Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > March 2006 > Two SCO Security Advisories: SCOSA-2006.11, SCOSA-2006.12

March 2006

Two SCO Security Advisories: SCOSA-2006.11, SCOSA-2006.12

ID: 00216
Ref: 216
Date: 17 March 2006:14:25:26
Version: 1
Title: Two SCO Security Advisories: SCOSA-2006.11, SCOSA-2006.12
Abstract: 1. A vulnerability has been reported in the OpenSSH scp utilities. 2. Two security issues have been reported in OpenSSH, which can be exploited by malicious users to gain escalated privileges or bypass certain security restrictions.
Vendors affected: SCO
Operating systems affected: SCO
Applications affected: SCO

1.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

SCO Security Advisory

Subject: OpenServer 5.0.6 OpenServer 5.0.7 : OpenSSH Multiple Vulnerabilities
Advisory number: SCOSA-2006.11
Issue date: 2006 March 15
Cross reference: fz529677 fz529833 fz532920 fz532977
CVE-2004-0175 CVE-2005-2666 CVE-2005-2797
______________________________________________________________________________


1. Problem Description

A vulnerability has been reported in the OpenSSH scp
utilities. This issue may permit a malicious scp server
to corrupt files on a client system when files are copied.

SSH, as implemented in OpenSSH before 4.0 and possibly other
implementations, stores hostnames, IP addresses, and keys in
plaintext in the known_hosts file, which makes it easier for
an attacker that has compromised an SSH user's account to
generate a list of additional targets that are more likely
to have the same password or key.

OpenSSH 4.0, and other versions before 4.2, does not properly
handle dynamic port forwarding ("-D" option) when a listen
address is not provided, which may cause OpenSSH to enable
the GatewayPorts functionality.

Only the first 8 characters of a password are significant
in OpenSSH on SCO OpenServer 5.

The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CVE-2004-0175,
CVE-2005-2666, and CVE-2005-2797 to these issues.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
OpenServer 5.0.6 OpenSSH utilities and libraries
OpenServer 5.0.7 OpenSSH utilities and libraries


3. Solution

The proper solution is to install the latest packages.


4. OpenServer 5.0.6

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/openserver5/opensrc/openssh-4.2p1/openssh42p1_vol.tar


4.2 Verification

MD5 (openssh42p1_vol.tar) = cb92de31f9a0b8dbd3dfd82b19bc1d57

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


4.3 Installing Fixed Binaries

See:
ftp://ftp.sco.com/pub/openserver5/opensrc/openssh-4.2p1/openssh-4.2p1.txt


5. OpenServer 5.0.7

5.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar


5.2 Verification

MD5 (osr507mp4_vol.tar) = 4c87d840ff5b43221258547d19030228

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


5.3 Installing Fixed Binaries

See the SCO OpenServer Release 5.0.7 Maintenance Pack 4 Release
and Installation Notes:

ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm


6. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2666
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2797
http://www.securityfocus.com/bid/9986
http://nms.csail.mit.edu/projects/ssh/
http://www.eweek.com/article2/0,1759,1815795,00.asp
http://secunia.com/advisories/16686

SCO security resources:
http://www.sco.com/support/security/index.html

SCO security advisories via email
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents fz529677 fz529833 fz532920
fz532977.


7. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (UnixWare)

iD8DBQFEGE2eaqoBO7ipriERAth5AJ9dtCzhv+ySjWmLAnpyzKxxyFeqpgCeNjfn
I8/86fBWJWJYKMPkUMSNOXQ=
=xy6d
-----END PGP SIGNATURE-----


2.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

SCO Security Advisory

Subject: OpenServer 6.0.0 : OpenSSH Multiple Vulnerabilities
Advisory number: SCOSA-2006.12
Issue date: 2006 March 15
Cross reference: fz532976
CVE-2005-2797 CVE-2005-2798
______________________________________________________________________________


1. Problem Description

Two security issues have been reported in OpenSSH, which can
be exploited by malicious users to gain escalated privileges
or bypass certain security restrictions.

An error in handling dynamic port forwardings when no
listen address is specified, can cause "GatewayPorts" to be
incorrectly activated.

An error in handling GSSAPI credential delegation can allow
a user, who did not login using GSSAPI authentication, to be
delegated with GSSAPI credentials.

Successful exploitation requires that
"GSSAPIDelegateCredentials" is enabled.

The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CVE-2005-2797 and
CVE-2005-2798 to these issues.


2. Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
OpenServer 6.0.0 OpenSSH utilities and libraries


3. Solution

The proper solution is to install the latest packages.


4. OpenServer 6.0.0

4.1 Location of Fixed Binaries

ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.iso


4.2 Verification

MD5 (osr600mp2.iso) = 7e560dcde374eb60df2b4a599ac20d8a

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


4.3 Installing Fixed Binaries

See the SCO OpenServer Release 6.0.0 Maintenance Pack 2 Release
and Installation Notes:

ftp://ftp.sco.com/pub/openserver6/600/mp/osr600mp2/osr600mp2.html


5. References

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2798
http://secunia.com/advisories/16686
http://www.securityfocus.com/bid/14729

SCO security resources:
http://www.sco.com/support/security/index.html

SCO security advisories via email
http://www.sco.com/support/forums/security.html

This security fix closes SCO incidents fz532976.


6. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (UnixWare)

iD8DBQFEGEZLaqoBO7ipriERAks5AKCW9Cy5Pb6BqWwuAnUd2kxCAO84nQCfTV9k
nvjX8U2vLPNAkIm4Wr+RpPw=
=48M6
-----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |