-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:034 http://www.mandriva.com/security/ _______________________________________________________________________ Package : openssh Date : February 6, 2006 Affected: 10.1, 10.2, 2006.0, Corporate 3.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A flaw was discovered in the scp local-to-local copy implementation where filenames that contain shell metacharacters or spaces are expanded twice, which could lead to the execution of arbitrary commands if a local user could be tricked into a scp'ing a specially crafted filename. The provided updates bump the OpenSSH version to the latest release version of 4.3p1. A number of differences exist, primarily dealing with PAM authentication over the version included in Corporate 3.0 and MNF2. In particular, the default sshd_config now only accepts protocol 2 connections and UsePAM is now disabled by default. On systems using alternate authentication methods (ie. LDAP) that use the PAM stack for authentication, you will need to enable UsePAM. Note that the default /etc/pam.d/sshd file has also been modified to use the pam_listfile.so module which will deny access to any users listed in /etc/ssh/denyusers (by default, this is only the root user). This is required to preserve the expected behaviour when using "PermitRootLogin without-password"; otherwise it would still be possible to obtain a login prompt and login without using keys. Mandriva Linux 10.1 and newer already have these changes in their shipped versions. There are new features in OpenSSH and users are encouraged to review the new sshd_config and ssh_config files when upgrading. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225 _______________________________________________________________________ Updated Packages: Mandriva Linux 10.1: 4f1958566f5258886743a45f22ef1e34 10.1/RPMS/openssh-4.3p1-0.1.101mdk.i586.rpm f817eb7108f59f33beb454ca6e443229 10.1/RPMS/openssh-askpass-4.3p1-0.1.101mdk.i586.rpm db84193dba5e3f5c1e225275abe8b641 10.1/RPMS/openssh-askpass-gnome-4.3p1-0.1.101mdk.i586.rpm a9ce7f968bcff665f647262a2ccd5d75 10.1/RPMS/openssh-clients-4.3p1-0.1.101mdk.i586.rpm 72ca79bc593835e75bf9d8996d4dd900 10.1/RPMS/openssh-server-4.3p1-0.1.101mdk.i586.rpm 33d2f96a7696b009e218ae0b721252f7 10.1/SRPMS/openssh-4.3p1-0.1.101mdk.src.rpm Mandriva Linux 10.1/X86_64: 4f1030c6ee3a954d2edfc74e33e42ecb x86_64/10.1/RPMS/openssh-4.3p1-0.1.101mdk.x86_64.rpm d53686d7ede0f71a113cd129b9251b61 x86_64/10.1/RPMS/openssh-askpass-4.3p1-0.1.101mdk.x86_64.rpm 519e7a06bcd2dab1faeea0f890f87b17 x86_64/10.1/RPMS/openssh-askpass-gnome-4.3p1-0.1.101mdk.x86_64.rpm 77bf38dce2398fad97c67527bfecce98 x86_64/10.1/RPMS/openssh-clients-4.3p1-0.1.101mdk.x86_64.rpm 78e6936ccd813adfb65878c9ddf171e3 x86_64/10.1/RPMS/openssh-server-4.3p1-0.1.101mdk.x86_64.rpm 33d2f96a7696b009e218ae0b721252f7 x86_64/10.1/SRPMS/openssh-4.3p1-0.1.101mdk.src.rpm Mandriva Linux 10.2: e9d694810e62424f76bbfd8289dde78d 10.2/RPMS/openssh-4.3p1-0.1.102mdk.i586.rpm f20adbb972331bd47cd7757438d57b04 10.2/RPMS/openssh-askpass-4.3p1-0.1.102mdk.i586.rpm 7f3c599cce33a46f1dc3cee971809cd2 10.2/RPMS/openssh-askpass-gnome-4.3p1-0.1.102mdk.i586.rpm cab8ee8878caa0be59a9fce2436ca108 10.2/RPMS/openssh-clients-4.3p1-0.1.102mdk.i586.rpm 89b36beb1e7efc313f7a7072e93f4fa8 10.2/RPMS/openssh-server-4.3p1-0.1.102mdk.i586.rpm 59d044910a86509f132504e08c8c6ca3 10.2/SRPMS/openssh-4.3p1-0.1.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 0c78958b6a0c0a2dede35971d1aade4f x86_64/10.2/RPMS/openssh-4.3p1-0.1.102mdk.x86_64.rpm b010db3117a2af7f0ffa2782065fec64 x86_64/10.2/RPMS/openssh-askpass-4.3p1-0.1.102mdk.x86_64.rpm 41b6f95151ca2c26ff9011e1b37e227f x86_64/10.2/RPMS/openssh-askpass-gnome-4.3p1-0.1.102mdk.x86_64.rpm 2bdb612317f7711a79bec1f66ed400b6 x86_64/10.2/RPMS/openssh-clients-4.3p1-0.1.102mdk.x86_64.rpm 3430540fb77be153a105c624dc8d1ffb x86_64/10.2/RPMS/openssh-server-4.3p1-0.1.102mdk.x86_64.rpm 59d044910a86509f132504e08c8c6ca3 x86_64/10.2/SRPMS/openssh-4.3p1-0.1.102mdk.src.rpm Mandriva Linux 2006.0: c14c845b293b5de9eef2fd38fa664cf0 2006.0/RPMS/openssh-4.3p1-0.1.20060mdk.i586.rpm b4e9bce08d4cb9fd6ea58bfb22582322 2006.0/RPMS/openssh-askpass-4.3p1-0.1.20060mdk.i586.rpm f3b06a0f7582893da708eb731f20ddfc 2006.0/RPMS/openssh-askpass-gnome-4.3p1-0.1.20060mdk.i586.rpm 56b7d3d829cfbadc16727b4cd70435f5 2006.0/RPMS/openssh-clients-4.3p1-0.1.20060mdk.i586.rpm a39dcb6136735a992de272af885b969d 2006.0/RPMS/openssh-server-4.3p1-0.1.20060mdk.i586.rpm a10d5c3b02ded996721063187635f15a 2006.0/SRPMS/openssh-4.3p1-0.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: dbb50e2feb0dacec89f455830307c91a x86_64/2006.0/RPMS/openssh-4.3p1-0.1.20060mdk.x86_64.rpm 9e85c473bbde1843ebb6c9c1c6500540 x86_64/2006.0/RPMS/openssh-askpass-4.3p1-0.1.20060mdk.x86_64.rpm 5d9900f6f1daa7a2a9f27579f9605eba x86_64/2006.0/RPMS/openssh-askpass-gnome-4.3p1-0.1.20060mdk.x86_64.rpm 2c77e52059848c5e83a3e55c4474edfc x86_64/2006.0/RPMS/openssh-clients-4.3p1-0.1.20060mdk.x86_64.rpm 031bcfc66f716724bfbcca9c95959757 x86_64/2006.0/RPMS/openssh-server-4.3p1-0.1.20060mdk.x86_64.rpm a10d5c3b02ded996721063187635f15a x86_64/2006.0/SRPMS/openssh-4.3p1-0.1.20060mdk.src.rpm Corporate 3.0: 546cd58b29300de4500804cff32af1a7 corporate/3.0/RPMS/openssh-4.3p1-0.1.C30mdk.i586.rpm 095a74722e96addb091b5cfba0c21dbe corporate/3.0/RPMS/openssh-askpass-4.3p1-0.1.C30mdk.i586.rpm 1bab5ca1b302bfe34f797e869915f3ca corporate/3.0/RPMS/openssh-askpass-gnome-4.3p1-0.1.C30mdk.i586.rpm 89e4dce7994c4689b38e215e952a730a corporate/3.0/RPMS/openssh-clients-4.3p1-0.1.C30mdk.i586.rpm 10292199734d88055ace14e2c8e3599e corporate/3.0/RPMS/openssh-server-4.3p1-0.1.C30mdk.i586.rpm 9ce440e371ba9b2d0363d49176ae5648 corporate/3.0/SRPMS/openssh-4.3p1-0.1.C30mdk.src.rpm Corporate 3.0/X86_64: 82c9e80e32db96a4ff26a4292b559176 x86_64/corporate/3.0/RPMS/openssh-4.3p1-0.1.C30mdk.x86_64.rpm b9bbe12e01d44953d6c86cd3a9f65af6 x86_64/corporate/3.0/RPMS/openssh-askpass-4.3p1-0.1.C30mdk.x86_64.rpm 5870347a3396863c94d87368cd819934 x86_64/corporate/3.0/RPMS/openssh-askpass-gnome-4.3p1-0.1.C30mdk.x86_64.rpm d5ea4c7e2595f4ba547b3764d76cdee3 x86_64/corporate/3.0/RPMS/openssh-clients-4.3p1-0.1.C30mdk.x86_64.rpm dd16b1d8f78ad1d048b3cb5e1f30a80d x86_64/corporate/3.0/RPMS/openssh-server-4.3p1-0.1.C30mdk.x86_64.rpm 9ce440e371ba9b2d0363d49176ae5648 x86_64/corporate/3.0/SRPMS/openssh-4.3p1-0.1.C30mdk.src.rpm Multi Network Firewall 2.0: 43cee91113a305f010918b320147452c mnf/2.0/RPMS/openssh-4.3p1-0.1.M20mdk.i586.rpm 26ea50f3c198a9a4be7935c67fd853a6 mnf/2.0/RPMS/openssh-askpass-4.3p1-0.1.M20mdk.i586.rpm 97be92c62eccef50269d25d92b0297c1 mnf/2.0/RPMS/openssh-askpass-gnome-4.3p1-0.1.M20mdk.i586.rpm 8d733406cf0897e6206fdfeb0b18e7f9 mnf/2.0/RPMS/openssh-clients-4.3p1-0.1.M20mdk.i586.rpm 91b5423db76153e8aa26429057ef663d mnf/2.0/RPMS/openssh-server-4.3p1-0.1.M20mdk.i586.rpm 8a7c07cd3738c99742c00480232acd10 mnf/2.0/SRPMS/openssh-4.3p1-0.1.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFD55+rmqjQ0CJFipgRAvjDAKDSwcW4klS43hTGIN9dJpcywA58/wCg4AgD hCKX9/LjcxuBh2QQZ4w8+sw= =2iXx -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/