Red Hat Security Advisory
| Synopsis: | Updated OpenSSH packages fix potential vulnerabilities |
| Advisory ID: | RHSA-2003:279-02 |
| Issue date: | 2003-09-16 |
| Updated on: | 2003-09-17 |
| Product: | Red Hat Linux |
| Keywords: | |
| Cross references: | |
| Obsoletes: | RHSA-2003:222 |
| CVE Names: | CAN-2003-0693 CAN-2003-0695 CAN-2003-0682 |
1. Topic:
Updated OpenSSH packages are now available that fix bugs that
may be remotely exploitable.
[Updated 17 Sep 2003]
Updated packages are now available to fix additional buffer
manipulation problems which were fixed in OpenSSH 3.7.1. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2003-0695 to these additional issues.
We have also included fixes from Solar Designer for some
additional memory bugs. The Common Vulnerabilities and Exposures
project (cve.mitre.org/) has
assigned the name CAN-2003-0682 to these issues.
2. Relevant releases/architectures:
Red Hat Linux 7.1 – i386
Red Hat Linux 7.2 – i386, ia64
Red Hat Linux 7.3 – i386
Red Hat Linux 8.0 – i386
Red Hat Linux 9 – i386
3. Problem description:
OpenSSH is a suite of network connectivity tools that can be
used to establish encrypted connections between systems on a
network and can provide interactive login sessions and port
forwarding, among other functions.
The OpenSSH team has announced a bug which affects the OpenSSH
buffer handling code. This bug has the potential of being remotely
exploitable. The Common Vulnerabilities and Exposures project
(cve.mitre.org/) has assigned
the name CAN-2003-0693 to this issue.
All users of OpenSSH should immediately apply this update which
contains a backported fix for this issue.
4. Solution:
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.
Please note that this update is also available via Red Hat
Network. Many people find this an easier way to apply updates. To
use Red Hat Network, launch the Red Hat Update Agent with the
following command:
up2date
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.
If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the up2date
client with an updated certificate. The latest version of up2date
is available from the Red Hat FTP site and may also be downloaded
directly from the RHN website:
https://rhn.redhat.com/help/latest-up2date.pxt
5. RPMs required:
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/openssh-3.1p1-13.src.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/openssh-3.1p1-13.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssh-clients-3.1p1-13.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssh-server-3.1p1-13.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssh-askpass-3.1p1-13.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssh-askpass-gnome-3.1p1-13.i386.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/openssh-3.1p1-14.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/openssh-3.1p1-14.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssh-clients-3.1p1-14.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssh-server-3.1p1-14.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssh-askpass-3.1p1-14.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssh-askpass-gnome-3.1p1-14.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/openssh-3.1p1-14.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssh-clients-3.1p1-14.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssh-server-3.1p1-14.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssh-askpass-3.1p1-14.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssh-askpass-gnome-3.1p1-14.ia64.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/openssh-3.1p1-14.src.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/openssh-3.1p1-14.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssh-clients-3.1p1-14.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssh-server-3.1p1-14.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssh-askpass-3.1p1-14.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssh-askpass-gnome-3.1p1-14.i386.rpm
Red Hat Linux 8.0:
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/openssh-3.4p1-7.src.rpm
i386:
ftp://updates.redhat.com/8.0/en/os/i386/openssh-3.4p1-7.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/openssh-clients-3.4p1-7.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/openssh-server-3.4p1-7.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/openssh-askpass-3.4p1-7.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/openssh-askpass-gnome-3.4p1-7.i386.rpm
Red Hat Linux 9:
SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/openssh-3.5p1-11.src.rpm
i386:
ftp://updates.redhat.com/9/en/os/i386/openssh-3.5p1-11.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssh-clients-3.5p1-11.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssh-server-3.5p1-11.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssh-askpass-3.5p1-11.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssh-askpass-gnome-3.5p1-11.i386.rpm
6. Verification:
MD5 sum Package Name
6cb8f6ed9b09b1f3f1f0564b9b1e6b55
7.1/en/os/SRPMS/openssh-3.1p1-13.src.rpm
9fd288589f124600a115c4540b967546
7.1/en/os/i386/openssh-3.1p1-13.i386.rpm
74d1258698990ab13ae3a6654c2ec076
7.1/en/os/i386/openssh-askpass-3.1p1-13.i386.rpm
c451a89e639305fc9b45ebeb22bee53c
7.1/en/os/i386/openssh-askpass-gnome-3.1p1-13.i386.rpm
46db395a09d70a04f78f2f99d7dee598
7.1/en/os/i386/openssh-clients-3.1p1-13.i386.rpm
a90461d8ed836b05db4140bdb334853d
7.1/en/os/i386/openssh-server-3.1p1-13.i386.rpm
2ffa9565705436314cf9b6dedcb30501
7.2/en/os/SRPMS/openssh-3.1p1-14.src.rpm
621313655d8060a0454bd9ea24f2ecc4
7.2/en/os/i386/openssh-3.1p1-14.i386.rpm
14c946af1e46502e65fd2a2e16e720af
7.2/en/os/i386/openssh-askpass-3.1p1-14.i386.rpm
5d21951446986c2c9273b74bc6f24d42
7.2/en/os/i386/openssh-askpass-gnome-3.1p1-14.i386.rpm
e60ebf607207738d0b06a634c872b51e
7.2/en/os/i386/openssh-clients-3.1p1-14.i386.rpm
36f8fcd31f88ddc370fdad1d05ab2faa
7.2/en/os/i386/openssh-server-3.1p1-14.i386.rpm
e05d229d860a745e3deb6919657608e1
7.2/en/os/ia64/openssh-3.1p1-14.ia64.rpm
40052191b71767409de985655a6ef15d
7.2/en/os/ia64/openssh-askpass-3.1p1-14.ia64.rpm
f65ae2b19d3925c561e3f46a655e9933
7.2/en/os/ia64/openssh-askpass-gnome-3.1p1-14.ia64.rpm
1559e98e2067218bc76a31fd92027386
7.2/en/os/ia64/openssh-clients-3.1p1-14.ia64.rpm
b2105a311ac26351368928af2e3573ca
7.2/en/os/ia64/openssh-server-3.1p1-14.ia64.rpm
2ffa9565705436314cf9b6dedcb30501
7.3/en/os/SRPMS/openssh-3.1p1-14.src.rpm
621313655d8060a0454bd9ea24f2ecc4
7.3/en/os/i386/openssh-3.1p1-14.i386.rpm
14c946af1e46502e65fd2a2e16e720af
7.3/en/os/i386/openssh-askpass-3.1p1-14.i386.rpm
5d21951446986c2c9273b74bc6f24d42
7.3/en/os/i386/openssh-askpass-gnome-3.1p1-14.i386.rpm
e60ebf607207738d0b06a634c872b51e
7.3/en/os/i386/openssh-clients-3.1p1-14.i386.rpm
36f8fcd31f88ddc370fdad1d05ab2faa
7.3/en/os/i386/openssh-server-3.1p1-14.i386.rpm
47f4de9e51a25484b1e0cac9f9b4676c
8.0/en/os/SRPMS/openssh-3.4p1-7.src.rpm
422872397649f06ae7953ef00ffcc319
8.0/en/os/i386/openssh-3.4p1-7.i386.rpm
e4f58b8ae54132ef930c6dbe852fa581
8.0/en/os/i386/openssh-askpass-3.4p1-7.i386.rpm
b6ea35700c46e03a4012a7f1dcef5c6d
8.0/en/os/i386/openssh-askpass-gnome-3.4p1-7.i386.rpm
1e4af9a4cfb4e2b13858183758bf7d11
8.0/en/os/i386/openssh-clients-3.4p1-7.i386.rpm
887c34bbbd631b8093c74062bb641120
8.0/en/os/i386/openssh-server-3.4p1-7.i386.rpm
e08da954970897a6617fa1862232afe6
9/en/os/SRPMS/openssh-3.5p1-11.src.rpm
8598eddc12b2f06c34464a24d549d9af
9/en/os/i386/openssh-3.5p1-11.i386.rpm
48b23604aad9ecebb9f55807c562491d
9/en/os/i386/openssh-askpass-3.5p1-11.i386.rpm
e64a662054f7efeb6a0172fdadc26c92
9/en/os/i386/openssh-askpass-gnome-3.5p1-11.i386.rpm
922cf88933eeda965d6ad7534051c17e
9/en/os/i386/openssh-clients-3.5p1-11.i386.rpm
f58b37fc0290039448c450c3eb9630df
9/en/os/i386/openssh-server-3.5p1-11.i386.rpm
These packages are GPG signed by Red Hat for security. Our key
is available from https://www.redhat.com/security/keys.html
You can verify each package with the following command:
rpm –checksig -v
If you only wish to verify that each package has not been
corrupted or tampered with, examine only the md5sum with the
following command:
md5sum
7. References:
http://www.openssh.com/txt/buffer.adv
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0682
8. Contact:
The Red Hat security contact is <<A
HREF=”mailto:[email protected]”>[email protected]>. More
contact details at https://www.redhat.com/solutions/security/news/contact.html
Copyright 2003 Red Hat, Inc.
Red Hat Security Advisory
| Synopsis: | Updated Sendmail packages fix vulnerability. |
| Advisory ID: | RHSA-2003:283-01 |
| Issue date: | 2003-09-17 |
| Updated on: | 2003-09-17 |
| Product: | Red Hat Linux |
| Keywords: | |
| Cross references: | |
| Obsoletes: | RHSA-2003:265 |
| CVE Names: | CAN-2003-0694 CAN-2003-0681 |
- Topic:
Updated Sendmail packages that fix a potentially-exploitable
vulnerability are now available.
2. Relevant releases/architectures:
Red Hat Linux 7.1 – i386
Red Hat Linux 7.2 – i386, ia64
Red Hat Linux 7.3 – i386
Red Hat Linux 8.0 – i386
Red Hat Linux 9 – i386
3. Problem description:
Sendmail is a widely used Mail Transport Agent (MTA) and is
included in all Red Hat Linux distributions.
Michal Zalewski found a bug in the prescan() function of
unpatched Sendmail versions prior to 8.12.10. The sucessful
exploitation of this bug can lead to heap and stack structure
overflows. Although no exploit currently exists, this issue is
locally exploitable and may also be remotely exploitable. The
Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2003-0694 to this issue.
Additionally, for Red Hat Linux 8.0 and 9 we have included a fix
for a potential buffer overflow in ruleset parsing. This problem is
not exploitable in the default sendmail configuration; it is
exploitable only if non-standard rulesets recipient (2), final (4),
or mailer-specific envelope recipients rulesets are used. The
Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2003-0681 to this issue.
All users are advised to update to these erratum packages
containing a backported patch which corrects these
vulnerabilities.
4. Solution:
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.
Please note that this update is also available via Red Hat
Network. Many people find this an easier way to apply updates. To
use Red Hat Network, launch the Red Hat Update Agent with the
following command:
up2date
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.
If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the up2date
client with an updated certificate. The latest version of up2date
is available from the Red Hat FTP site and may also be downloaded
directly from the RHN website:
https://rhn.redhat.com/help/latest-up2date.pxt
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla
for more info):
104563 – CAN-2003-0694 Sendmail possible remote exploit
6. RPMs required:
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/sendmail-8.11.6-27.71.src.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/sendmail-8.11.6-27.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/sendmail-doc-8.11.6-27.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/sendmail-devel-8.11.6-27.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/sendmail-cf-8.11.6-27.71.i386.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/sendmail-8.11.6-27.72.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/sendmail-8.11.6-27.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/sendmail-doc-8.11.6-27.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/sendmail-devel-8.11.6-27.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/sendmail-cf-8.11.6-27.72.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/sendmail-8.11.6-27.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/sendmail-doc-8.11.6-27.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/sendmail-devel-8.11.6-27.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/sendmail-cf-8.11.6-27.72.ia64.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/sendmail-8.11.6-27.73.src.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/sendmail-8.11.6-27.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/sendmail-doc-8.11.6-27.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/sendmail-devel-8.11.6-27.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/sendmail-cf-8.11.6-27.73.i386.rpm
Red Hat Linux 8.0:
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/sendmail-8.12.8-9.80.src.rpm
i386:
ftp://updates.redhat.com/8.0/en/os/i386/sendmail-8.12.8-9.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/sendmail-doc-8.12.8-9.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/sendmail-devel-8.12.8-9.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/sendmail-cf-8.12.8-9.80.i386.rpm
Red Hat Linux 9:
SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/sendmail-8.12.8-9.90.src.rpm
i386:
ftp://updates.redhat.com/9/en/os/i386/sendmail-8.12.8-9.90.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/sendmail-doc-8.12.8-9.90.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/sendmail-devel-8.12.8-9.90.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/sendmail-cf-8.12.8-9.90.i386.rpm
7. Verification:
MD5 sum Package Name
675b4366f9894a73944ed8f91cea5c7d
7.1/en/os/SRPMS/sendmail-8.11.6-27.71.src.rpm
faed73b08e50794290423dd2b8c8bc9f
7.1/en/os/i386/sendmail-8.11.6-27.71.i386.rpm
bf1cc813beded26219d81e7fb0a5cc8b
7.1/en/os/i386/sendmail-cf-8.11.6-27.71.i386.rpm
b3658219e5a31c2a788a828b80044581
7.1/en/os/i386/sendmail-devel-8.11.6-27.71.i386.rpm
4c47bae883878e661312561bb35fdd1d
7.1/en/os/i386/sendmail-doc-8.11.6-27.71.i386.rpm
0fc61a1454c0c4a06f35105bc2b497f3
7.2/en/os/SRPMS/sendmail-8.11.6-27.72.src.rpm
65054b5ca258e62afa68a6cc3439d64f
7.2/en/os/i386/sendmail-8.11.6-27.72.i386.rpm
c4dfd211300fbadd2f7482c80094054b
7.2/en/os/i386/sendmail-cf-8.11.6-27.72.i386.rpm
24f6d31f51e7688bc261ffe4ee248280
7.2/en/os/i386/sendmail-devel-8.11.6-27.72.i386.rpm
213f9dbe89703c90eb970bf09121adfe
7.2/en/os/i386/sendmail-doc-8.11.6-27.72.i386.rpm
2fff7128169ae9a3a3cf4e7f3418a64a
7.2/en/os/ia64/sendmail-8.11.6-27.72.ia64.rpm
2ad3274246e74dad6462ce1d630b0fc9
7.2/en/os/ia64/sendmail-cf-8.11.6-27.72.ia64.rpm
7c4330087840a86ad38e459879211768
7.2/en/os/ia64/sendmail-devel-8.11.6-27.72.ia64.rpm
fae68ef232f32b3736964d2fdcea77de
7.2/en/os/ia64/sendmail-doc-8.11.6-27.72.ia64.rpm
afa8639444b6fc6b2889d18b34fcdc68
7.3/en/os/SRPMS/sendmail-8.11.6-27.73.src.rpm
9164913aa510c0c241646cf7134f6b4c
7.3/en/os/i386/sendmail-8.11.6-27.73.i386.rpm
5ac5d48dbc80c817d384e1267452ef96
7.3/en/os/i386/sendmail-cf-8.11.6-27.73.i386.rpm
df4b107c15fdbfd8c7c97423956831d8
7.3/en/os/i386/sendmail-devel-8.11.6-27.73.i386.rpm
370ec17f86d5658b3f7f9adcf0102a69
7.3/en/os/i386/sendmail-doc-8.11.6-27.73.i386.rpm
368c156b23b89d1a0d7eb1cecb3011e2
8.0/en/os/SRPMS/sendmail-8.12.8-9.80.src.rpm
fbecae564b08ab535f846b089c8ca3a9
8.0/en/os/i386/sendmail-8.12.8-9.80.i386.rpm
da5ede78cf6da018537a741bd4f1df70
8.0/en/os/i386/sendmail-cf-8.12.8-9.80.i386.rpm
66fdacc34440831977a571dfb6540e58
8.0/en/os/i386/sendmail-devel-8.12.8-9.80.i386.rpm
6afa3f6f6e79e4fbda7c5026cea277c7
8.0/en/os/i386/sendmail-doc-8.12.8-9.80.i386.rpm
870a1c9b2cf0e161ae7d0e78d0c080f4
9/en/os/SRPMS/sendmail-8.12.8-9.90.src.rpm
2d2d9df08fa8084ceafb832d454ad543
9/en/os/i386/sendmail-8.12.8-9.90.i386.rpm
c44250016b8b353a1985fa4510a50327
9/en/os/i386/sendmail-cf-8.12.8-9.90.i386.rpm
98dadb898089fc7952790f38cbe71f96
9/en/os/i386/sendmail-devel-8.12.8-9.90.i386.rpm
bc6dadfb2f68215c09b876972f5c74b5
9/en/os/i386/sendmail-doc-8.12.8-9.90.i386.rpm
These packages are GPG signed by Red Hat for security. Our key
is available from https://www.redhat.com/security/keys.html
You can verify each package with the following command:
rpm –checksig -v
If you only wish to verify that each package has not been
corrupted or tampered with, examine only the md5sum with the
following command:
md5sum
8. References:
http://marc.theaimsgroup.com/?l=bugtraq&m=106381604923204&w=2
http://www.sendmail.org/8.12.10.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0681
9. Contact:
The Red Hat security contact is <<A
HREF=”mailto:[email protected]”>[email protected]>. More
contact details at https://www.redhat.com/solutions/security/news/contact.html
Copyright 2003 Red Hat, Inc.