 p1

OpenSSH OpenSSH 3.7.1 p1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站