CVE-2005-2798
CVSS5.0
发布时间 :2005-09-06 13:03:00
修订时间 :2011-03-07 21:25:02
NMCOPS    

[原文]sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.


[CNNVD]OpenSSH GSSAPI 证书信息泄露漏洞(CNNVD-200509-039)

        OpenSSH 是 SSH (Secure SHell) 协议的免费开源实现。它用安全、加密的网络连接工具代替了 telnet、ftp、 rlogin、rsh 和 rcp 工具。
        当启用GSSAPIDelegateCredentials时,OpenSSH before 4.2以前的版本中的sshd允许把GSSAPI证书信息授权给通过非GSSAPI方式登录的用户。这使得,GSSAPI证书信息被暴露给了不可信用户或主机。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:openbsd:openssh:3.3OpenBSD OpenSSH 3.3
cpe:/a:openbsd:openssh:3.5OpenBSD OpenSSH 3.5
cpe:/a:openbsd:openssh:3.8OpenBSD OpenSSH 3.8
cpe:/a:openbsd:openssh:3.1p1OpenBSD OpenSSH 3.1 p1
cpe:/a:openbsd:openssh:3.0.2OpenBSD OpenSSH 3.0.2
cpe:/a:openbsd:openssh:3.6.1OpenBSD OpenSSH 3.6.1
cpe:/a:openbsd:openssh:3.0.1OpenBSD OpenSSH 3.0.1
cpe:/a:openbsd:openssh:3.0OpenBSD OpenSSH 3.0
cpe:/a:openbsd:openssh:3.1OpenBSD OpenSSH 3.1
cpe:/a:openbsd:openssh:3.4OpenBSD OpenSSH 3.4
cpe:/a:openbsd:openssh:3.2.2p1OpenBSD OpenSSH 3.2.2 p1
cpe:/a:openbsd:openssh:3.6OpenBSD OpenSSH 3.6
cpe:/a:openbsd:openssh:3.4p1OpenBSD OpenSSH 3.4 p1
cpe:/a:openbsd:openssh:3.0.1p1OpenBSD OpenSSH 3.0.1 p1
cpe:/a:openbsd:openssh:3.0p1OpenBSD OpenSSH 3.0 p1
cpe:/a:openbsd:openssh:3.8.1OpenBSD OpenSSH 3.8.1
cpe:/a:openbsd:openssh:3.5p1OpenBSD OpenSSH 3.5 p1
cpe:/a:openbsd:openssh:4.1p1OpenBSD OpenSSH Portable 4.1.p1
cpe:/a:openbsd:openssh:3.6.1p1OpenBSD OpenSSH 3.6.1 p1
cpe:/a:openbsd:openssh:4.0p1OpenBSD OpenSSH Portable 4.0.p1
cpe:/a:openbsd:openssh:3.8.1p1OpenBSD OpenSSH 3.8.1 p1
cpe:/a:openbsd:openssh:3.6.1p2OpenBSD OpenSSH 3.6.1 p2
cpe:/a:openbsd:openssh:3.9.1p1OpenBSD OpenSSH 3.9.1 p1
cpe:/a:openbsd:openssh:3.2.3p1OpenBSD OpenSSH 3.2.3 p1
cpe:/a:openbsd:openssh:3.2OpenBSD OpenSSH 3.2
cpe:/a:openbsd:openssh:3.3p1OpenBSD OpenSSH 3.3 p1
cpe:/a:openbsd:openssh:3.7.1p2OpenBSD OpenSSH 3.7.1 p2
cpe:/a:openbsd:openssh:3.0.2p1OpenBSD OpenSSH 3.0.2p1
cpe:/a:openbsd:openssh:3.7OpenBSD OpenSSH 3.7
cpe:/a:openbsd:openssh:3.7.1OpenBSD OpenSSH 3.7.1
cpe:/a:openbsd:openssh:3.9.1OpenBSD OpenSSH 3.9.1
cpe:/a:openbsd:openssh:3.9OpenBSD OpenSSH 3.9

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9717sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using...
oval:org.mitre.oval:def:1566Leaking GSSAPI Credentials Vulnerability (B.11.00/B.11.11)
oval:org.mitre.oval:def:1345Leaking GSSAPI Credentials Vulnerability (B.11.23)
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2798
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2798
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200509-039
(官方数据源) CNNVD

- 其它链接及资源

http://secunia.com/advisories/16686
(VENDOR_ADVISORY)  SECUNIA  16686
http://www.vupen.com/english/advisories/2006/0144
(UNKNOWN)  VUPEN  ADV-2006-0144
http://www.ubuntulinux.org/support/documentation/usn/usn-209-1
(UNKNOWN)  UBUNTU  USN-209-1
http://www.securityfocus.com/bid/14729
(UNKNOWN)  BID  14729
http://www.securityfocus.com/archive/1/archive/1/421411/100/0/threaded
(UNKNOWN)  HP  SSRT051058
http://www.securityfocus.com/archive/1/archive/1/421411/100/0/threaded
(UNKNOWN)  HP  HPSBUX02090
http://www.redhat.com/support/errata/RHSA-2005-527.html
(UNKNOWN)  REDHAT  RHSA-2005:527
http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html
(UNKNOWN)  MLIST  [openssh-unix-announce] 20050901 Announce: OpenSSH 4.2 released
http://www.mandriva.com/security/advisories?name=MDKSA-2005:172
(UNKNOWN)  MANDRIVA  MDKSA-2005:172
http://secunia.com/advisories/18406
(UNKNOWN)  SECUNIA  18406
http://secunia.com/advisories/18010
(UNKNOWN)  SECUNIA  18010
http://secunia.com/advisories/17245
(UNKNOWN)  SECUNIA  17245
http://secunia.com/advisories/17077
(UNKNOWN)  SECUNIA  17077
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt
(UNKNOWN)  SCO  SCOSA-2005.53
http://xforce.iss.net/xforce/xfdb/24064
(UNKNOWN)  XF  hpux-secure-shell-dos(24064)
http://www.osvdb.org/19141
(UNKNOWN)  OSVDB  19141
http://support.avaya.com/elmodocs2/security/ASA-2006-033.htm
(UNKNOWN)  SECUNIA  18661
http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm
http://securitytracker.com/id?1014845
(UNKNOWN)  SECTRACK  1014845
http://secunia.com/advisories/18717
(UNKNOWN)  SECUNIA  18717
http://secunia.com/advisories/18507
(UNKNOWN)  SECUNIA  18507
http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html
(UNKNOWN)  SUSE  SUSE-SR:2006:003

- 漏洞信息

OpenSSH GSSAPI 证书信息泄露漏洞
中危 设计错误
2005-09-06 00:00:00 2006-03-28 00:00:00
远程  
        OpenSSH 是 SSH (Secure SHell) 协议的免费开源实现。它用安全、加密的网络连接工具代替了 telnet、ftp、 rlogin、rsh 和 rcp 工具。
        当启用GSSAPIDelegateCredentials时,OpenSSH before 4.2以前的版本中的sshd允许把GSSAPI证书信息授权给通过非GSSAPI方式登录的用户。这使得,GSSAPI证书信息被暴露给了不可信用户或主机。

- 公告与补丁

        暂无数据

- 漏洞信息 (F42971)

HP Security Bulletin 2005-10.58 (PacketStormID:F42971)
2006-01-11 00:00:00
Hewlett Packard,HP  hp.com
advisory,remote,denial of service,shell
hpux
CVE-2005-2096,CVE-2005-2798
[点击下载]

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Secure Shell. The vulnerability could be remotely exploited to allow a remote unauthorized user to create a Denial of Service (DoS).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00589050

Version: 1

HPSBUX02090 SSRT051058 rev.1 - HP-UX Secure Shell Remote Denial of
Service (DoS)

NOTICE: The information in this Security Bulletin should be acted
upon as soon as possible.

Release Date: 2006-01-05
Last Updated: 2006-01-09

Potential Security Impact: Remote Denial of Service (DoS).

Source: Hewlett-Packard Company,
        HP Software Security Response Team

VULNERABILITY SUMMARY

A potential security vulnerability has been identified with HP-UX
running Secure Shell. The vulnerability could be remotely
exploited to allow a remote unauthorized user to create a Denial
of Service (DoS).

References: CVE-2005-2096, CAN-2005-2798

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.00, B.11.11, B.11.23.

BACKGROUND

To determine if an HP-UX system has an affected version, search
the output of "swlist -a revision -l fileset" for one of the
filesets listed below. For affected systems verify that the
recommended action has been taken.

AFFECTED VERSIONS

HP-UX B.11.00
HP-UX B.11.11
===========
Secure_Shell.SECURE_SHELL
action:install revision A.04.20.004 or subsequent

HP-UX B.11.23
===========
Secure_Shell.SECURE_SHELL
action:install revision A.04.20.005 or subsequent

END AFFECTED VERSIONS

RESOLUTION

HP is providing the following HP-UX Secure Shell (T1471AA) updates
to resolve this potential vulnerability. These updates can be
downloaded from http://software.hp.com

HP-UX B.11.00 - HP-UX Secure Shell A.04.20.004
HP-UX B.11.11 - HP-UX Secure Shell A.04.20.004
HP-UX B.11.23 - HP-UX Secure Shell A.04.20.005

The HP-UX Secure Shell A.04.20.004 and A.04.20.005 are based on
OpenSSH 4.2p1, including the following libraries: zlib1.2.3,
OpenSSL v0.9.7i and TCP Wrappers v7.6.

MANUAL ACTIONS: Yes - Update
Download and install the appropriate update from
http://software.hp.com

PRODUCT SPECIFIC INFORMATION

HP-UX Security Patch Check: Security Patch Check revision B.02.00
analyzes all HP-issued Security Bulletins to provide a subset of
recommended actions that potentially affect a specific HP-UX
system. For more information:
http://software.hp.com/portal/swdepot/displayProductInfo.do?
productNumber=B6834AA

HISTORY:
Version: 1 (rev.1) 09 January 2006 Initial release


Support: For further information, contact normal HP Services
support channel.

Report: To report a potential security vulnerability with any HP
supported product, send Email to: security-alert@hp.com.  It is
strongly recommended that security related information being
communicated to HP be encrypted using PGP, especially exploit
information.  To get the security-alert PGP key, please send an
e-mail message as follows:
  To: security-alert@hp.com
  Subject: get key

Subscribe: To initiate a subscription to receive future HP
Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&
langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC

On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
  - check ALL categories for which alerts are required and
    continue.
Under Step2: your ITRC operating systems
  - verify your operating system selections are checked and
    save.

To update an existing subscription:
http://h30046.www3.hp.com/subSignIn.php
Log in on the web page:
  Subscriber's choice for Business: sign-in.
On the web page:
  Subscriber's Choice: your profile summary
    - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit:
http://www.itrc.hp.com/service/cki/secBullArchive.do

* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters of the
Bulletin number in the title:

    GN = HP General SW,
    MA = HP Management Agents,
    MI = Misc. 3rd party SW,
    MP = HP MPE/iX,
    NS = HP NonStop Servers,
    OV = HP OpenVMS,
    PI = HP Printing & Imaging,
    ST = HP Storage SW,
    TL = HP Trusted Linux,
    TU = HP Tru64 UNIX,
    UX = HP-UX,
    VV = HP Virtual Vault


System management and security procedures must be reviewed
frequently to maintain system integrity. HP is continually
reviewing and enhancing the security features of software products
to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to
bring to the attention of users of the affected HP products the
important security information contained in this Bulletin. HP
recommends that all users determine the applicability of this
information to their individual situations and take appropriate
action. HP does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently, HP
will not be responsible for any damages resulting from user's use
or disregard of the information provided in this Bulletin. To the
extent permitted by law, HP disclaims all warranties, either
express or implied, including the warranties of merchantability
and fitness for a particular purpose, title and non-infringement."


(c)Copyright 2006 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or
editorial errors or omissions contained herein. The information
provided is provided "as is" without warranty of any kind. To the
extent permitted by law, neither HP nor its affiliates,
subcontractors or suppliers will be liable for incidental, special
or consequential damages including downtime cost; lost profits;
damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration.
The information in this document is subject to change without
notice. Hewlett-Packard Company and the names of Hewlett-Packard
products referenced herein are trademarks of Hewlett-Packard
Company in the United States and other countries. Other product
and company names mentioned herein may be trademarks of their
respective owners.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQ8OhQeAfOvwtKn1ZEQIDSQCfSJPJSHVuBjTwlD/72MyeMKkiB10AoIBv
WKp90DN6eK4UaK4Q1fnxfLMo
=OHdO
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F40778)

usn-208-1.txt (PacketStormID:F40778)
2005-10-18 00:00:00
Martin Pitt  security.ubuntu.com
advisory,info disclosure
linux,ubuntu
CVE-2005-2798
[点击下载]

Ubuntu Security Notice USN-208-1 - An information disclosure vulnerability has been found in the SSH server. When the GSSAPIAuthentication option was enabled, the SSH server could send GSSAPI credentials even to users who attempted to log in with a method other than GSSAPI. This could inadvertently expose these credentials to an untrusted user.

===========================================================
Ubuntu Security Notice USN-208-1	   October 17, 2005
openssh vulnerability
CAN-2005-2798
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

openssh-server

The problem can be corrected by upgrading the affected package to
version 1:3.8.1p1-11ubuntu3.2 (for Ubuntu 4.10), or 1:3.9p1-1ubuntu2.1
(for Ubuntu 5.04).  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

An information disclosure vulnerability has been found in the SSH
server. When the GSSAPIAuthentication option was enabled, the SSH
server could send GSSAPI credentials even to users who attempted to
log in with a method other than GSSAPI. This could inadvertently
expose these credentials to an untrusted user.

Please note that this does not affect the default configuration of the
SSH server.


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_3.8.1p1-11ubuntu3.2.diff.gz
      Size/MD5:   145915 b3fde6ad57fa71c6fedd0d857a41b98d
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_3.8.1p1-11ubuntu3.2.dsc
      Size/MD5:      878 24b7a0d1b0bc1b12b4bfcdbe6523175f
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_3.8.1p1.orig.tar.gz
      Size/MD5:   795948 9ce6f2fa5b2931ce2c4c25f3af9ad50d

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_3.8.1p1-11ubuntu3.2_all.deb
      Size/MD5:    30068 9ef84fcec461c2890a1623499383b845

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_3.8.1p1-11ubuntu3.2_amd64.udeb
      Size/MD5:   159440 464c3d1ddad5e743c3f87fab0801bd91
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_3.8.1p1-11ubuntu3.2_amd64.deb
      Size/MD5:   524028 51bda380ea97ef5d49d475b4d210fb6d
    http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_3.8.1p1-11ubuntu3.2_amd64.udeb
      Size/MD5:   176150 f0456146f631cb925407693de6c707ae
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_3.8.1p1-11ubuntu3.2_amd64.deb
      Size/MD5:   263790 a5014d5e2e28be860944fee7087c2d30
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_3.8.1p1-11ubuntu3.2_amd64.deb
      Size/MD5:    53286 933c38274907edc3033e5728beb8a7f0

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_3.8.1p1-11ubuntu3.2_i386.udeb
      Size/MD5:   133700 91e3983782270ba83ead5fdf75cf6056
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_3.8.1p1-11ubuntu3.2_i386.deb
      Size/MD5:   473980 57c5dd711cb4bba5af54b377ddf25727
    http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_3.8.1p1-11ubuntu3.2_i386.udeb
      Size/MD5:   146854 94bae5597a13d613d1a7fe6d34e8312c
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_3.8.1p1-11ubuntu3.2_i386.deb
      Size/MD5:   241586 3761cc46ab91630196103390b86d36f4
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_3.8.1p1-11ubuntu3.2_i386.deb
      Size/MD5:    52956 35adb2d5dafd2b25d0aaa73c87b8231c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_3.8.1p1-11ubuntu3.2_powerpc.udeb
      Size/MD5:   151096 34eaad307c336ec22cdd062ab8343918
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_3.8.1p1-11ubuntu3.2_powerpc.deb
      Size/MD5:   520822 be831a5152a07823c8a3642de79c23c3
    http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_3.8.1p1-11ubuntu3.2_powerpc.udeb
      Size/MD5:   160176 aae5f5a422bc2086c78581b05f6eb71b
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_3.8.1p1-11ubuntu3.2_powerpc.deb
      Size/MD5:   257946 0960bfb03e1682d28086d5b11bc55f51
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_3.8.1p1-11ubuntu3.2_powerpc.deb
      Size/MD5:    54404 5729a05da0f88afe145a38ac80c92ae5

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_3.9p1-1ubuntu2.1.diff.gz
      Size/MD5:   139063 63d2f62b292d2ac8baec90117878dbbd
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_3.9p1-1ubuntu2.1.dsc
      Size/MD5:      866 a4fce3d18d282f646942b15fb7a26915
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_3.9p1.orig.tar.gz
      Size/MD5:   832804 530b1dcbfe7a4a4ce4959c0775b85a5a

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_3.9p1-1ubuntu2.1_all.deb
      Size/MD5:    30784 6c4ec282b6ad44325c9e4cb7e9f99133

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_3.9p1-1ubuntu2.1_amd64.udeb
      Size/MD5:   166004 ad72e257534bca3288a87f42da24321a
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_3.9p1-1ubuntu2.1_amd64.deb
      Size/MD5:   541790 5ea523c81b6d60f06aacba79cba0d1ca
    http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_3.9p1-1ubuntu2.1_amd64.udeb
      Size/MD5:   178906 e299cfe208e71c00ab70966fd45fc896
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_3.9p1-1ubuntu2.1_amd64.deb
      Size/MD5:   278618 06a33a10eae290df72a1bac94147ae91
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_3.9p1-1ubuntu2.1_amd64.deb
      Size/MD5:    62376 17d33928bfe3099328a580ff0049ad5a

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_3.9p1-1ubuntu2.1_i386.udeb
      Size/MD5:   138820 2f62cd70e9b0ae744fb648633b82e3f2
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_3.9p1-1ubuntu2.1_i386.deb
      Size/MD5:   490984 19aa2eee3bebb877825ca4cc56fc0a28
    http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_3.9p1-1ubuntu2.1_i386.udeb
      Size/MD5:   148848 dfe53e11807c424c82627519b54f50f0
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_3.9p1-1ubuntu2.1_i386.deb
      Size/MD5:   255490 cd0d1f2c1e542ce117aeb6f323f50f29
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_3.9p1-1ubuntu2.1_i386.deb
      Size/MD5:    61982 0c6e0e48f00a03bf8d578386ba2ecc67

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_3.9p1-1ubuntu2.1_powerpc.udeb
      Size/MD5:   157968 493980c3c33a672090dfbf1abbf3e373
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_3.9p1-1ubuntu2.1_powerpc.deb
      Size/MD5:   538048 05826f416d68106a2c43b8c292cf4173
    http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_3.9p1-1ubuntu2.1_powerpc.udeb
      Size/MD5:   163124 bb83628be05ff708f46af190ffad7700
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_3.9p1-1ubuntu2.1_powerpc.deb
      Size/MD5:   272738 40ae3f2b793802b5ad55f75d983354df
    http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_3.9p1-1ubuntu2.1_powerpc.deb
      Size/MD5:    63500 6c6daed8410fa8216e896f2c778f476c
    

- 漏洞信息 (F40489)

Mandriva Linux Security Advisory 2005.172 (PacketStormID:F40489)
2005-10-07 00:00:00
Mandriva  mandriva.com
advisory
linux,mandriva
CVE-2005-2798
[点击下载]

Mandriva Linux Security Update Advisory - Sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. GSSAPI is only enabled in versions of openssh shipped in LE2005 and greater.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           openssh
 Advisory ID:            MDKSA-2005:172
 Date:                   October 6th, 2005

 Affected versions:	 10.2
 ______________________________________________________________________

 Problem Description:

 Sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, 
 allows GSSAPI credentials to be delegated to clients who log in using
 non-GSSAPI methods, which could cause those credentials to be exposed 
 to untrusted users or hosts.
 
 GSSAPI is only enabled in versions of openssh shipped in LE2005 and
 greater.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2798
 ______________________________________________________________________

 Updated Packages:
  
 Mandrivalinux 10.2:
 5b16f3323d58303c290bf4b8c4e2a4b3  10.2/RPMS/openssh-3.9p1-9.1.102mdk.i586.rpm
 2a7fca4e1c99008a53cb9498c1bd9840  10.2/RPMS/openssh-askpass-3.9p1-9.1.102mdk.i586.rpm
 65f397d175fb638d0e73912a7e9faa7d  10.2/RPMS/openssh-askpass-gnome-3.9p1-9.1.102mdk.i586.rpm
 2733baa7c0258da37920d66a7f1ee9d3  10.2/RPMS/openssh-clients-3.9p1-9.1.102mdk.i586.rpm
 a93cd3020e41bd6b25c3fa57ca8586f8  10.2/RPMS/openssh-server-3.9p1-9.1.102mdk.i586.rpm
 f90cfc307f313e14ddd919fc729f1984  10.2/SRPMS/openssh-3.9p1-9.1.102mdk.src.rpm

 Mandrivalinux 10.2/X86_64:
 545f0245578cee586f2ded4b3616061a  x86_64/10.2/RPMS/openssh-3.9p1-9.1.102mdk.x86_64.rpm
 98962ab477d7cc19338d04acdb462ec1  x86_64/10.2/RPMS/openssh-askpass-3.9p1-9.1.102mdk.x86_64.rpm
 0935a8dd00cdb2604e6fd37a6913cb91  x86_64/10.2/RPMS/openssh-askpass-gnome-3.9p1-9.1.102mdk.x86_64.rpm
 7c124895fc7fad47d1e88ee3ebe91daf  x86_64/10.2/RPMS/openssh-clients-3.9p1-9.1.102mdk.x86_64.rpm
 27bc59e934f3d196470611cc4e9dd430  x86_64/10.2/RPMS/openssh-server-3.9p1-9.1.102mdk.x86_64.rpm
 f90cfc307f313e14ddd919fc729f1984  x86_64/10.2/SRPMS/openssh-3.9p1-9.1.102mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDReVGmqjQ0CJFipgRAgi7AJoDZK/7jx9vTmuREYGwbuuHWPZBpgCeM6Nu
tKt935OPASf8jkciIGK6c2w=
=ekrb
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息

19141
OpenSSH GSSAPIAuthentication Credential Escalation
Remote / Network Access Authentication Management
Loss of Integrity Upgrade
Exploit Unknown Vendor Verified

- 漏洞描述

OpenSSH contains a flaw that may allow a remote user to gain elevated privileges. The issue occurs when GSSAPIDelegateCredentials is enabled and may delegate GSSAPI credentials to arbitrary users that authenticate using non-GSSAPI methods.

- 时间线

2005-09-01 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 4.2p1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

OpenSSH GSSAPI Credential Disclosure Vulnerability
Design Error 14729
Yes No
2005-09-01 12:00:00 2007-03-15 03:34:00
Paul Moore disclosed this issue to the vendor.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
SCO Unixware 7.1.4
SCO Unixware 7.1.3
SCO Open Server 6.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Enterprise Server 9
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Enterprise Linux AS 4
OpenSSH OpenSSH 4.1
OpenSSH OpenSSH 4.0 p1
OpenSSH OpenSSH 4.0
OpenSSH OpenSSH 3.9 p1
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
OpenSSH OpenSSH 3.8.1 p1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
OpenSSH OpenSSH 3.8 p1
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
OpenSSH OpenSSH 3.7.1 p1
+ SCO Open Server 5.0.7
OpenSSH OpenSSH 3.7.1
OpenSSH OpenSSH 3.7 p1
OpenSSH OpenSSH 3.7 .1p2
OpenSSH OpenSSH 3.7
OpenSSH OpenSSH 3.6.1 p2
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Trustix Secure Linux 2.0
OpenSSH OpenSSH 3.6.1 p1
+ OpenPKG OpenPKG Current
+ Slackware Linux 9.0
+ Slackware Linux -current
OpenSSH OpenSSH 3.6.1
+ Novell Netware 6.5
OpenSSH OpenSSH 3.5 p1
+ Conectiva Linux 9.0
+ OpenPKG OpenPKG 1.2
+ RedHat Linux 9.0 i386
+ S.u.S.E. Linux Personal 8.2
+ Terra Soft Solutions Yellow Dog Linux 3.0
OpenSSH OpenSSH 3.5
OpenSSH OpenSSH 3.4 p1-1
OpenSSH OpenSSH 3.4 p1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux Enterprise Edition 1.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ FreeBSD FreeBSD 5.0
+ FreeBSD FreeBSD 4.7 -RELEASE
+ FreeBSD FreeBSD 4.7
+ IBM AIX 5.1 L
+ IBM AIX 4.3.3
+ Immunix Immunix OS 7+
+ RedHat Linux 8.0
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0
+ Slackware Linux 8.1
OpenSSH OpenSSH 3.4
OpenSSH OpenSSH 3.3 p1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
OpenSSH OpenSSH 3.3
+ Openwall Openwall GNU/*/Linux (Owl)-current
OpenSSH OpenSSH 3.2.3 p1
OpenSSH OpenSSH 3.2.2 p1
+ Apple Mac OS X 10.1.5
+ Apple Mac OS X 10.1.4
+ Apple Mac OS X 10.1.3
+ Apple Mac OS X 10.1.2
+ Apple Mac OS X 10.1.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X 10.0.4
+ Apple Mac OS X 10.0.3
+ Apple Mac OS X 10.0.2
+ Apple Mac OS X 10.0.1
+ Apple Mac OS X 10.0
OpenSSH OpenSSH 3.2
+ OpenBSD OpenBSD 3.1
OpenSSH OpenSSH 3.1 p1
+ Juniper Networks NetScreen-IDP 10 3.0 r2
+ Juniper Networks NetScreen-IDP 10 3.0 r1
+ Juniper Networks NetScreen-IDP 10 3.0
+ Juniper Networks NetScreen-IDP 100 3.0 r2
+ Juniper Networks NetScreen-IDP 100 3.0 r1
+ Juniper Networks NetScreen-IDP 100 3.0
+ Juniper Networks NetScreen-IDP 1000 3.0 r2
+ Juniper Networks NetScreen-IDP 1000 3.0 r1
+ Juniper Networks NetScreen-IDP 1000 3.0
+ Juniper Networks NetScreen-IDP 500 3.0 r2
+ Juniper Networks NetScreen-IDP 500 3.0 r1
+ Juniper Networks NetScreen-IDP 500 3.0
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.3
+ RedHat Linux 7.2
+ RedHat Linux 7.1
+ RedHat Linux for iSeries 7.1
+ RedHat Linux for pSeries 7.1
+ Slackware Linux 8.1
+ Sun Linux 5.0.7
+ Sun Solaris 9
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
OpenSSH OpenSSH 3.1
OpenSSH OpenSSH 3.0.2 p1
+ Guardian Digital Engarde Secure Linux 1.0.1
+ HP VirtualVault 4.6
OpenSSH OpenSSH 3.0.2
- Debian Linux 3.0
+ FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07
+ FreeBSD FreeBSD 4.5 -RELEASE
+ OpenPKG OpenPKG 1.0
+ Openwall Openwall GNU/*/Linux 0.1 -stable
+ S.u.S.E. Linux 8.0
OpenSSH OpenSSH 3.0.1 p1
OpenSSH OpenSSH 3.0.1
OpenSSH OpenSSH 3.0 p1
OpenSSH OpenSSH 3.0
OpenSSH OpenSSH 2.9.9
+ NetBSD NetBSD 1.5.2
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.2
OpenSSH OpenSSH 2.9 p2
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
- Conectiva Linux 5.0
- Conectiva Linux graficas
- Conectiva Linux ecommerce
+ FreeBSD FreeBSD 4.4 -RELENG
+ HP Secure OS software for Linux 1.0
+ Immunix Immunix OS 7.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ RedHat Linux 7.2
+ RedHat Linux 7.1
+ RedHat Linux 7.0
- S.u.S.E. Linux 7.3 sparc
- S.u.S.E. Linux 7.3 ppc
- S.u.S.E. Linux 7.3 i386
- S.u.S.E. Linux 7.2 i386
- S.u.S.E. Linux 7.1 x86
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 alpha
+ Sun Cobalt RaQ 550
OpenSSH OpenSSH 2.9 p1
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- IBM AIX 4.3.1
- IBM AIX 4.3
OpenSSH OpenSSH 2.9
+ FreeBSD FreeBSD 4.6 -RELEASE
+ FreeBSD FreeBSD 4.6
+ FreeBSD FreeBSD 4.5 -RELEASE
+ FreeBSD FreeBSD 4.5
OpenSSH OpenSSH 2.5.2
- Caldera OpenUnix 8.0
- Caldera UnixWare 7.1.1
- Wirex Immunix OS 6.2
OpenSSH OpenSSH 2.5.1
+ NetBSD NetBSD 1.5.1
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. SuSE eMail Server III
- SCO Open Server 5.0.6 a
- SCO Open Server 5.0.6
- SCO Open Server 5.0.5
- SCO Open Server 5.0.4
- SCO Open Server 5.0.3
- SCO Open Server 5.0.2
- SCO Open Server 5.0.1
- SCO Open Server 5.0
+ SuSE SUSE Linux Enterprise Server 7
OpenSSH OpenSSH 2.5
OpenSSH OpenSSH 2.3
- S.u.S.E. Linux 7.0 sparc
- S.u.S.E. Linux 7.0 ppc
- S.u.S.E. Linux 7.0 i386
- S.u.S.E. Linux 7.0 alpha
- S.u.S.E. Linux 6.4 ppc
- S.u.S.E. Linux 6.4 i386
- S.u.S.E. Linux 6.4 alpha
OpenSSH OpenSSH 2.2 .0p1
OpenSSH OpenSSH 2.2
+ Conectiva Linux 6.0
+ NetBSD NetBSD 1.5
OpenSSH OpenSSH 2.1.1
+ Conectiva Linux 5.1
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
OpenSSH OpenSSH 2.1
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
HP HP-UX 11.23
HP HP-UX 11.11
HP HP-UX 11.0
HP HP-UX B.11.23
HP HP-UX B.11.11
HP HP-UX B.11.11
HP HP-UX B.11.00
Conectiva Linux 10.0
Avaya Predictive Dialing System (PDS) 12.0
Avaya Messaging Storage Server MM3.0
Avaya Intuity Audix R5 0
Avaya Integrated Management
Avaya CVLAN
OpenSSH OpenSSH 4.2

- 不受影响的程序版本

OpenSSH OpenSSH 4.2

- 漏洞讨论

OpenSSH is susceptible to a GSSAPI credential-delegation vulnerability.

Specifically, if a user has GSSAPI authentication configured, and 'GSSAPIDelegateCredentials' is enabled, their Kerberos credentials will be forwarded to remote hosts. This occurs even when the user employs authentication methods other than GSSAPI to connect, which is not usually expected.

This vulnerability allows remote attackers to improperly gain access to GSSAPI credentials, allowing them to use those credentials to access resources granted to the original principal.

This issue affects versions of OpenSSH prior to 4.2.

- 漏洞利用

An exploit is not required.

- 解决方案

Please see the referenced advisories for more information.

The vendor has released version 4.2 of OpenSSH to address this issue.


HP HP-UX 11.0

HP HP-UX 11.11

HP HP-UX 11.23

OpenSSH OpenSSH 2.1

OpenSSH OpenSSH 2.1.1

OpenSSH OpenSSH 2.2

OpenSSH OpenSSH 2.2 .0p1

OpenSSH OpenSSH 2.3

OpenSSH OpenSSH 2.5

OpenSSH OpenSSH 2.5.1

OpenSSH OpenSSH 2.5.2

OpenSSH OpenSSH 2.9 p2

OpenSSH OpenSSH 2.9 p1

OpenSSH OpenSSH 2.9

OpenSSH OpenSSH 2.9.9

OpenSSH OpenSSH 3.0

OpenSSH OpenSSH 3.0 p1

OpenSSH OpenSSH 3.0.1

OpenSSH OpenSSH 3.0.1 p1

OpenSSH OpenSSH 3.0.2

OpenSSH OpenSSH 3.0.2 p1

OpenSSH OpenSSH 3.1

OpenSSH OpenSSH 3.1 p1

OpenSSH OpenSSH 3.2

OpenSSH OpenSSH 3.2.2 p1

OpenSSH OpenSSH 3.2.3 p1

OpenSSH OpenSSH 3.3

OpenSSH OpenSSH 3.3 p1

OpenSSH OpenSSH 3.4 p1

OpenSSH OpenSSH 3.4 p1-1

OpenSSH OpenSSH 3.4

OpenSSH OpenSSH 3.5

OpenSSH OpenSSH 3.5 p1

OpenSSH OpenSSH 3.6.1 p1

OpenSSH OpenSSH 3.6.1

OpenSSH OpenSSH 3.6.1 p2

OpenSSH OpenSSH 3.7 p1

OpenSSH OpenSSH 3.7

OpenSSH OpenSSH 3.7 .1p2

OpenSSH OpenSSH 3.7.1 p1

OpenSSH OpenSSH 3.7.1

OpenSSH OpenSSH 3.8 p1

OpenSSH OpenSSH 3.8.1 p1

OpenSSH OpenSSH 3.9 p1

OpenSSH OpenSSH 4.0 p1

OpenSSH OpenSSH 4.1

SCO Open Server 6.0

SCO Unixware 7.1.3

SCO Unixware 7.1.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站