Skip to navigation

Security Advisory openssh security update

Advisory: RHSA-2005:527-16
Type: Security Advisory
Severity: Moderate
Issued on: 2005-10-05
Last updated on: 2005-10-05
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-2798
CVE-2008-1483

Details

Updated openssh packages that fix a security issue, bugs, and add support
for recording login user IDs for audit are now available for Red Hat
Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation.

An error in the way OpenSSH handled GSSAPI credential delegation was
discovered. OpenSSH as distributed with Red Hat Enterprise Linux 4 contains
support for GSSAPI user authentication, typically used for supporting
Kerberos. On OpenSSH installations which have GSSAPI enabled, this flaw
could allow a user who sucessfully authenticates using a method other than
GSSAPI to be delegated with GSSAPI credentials. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2798
to this issue.

Additionally, the following bugs have been addressed:

The ssh command incorrectly failed when it was issued by the root user with
a non-default group set.

The sshd daemon could fail to properly close the client connection if
multiple X clients were forwarded over the connection and the client
session exited.

The sshd daemon could bind only on the IPv6 address family for X forwarding
if the port on IPv4 address family was already bound. The X forwarding did
not work in such cases.

This update also adds support for recording login user IDs for the auditing
service. The user ID is attached to the audit records generated from the
user's session.

All users of openssh should upgrade to these updated packages, which
contain backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
openssh-3.9p1-8.RHEL4.9.src.rpm
File outdated by:  RHEA-2010:0511
    MD5: 2cbb0102ce3dc2c36c328819f8522bbc
 
IA-32:
openssh-3.9p1-8.RHEL4.9.i386.rpm
File outdated by:  RHEA-2010:0511
    MD5: 4a5add7335d6b6bcf9a202e45e782eee
openssh-askpass-3.9p1-8.RHEL4.9.i386.rpm
File outdated by:  RHEA-2010:0511
    MD5: 77cc6d8b6be9c613f80cd7d52c9f91e3
openssh-askpass-gnome-3.9p1-8.RHEL4.9.i386.rpm
File outdated by:  RHEA-2010:0511
    MD5: 76c9ac8255dbc25184887dd93cfdb047
openssh-clients-3.9p1-8.RHEL4.9.i386.rpm
File outdated by:  RHEA-2010:0511
    MD5: 45350fbd7c5356467ebfc2e2a7bfc55a
openssh-server-3.9p1-8.RHEL4.9.i386.rpm
File outdated by:  RHEA-2010:0511
    MD5: 32e69cc88f09f6785badd3b82fdccb31
 
x86_64:
openssh-3.9p1-8.RHEL4.9.x86_64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 8e2c46e097fff0172553d821e6810f91
openssh-askpass-3.9p1-8.RHEL4.9.x86_64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 14a78c2264965373c6c56d63f73f60e5
openssh-askpass-gnome-3.9p1-8.RHEL4.9.x86_64.rpm
File outdated by:  RHEA-2010:0511
    MD5: b799e4ed3d8d6aaf3439e06c5ee29b21
openssh-clients-3.9p1-8.RHEL4.9.x86_64.rpm
File outdated by:  RHEA-2010:0511
    MD5: e15d265ea0f955724b27cb15f2230f4f
openssh-server-3.9p1-8.RHEL4.9.x86_64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 56bab36b63f94a4adcaa79ef026df03e
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
openssh-3.9p1-8.RHEL4.9.src.rpm
File outdated by:  RHEA-2010:0511
    MD5: 2cbb0102ce3dc2c36c328819f8522bbc
 
IA-32:
openssh-3.9p1-8.RHEL4.9.i386.rpm
File outdated by:  RHEA-2010:0511
    MD5: 4a5add7335d6b6bcf9a202e45e782eee
openssh-askpass-3.9p1-8.RHEL4.9.i386.rpm
File outdated by:  RHEA-2010:0511
    MD5: 77cc6d8b6be9c613f80cd7d52c9f91e3
openssh-askpass-gnome-3.9p1-8.RHEL4.9.i386.rpm
File outdated by:  RHEA-2010:0511
    MD5: 76c9ac8255dbc25184887dd93cfdb047
openssh-clients-3.9p1-8.RHEL4.9.i386.rpm
File outdated by:  RHEA-2010:0511
    MD5: 45350fbd7c5356467ebfc2e2a7bfc55a
openssh-server-3.9p1-8.RHEL4.9.i386.rpm
File outdated by:  RHEA-2010:0511
    MD5: 32e69cc88f09f6785badd3b82fdccb31
 
IA-64:
openssh-3.9p1-8.RHEL4.9.ia64.rpm
File outdated by:  RHEA-2010:0511
    MD5: f27d73d28c920358dcb434c3ed8489cf
openssh-askpass-3.9p1-8.RHEL4.9.ia64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 512632b31d333408cf2e05a3e567e16a
openssh-askpass-gnome-3.9p1-8.RHEL4.9.ia64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 6771aafbd50b0ead67418404cbd63711
openssh-clients-3.9p1-8.RHEL4.9.ia64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 0355970673f296c38ee961549665b64d
openssh-server-3.9p1-8.RHEL4.9.ia64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 40fa71b924423c63af6215255cc21198
 
PPC:
openssh-3.9p1-8.RHEL4.9.ppc.rpm
File outdated by:  RHEA-2010:0511
    MD5: e97bdb7f35c89a540f9c3204064c4b7e
openssh-askpass-3.9p1-8.RHEL4.9.ppc.rpm
File outdated by:  RHEA-2010:0511
    MD5: 93dbfdb6052e0e4532d183b2dab9cb95
openssh-askpass-gnome-3.9p1-8.RHEL4.9.ppc.rpm
File outdated by:  RHEA-2010:0511
    MD5: 9e8e056a8677d7bdd45479be6c12f47d
openssh-clients-3.9p1-8.RHEL4.9.ppc.rpm
File outdated by:  RHEA-2010:0511
    MD5: 3af1774ffe5f61d7d0f89a1e0093bcff
openssh-server-3.9p1-8.RHEL4.9.ppc.rpm
File outdated by:  RHEA-2010:0511
    MD5: 3ec577e0d009372ed16343f8d7ddef4d
 
s390:
openssh-3.9p1-8.RHEL4.9.s390.rpm
File outdated by:  RHEA-2010:0511
    MD5: dc7368330098bd6b02babcf62ae31773
openssh-askpass-3.9p1-8.RHEL4.9.s390.rpm
File outdated by:  RHEA-2010:0511
    MD5: bbe31ee642601ed16e64aebca844adf3
openssh-askpass-gnome-3.9p1-8.RHEL4.9.s390.rpm
File outdated by:  RHEA-2010:0511
    MD5: b45278314ff79575284af2a0ddf09f8f
openssh-clients-3.9p1-8.RHEL4.9.s390.rpm
File outdated by:  RHEA-2010:0511
    MD5: eb0871dc10d5eb1541f2bd240b86d1bb
openssh-server-3.9p1-8.RHEL4.9.s390.rpm
File outdated by:  RHEA-2010:0511
    MD5: fa1669804538da84a5b312d237eb65bc
 
s390x:
openssh-3.9p1-8.RHEL4.9.s390x.rpm
File outdated by:  RHEA-2010:0511
    MD5: a26f854317e26af188704d5df98b302b
openssh-askpass-3.9p1-8.RHEL4.9.s390x.rpm
File outdated by:  RHEA-2010:0511
    MD5: 7386e0e001ec6534c5666316f6ac1aa6
openssh-askpass-gnome-3.9p1-8.RHEL4.9.s390x.rpm
File outdated by:  RHEA-2010:0511
    MD5: 26e80a25582afc8665b853b9fd844907
openssh-clients-3.9p1-8.RHEL4.9.s390x.rpm
File outdated by:  RHEA-2010:0511
    MD5: 65a0209831ac79f162f75e491ec7696a
openssh-server-3.9p1-8.RHEL4.9.s390x.rpm
File outdated by:  RHEA-2010:0511
    MD5: 2856776521344601307cdcbb9e6af2e6
 
x86_64:
openssh-3.9p1-8.RHEL4.9.x86_64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 8e2c46e097fff0172553d821e6810f91
openssh-askpass-3.9p1-8.RHEL4.9.x86_64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 14a78c2264965373c6c56d63f73f60e5
openssh-askpass-gnome-3.9p1-8.RHEL4.9.x86_64.rpm
File outdated by:  RHEA-2010:0511
    MD5: b799e4ed3d8d6aaf3439e06c5ee29b21
openssh-clients-3.9p1-8.RHEL4.9.x86_64.rpm
File outdated by:  RHEA-2010:0511
    MD5: e15d265ea0f955724b27cb15f2230f4f
openssh-server-3.9p1-8.RHEL4.9.x86_64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 56bab36b63f94a4adcaa79ef026df03e
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
openssh-3.9p1-8.RHEL4.9.src.rpm
File outdated by:  RHEA-2010:0511
    MD5: 2cbb0102ce3dc2c36c328819f8522bbc
 
IA-32:
openssh-3.9p1-8.RHEL4.9.i386.rpm
File outdated by:  RHEA-2010:0511
    MD5: 4a5add7335d6b6bcf9a202e45e782eee
openssh-askpass-3.9p1-8.RHEL4.9.i386.rpm
File outdated by:  RHEA-2010:0511
    MD5: 77cc6d8b6be9c613f80cd7d52c9f91e3
openssh-askpass-gnome-3.9p1-8.RHEL4.9.i386.rpm
File outdated by:  RHEA-2010:0511
    MD5: 76c9ac8255dbc25184887dd93cfdb047
openssh-clients-3.9p1-8.RHEL4.9.i386.rpm
File outdated by:  RHEA-2010:0511
    MD5: 45350fbd7c5356467ebfc2e2a7bfc55a
openssh-server-3.9p1-8.RHEL4.9.i386.rpm
File outdated by:  RHEA-2010:0511
    MD5: 32e69cc88f09f6785badd3b82fdccb31
 
IA-64:
openssh-3.9p1-8.RHEL4.9.ia64.rpm
File outdated by:  RHEA-2010:0511
    MD5: f27d73d28c920358dcb434c3ed8489cf
openssh-askpass-3.9p1-8.RHEL4.9.ia64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 512632b31d333408cf2e05a3e567e16a
openssh-askpass-gnome-3.9p1-8.RHEL4.9.ia64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 6771aafbd50b0ead67418404cbd63711
openssh-clients-3.9p1-8.RHEL4.9.ia64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 0355970673f296c38ee961549665b64d
openssh-server-3.9p1-8.RHEL4.9.ia64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 40fa71b924423c63af6215255cc21198
 
x86_64:
openssh-3.9p1-8.RHEL4.9.x86_64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 8e2c46e097fff0172553d821e6810f91
openssh-askpass-3.9p1-8.RHEL4.9.x86_64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 14a78c2264965373c6c56d63f73f60e5
openssh-askpass-gnome-3.9p1-8.RHEL4.9.x86_64.rpm
File outdated by:  RHEA-2010:0511
    MD5: b799e4ed3d8d6aaf3439e06c5ee29b21
openssh-clients-3.9p1-8.RHEL4.9.x86_64.rpm
File outdated by:  RHEA-2010:0511
    MD5: e15d265ea0f955724b27cb15f2230f4f
openssh-server-3.9p1-8.RHEL4.9.x86_64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 56bab36b63f94a4adcaa79ef026df03e
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
openssh-3.9p1-8.RHEL4.9.src.rpm
File outdated by:  RHEA-2010:0511
    MD5: 2cbb0102ce3dc2c36c328819f8522bbc
 
IA-32:
openssh-3.9p1-8.RHEL4.9.i386.rpm
File outdated by:  RHEA-2010:0511
    MD5: 4a5add7335d6b6bcf9a202e45e782eee
openssh-askpass-3.9p1-8.RHEL4.9.i386.rpm
File outdated by:  RHEA-2010:0511
    MD5: 77cc6d8b6be9c613f80cd7d52c9f91e3
openssh-askpass-gnome-3.9p1-8.RHEL4.9.i386.rpm
File outdated by:  RHEA-2010:0511
    MD5: 76c9ac8255dbc25184887dd93cfdb047
openssh-clients-3.9p1-8.RHEL4.9.i386.rpm
File outdated by:  RHEA-2010:0511
    MD5: 45350fbd7c5356467ebfc2e2a7bfc55a
openssh-server-3.9p1-8.RHEL4.9.i386.rpm
File outdated by:  RHEA-2010:0511
    MD5: 32e69cc88f09f6785badd3b82fdccb31
 
IA-64:
openssh-3.9p1-8.RHEL4.9.ia64.rpm
File outdated by:  RHEA-2010:0511
    MD5: f27d73d28c920358dcb434c3ed8489cf
openssh-askpass-3.9p1-8.RHEL4.9.ia64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 512632b31d333408cf2e05a3e567e16a
openssh-askpass-gnome-3.9p1-8.RHEL4.9.ia64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 6771aafbd50b0ead67418404cbd63711
openssh-clients-3.9p1-8.RHEL4.9.ia64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 0355970673f296c38ee961549665b64d
openssh-server-3.9p1-8.RHEL4.9.ia64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 40fa71b924423c63af6215255cc21198
 
x86_64:
openssh-3.9p1-8.RHEL4.9.x86_64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 8e2c46e097fff0172553d821e6810f91
openssh-askpass-3.9p1-8.RHEL4.9.x86_64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 14a78c2264965373c6c56d63f73f60e5
openssh-askpass-gnome-3.9p1-8.RHEL4.9.x86_64.rpm
File outdated by:  RHEA-2010:0511
    MD5: b799e4ed3d8d6aaf3439e06c5ee29b21
openssh-clients-3.9p1-8.RHEL4.9.x86_64.rpm
File outdated by:  RHEA-2010:0511
    MD5: e15d265ea0f955724b27cb15f2230f4f
openssh-server-3.9p1-8.RHEL4.9.x86_64.rpm
File outdated by:  RHEA-2010:0511
    MD5: 56bab36b63f94a4adcaa79ef026df03e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

159331 - sshd update for new audit system
167444 - CAN-2005-2798 Improper GSSAPI credential delegation


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/