![[BACK]](/icons/back.gif){kind=icon}
Return to ssh_afstoken.txt CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www / advisories|
Return to ssh_afstoken.txt CVS log | Up to [local] / www / advisories |
| File: [local] / www / advisories / ssh_afstoken.txt (download)
Revision 1.1, Thu Apr 25 14:02:01 2002 UTC (22 years, 1 month ago) by markus
updated ssh_afstoken advisory |
OpenSSH Security Advisory (adv.token2)
This is the 2nd revision of the Advisory.
Buffer overflow in OpenSSH's sshd if AFS has been configured on the
system or if KerberosTgtPassing or AFSTokenPassing has been enabled
in the sshd_config file. Ticket and token passing is not enabled
by default.
1. Systems affected:
All Versions of OpenSSH with AFS/Kerberos token passing
compiled in and enabled (either in the system or in
sshd_config) contain a buffer overflow.
Token passing is disabled by default and only available in
protocol version 1.
2. Impact:
Remote users can get privileged access for OpenSSH < 2.9.9
Local users can get privileged access for OpenSSH < 3.2.1
No privileged access is possible for OpenSSH with
UsePrivilegeSeparation enabled.
3. Solution:
Apply the matching patch:
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/openssh-3.1-adv.token.patch
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.1p1-adv.token.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/024_sshafs.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/019_sshafs.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/001_sshafs.patch
4. Credits:
Marcell Fodor <m.fodor@mail.datanet.hu>