Home / vulnerabilitiesPDF  

USN-566-1.txt

Posted on 10 January 2008
Source : packetstormsecurity.org Link

 

===========================================================
Ubuntu Security Notice USN-566-1 January 09, 2008
openssh vulnerability
CVE-2007-4752
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
openssh-client 1:4.2p1-7ubuntu3.2

Ubuntu 6.10:
openssh-client 1:4.3p2-5ubuntu1.1

Ubuntu 7.04:
openssh-client 1:4.3p2-8ubuntu1.1

Ubuntu 7.10:
openssh-client 1:4.6p1-5ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Jan Pechanec discovered that ssh would forward trusted X11 cookies when
untrusted cookie generation failed. This could lead to unintended privileges
being forwarded to a remote host.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1-7ubuntu3.2.diff.gz
Size/MD5: 171681 14f6b5da9f73a4e256fcd316994057d0
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1-7ubuntu3.2.dsc
Size/MD5: 1003 bce70ff72d54dbd8f86b635c78d67478
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1.orig.tar.gz
Size/MD5: 928420 93295701e6bcd76fabd6a271654ed15c

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.2p1-7ubuntu3.2_all.deb
Size/MD5: 1052 1ab5545e78502458610141793bb0b014

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.2_amd64.udeb
Size/MD5: 165868 fa46d07fce9bbe752dcbdf59df0c9390
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.2_amd64.deb
Size/MD5: 610818 38ec7a171bb438304136c8a2a7bdcdc3
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.2_amd64.deb
Size/MD5: 236216 94c50d4e1df16ab4c4f7004f9d881373
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.2_amd64.deb
Size/MD5: 87020 f93a0992414c66216c28da47f2e74e60
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.2_amd64.udeb
Size/MD5: 182050 82b5a1cde86dc167a8edd40a047be063

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.2_i386.udeb
Size/MD5: 140124 cb302b24cdb4c44c78ec742c27daf727
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.2_i386.deb
Size/MD5: 536982 94b5757b8c264c362ff3f8ad06b9a4f7
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.2_i386.deb
Size/MD5: 205486 c9bc37de1707f1ab7f68a501f273405b
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.2_i386.deb
Size/MD5: 86652 1b64f659acc69b58925ccc8d9419db41
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.2_i386.udeb
Size/MD5: 151552 33dda25a3ab6e1d25d7df1aba0db3192

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.2_powerpc.udeb
Size/MD5: 158556 af98ece9e645d5e3eb1526ba15f507a8
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.2_powerpc.deb
Size/MD5: 593834 50789b500b8d6c8c6cc32755ca7b50be
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.2_powerpc.deb
Size/MD5: 226280 14f705f18879a098da14ab993e97e911
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.2_powerpc.deb
Size/MD5: 88306 74be31b97ea0e3703bb4689595d5cedf
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.2_powerpc.udeb
Size/MD5: 165946 9cbace722542d8830bd9eabd55996e5d

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.2_sparc.udeb
Size/MD5: 149250 6085939fb512a09e7bb3b7a40da00521
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.2_sparc.deb
Size/MD5: 543752 519d42bef1f63ab34e6a32a8cf24e6df
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.2_sparc.deb
Size/MD5: 208862 cd2f9975a3b5721a8c97dd9b05a7c8a3
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.2_sparc.deb
Size/MD5: 86670 eb785485fa84d7c03187c1d46b6e9424
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.2_sparc.udeb
Size/MD5: 160666 537808f3e9019adeb740e0ef57ce98e7

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2-5ubuntu1.1.diff.gz
Size/MD5: 167857 d9e68da421f0f3260094e60b9c4d2834
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2-5ubuntu1.1.dsc
Size/MD5: 1008 7f2085328ec28bf55803fd8239b6d3c1
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2.orig.tar.gz
Size/MD5: 920186 239fc801443acaffd4c1f111948ee69c

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.3p2-5ubuntu1.1_all.deb
Size/MD5: 1108 f64ce86a8e1c785d418c26ae73612928

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-5ubuntu1.1_amd64.udeb
Size/MD5: 171950 801b62d343559fc95e0801a0bd58d1ba
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-5ubuntu1.1_amd64.deb
Size/MD5: 662800 159c39418537424f00ecff0b17234958
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-5ubuntu1.1_amd64.deb
Size/MD5: 240784 4a6e48c394dbf3e3c55ed314df9c4626
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-5ubuntu1.1_amd64.deb
Size/MD5: 99908 dc2638f377bdf36abdb9f5d694f6184e
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.3p2-5ubuntu1.1_amd64.udeb
Size/MD5: 183800 bd2d096b27c81cc2684d570aecc2b373

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-5ubuntu1.1_i386.udeb
Size/MD5: 155452 a7f17e87f8239590c322c032b6fd2811
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-5ubuntu1.1_i386.deb
Size/MD5: 612304 6e19b5bcc87d847c890ba695ef314b8b
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-5ubuntu1.1_i386.deb
Size/MD5: 217456 b17e8072e3d877578cab69a1e7feeb89
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-5ubuntu1.1_i386.deb
Size/MD5: 99630 8458d10cb8c1a37ce80d522171d8a189
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.3p2-5ubuntu1.1_i386.udeb
Size/MD5: 162612 a47812070e8a28d43f20152ac568d7ee

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-5ubuntu1.1_powerpc.udeb
Size/MD5: 169740 93e4f1bdf7c807e325a5f1119d06fe0b
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-5ubuntu1.1_powerpc.deb
Size/MD5: 651118 d7089043bb3bcd8dcd2e0de2c749fbb7
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-5ubuntu1.1_powerpc.deb
Size/MD5: 232278 1eabc6d30db561c5466a9c0f6555890c
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-5ubuntu1.1_powerpc.deb
Size/MD5: 101192 9e7fb7632ca7c21d3e8c3aeacbd90799
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.3p2-5ubuntu1.1_powerpc.udeb
Size/MD5: 172536 ecbefff8112433428d925c11e4b4169f

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-5ubuntu1.1_sparc.udeb
Size/MD5: 160072 ac01574cc4d6e0f4bfcd51843e247817
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-5ubuntu1.1_sparc.deb
Size/MD5: 599408 eba2975d304002295c9a6ec165396b88
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-5ubuntu1.1_sparc.deb
Size/MD5: 214408 242fe4117afde4fe64292ee6d6698e92
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-5ubuntu1.1_sparc.deb
Size/MD5: 99588 b3588db55582792d17da3d077f692fba
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.3p2-5ubuntu1.1_sparc.udeb
Size/MD5: 166842 0a8ffe02d8b95e0909413fab599292fa

Updated packages for Ubuntu 7.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2-8ubuntu1.1.diff.gz
Size/MD5: 265222 a561d015d53bac666abd33e5b52f3c1f
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2-8ubuntu1.1.dsc
Size/MD5: 1074 0bec7f516f54455dd04e59463282aa8e
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2.orig.tar.gz
Size/MD5: 920186 239fc801443acaffd4c1f111948ee69c

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.3p2-8ubuntu1.1_all.deb
Size/MD5: 1088 6c4f3770bf09774db0113dd307c85d04
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/ssh-krb5_4.3p2-8ubuntu1.1_all.deb
Size/MD5: 92944 85e114c75599cd59085f7496c0f8981b

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-8ubuntu1.1_amd64.udeb
Size/MD5: 172512 bf39f77a75f037fd276ce3e6dc10d8ab
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-8ubuntu1.1_amd64.deb
Size/MD5: 691188 00df8ae792962e7fcdfb9f4964114322
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.3p2-8ubuntu1.1_amd64.udeb
Size/MD5: 184482 f522250900948a4823d4850174fe374a
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-8ubuntu1.1_amd64.deb
Size/MD5: 254094 34b4fe7791e7cbd57d00c687b64e5674
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-8ubuntu1.1_amd64.deb
Size/MD5: 101328 1ae27812cb035fe51dcb992db5a2c750

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-8ubuntu1.1_i386.udeb
Size/MD5: 155796 ea114d015bb9cc5bdec44f3ea4841d2a
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-8ubuntu1.1_i386.deb
Size/MD5: 654808 f8ce9973955f74183d51bdf90bb5b8f8
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.3p2-8ubuntu1.1_i386.udeb
Size/MD5: 163014 ed25beac118bb809a3ab756f4ecb9794
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-8ubuntu1.1_i386.deb
Size/MD5: 236028 f69c3356f1cabb6cb196e8e399216e80
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-8ubuntu1.1_i386.deb
Size/MD5: 101042 223c594f75b349795cd51b573df23f45

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-8ubuntu1.1_powerpc.udeb
Size/MD5: 177398 a32566329c159f5590934be3f3040a63
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-8ubuntu1.1_powerpc.deb
Size/MD5: 712502 d720497bb2ef4bda88b467959f268005
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.3p2-8ubuntu1.1_powerpc.udeb
Size/MD5: 180814 a0afc10513e7aa1210c3d41d9c8a42f3
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-8ubuntu1.1_powerpc.deb
Size/MD5: 256976 6a81e584a5eca081c29cefe35b130597
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-8ubuntu1.1_powerpc.deb
Size/MD5: 103732 69355724a81ec5ea9021336b5fe9e07c

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-8ubuntu1.1_sparc.udeb
Size/MD5: 163244 d73a336c58ab9e3a5cdce15f36fb90c5
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-8ubuntu1.1_sparc.deb
Size/MD5: 702320 00c39e378fd46e8e427676870f216ff5
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.3p2-8ubuntu1.1_sparc.udeb
Size/MD5: 170374 79d7d93a480f419f34763807341663d8
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-8ubuntu1.1_sparc.deb
Size/MD5: 261180 2ea4900de18f669be202d62d556e265d
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-8ubuntu1.1_sparc.deb
Size/MD5: 101282 329801fc72f1aeeda51a2b5a4c392961

Updated packages for Ubuntu 7.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.6p1-5ubuntu0.1.diff.gz
Size/MD5: 188056 e87505d2adc6eec749c628447226de18
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.6p1-5ubuntu0.1.dsc
Size/MD5: 1169 a7c099a121256fbcf7ae78ba7a7797ae
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.6p1.orig.tar.gz
Size/MD5: 946439 cee58cd226138191561fa2d484e18f49

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.6p1-5ubuntu0.1_all.deb
Size/MD5: 1098 a57b417d9207663cd71ed92bf37a48f5
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/ssh-krb5_4.6p1-5ubuntu0.1_all.deb
Size/MD5: 80130 3d80a9efa4865ce6bbaea4ff621909ba

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.6p1-5ubuntu0.1_amd64.udeb
Size/MD5: 175794 8837ac43a72627a988000a610701ba1a
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.6p1-5ubuntu0.1_amd64.deb
Size/MD5: 696060 9cb74b65d2da68ebbc24aabc1cbf402c
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.6p1-5ubuntu0.1_amd64.udeb
Size/MD5: 191914 c2582fef7e5ed552bc46bbd15c915600
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.6p1-5ubuntu0.1_amd64.deb
Size/MD5: 266644 bdccfb352eb0310d68f30985b0ca9065
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.6p1-5ubuntu0.1_amd64.deb
Size/MD5: 88238 4bf02a6dcf3e13b8b2156295dc369fed

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.6p1-5ubuntu0.1_i386.udeb
Size/MD5: 158100 4c1c7346697d6ed3b34761ab48b9c108
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.6p1-5ubuntu0.1_i386.deb
Size/MD5: 656418 336648e38ea4801df4e00c9f0b5b617b
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.6p1-5ubuntu0.1_i386.udeb
Size/MD5: 168976 c3519796b519cb6c77dfa73c63869af2
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.6p1-5ubuntu0.1_i386.deb
Size/MD5: 247478 ef17f2733cc0cce2a029a7fd20efc646
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.6p1-5ubuntu0.1_i386.deb
Size/MD5: 87884 cdd111d7fb772f11911aeb42123de183

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.6p1-5ubuntu0.1_powerpc.udeb
Size/MD5: 180182 0be10cde2daf064eb97280869d5442b0
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.6p1-5ubuntu0.1_powerpc.deb
Size/MD5: 716850 41052f53a105537c67dfecaf4a4ffe67
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.6p1-5ubuntu0.1_powerpc.udeb
Size/MD5: 187274 761a50b0dff026d1242b5a4a9b56b041
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.6p1-5ubuntu0.1_powerpc.deb
Size/MD5: 269560 3588db0fbc60fd88bc405d9fd0850d52
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.6p1-5ubuntu0.1_powerpc.deb
Size/MD5: 90618 84eb8f4a8807116dede79bef23b57908

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.6p1-5ubuntu0.1_sparc.udeb
Size/MD5: 166096 a6716d0be9f274e7d34c6ffb307a03bf
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.6p1-5ubuntu0.1_sparc.deb
Size/MD5: 707386 08df83d8258a49f5e836de2564becc26
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.6p1-5ubuntu0.1_sparc.udeb
Size/MD5: 176716 d35c1e968250eca2d3257439fd3b624e
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.6p1-5ubuntu0.1_sparc.deb
Size/MD5: 274466 e3df04fe90a3aba73f47cea95b98f0e0
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.6p1-5ubuntu0.1_sparc.deb
Size/MD5: 88218 ae3f401b37945d5c0ee04d14dd4388b4

 

TOP