Home / vulnerabilities USN-597-1.txt
Posted on 02 April 2008
Source : packetstormsecurity.org Link
===========================================================
Ubuntu Security Notice USN-597-1 April 01, 2008
openssh vulnerability
CVE-2008-1483
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
openssh-client 1:4.2p1-7ubuntu3.3
Ubuntu 6.10:
openssh-client 1:4.3p2-5ubuntu1.2
Ubuntu 7.04:
openssh-client 1:4.3p2-8ubuntu1.2
Ubuntu 7.10:
openssh-client 1:4.6p1-5ubuntu0.2
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Timo Juhani Lindfors discovered that the OpenSSH client, when port
forwarding was requested, would listen on any available address family.
A local attacker could exploit this flaw on systems with IPv6 enabled
to hijack connections, including X11 forwards.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1-7ubuntu3.3.diff.gz
Size/MD5: 171837 216f11e247dfeb681cd75c033cc2fc5c
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1-7ubuntu3.3.dsc
Size/MD5: 1003 3902e4c29bba7ee62b48c9641bd0bc76
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1.orig.tar.gz
Size/MD5: 928420 93295701e6bcd76fabd6a271654ed15c
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.2p1-7ubuntu3.3_all.deb
Size/MD5: 1052 5e47eabdf3306595bef55704b3d80702
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.3_amd64.udeb
Size/MD5: 165878 c18cc9d5cbf4f83e9e7730a43c18dba6
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.3_amd64.deb
Size/MD5: 610832 5479cad40052592557e93b64536a45c6
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.3_amd64.deb
Size/MD5: 236222 4d98f6e82ae9d26e73d12ec2e429dd14
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.3_amd64.deb
Size/MD5: 87126 9e041ad9534dc99cb01aa6261acf071f
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.3_amd64.udeb
Size/MD5: 182086 7b52e535986415799f89b04ea95df8ae
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.3_i386.udeb
Size/MD5: 140116 99bac142d2bfd0d1bdd61ce8a6a917fc
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.3_i386.deb
Size/MD5: 537108 c828718a152abc20cd547c39653ec67b
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.3_i386.deb
Size/MD5: 205484 c495cf9d7d25e95b9d9baa9a873ccfca
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.3_i386.deb
Size/MD5: 86768 a3a6c7aa8840720498b811b5a0b814b5
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.3_i386.udeb
Size/MD5: 151548 c657878eb1b8a91897925914aab0bab8
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.3_powerpc.udeb
Size/MD5: 158552 4aada820956ab80eb424713956347551
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.3_powerpc.deb
Size/MD5: 594088 26dbbb6ff0359f11dfe280f06d9ebaf0
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.3_powerpc.deb
Size/MD5: 226268 8916980ee9d4ef41b77a89ca56f891d9
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.3_powerpc.deb
Size/MD5: 88420 dca6aabe6e164cd90e2b35cffe934a14
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.3_powerpc.udeb
Size/MD5: 165904 e6e6f51d1c67732ed9dbc7fad4669ef0
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.3_sparc.udeb
Size/MD5: 149268 6a92b75179eea1972b082892bd8750de
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.3_sparc.deb
Size/MD5: 543862 be125ef3611c0aa2f2e5ed0f8c36a250
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.3_sparc.deb
Size/MD5: 208864 9f9c4e3b1ec44ccda77a00e674f200be
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.3_sparc.deb
Size/MD5: 86794 1e6fceb45f5732053ab06be561b089b3
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.3_sparc.udeb
Size/MD5: 160702 b5195d1a74c787b35a7517b0c53ba63b
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2-5ubuntu1.2.diff.gz
Size/MD5: 168042 5672e4c18795bbedbe025d80cee170c0
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2-5ubuntu1.2.dsc
Size/MD5: 1008 22075bd89d5030cd40e3eddf56b51958
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2.orig.tar.gz
Size/MD5: 920186 239fc801443acaffd4c1f111948ee69c
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.3p2-5ubuntu1.2_all.deb
Size/MD5: 1100 61ffbef59843a549f742da88c456e309
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-5ubuntu1.2_amd64.udeb
Size/MD5: 171956 12d9cc34858461aec2af702a80455e84
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-5ubuntu1.2_amd64.deb
Size/MD5: 662860 c94742bbd1fc245961c1457c28d4a620
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-5ubuntu1.2_amd64.deb
Size/MD5: 240798 c5710561e171555dc9d51407b91f67c8
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-5ubuntu1.2_amd64.deb
Size/MD5: 100026 88915b91b746ae83ae6446fad2097159
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.3p2-5ubuntu1.2_amd64.udeb
Size/MD5: 183810 bebfe8b9c8c214943ea34f57b4be0e73
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-5ubuntu1.2_i386.udeb
Size/MD5: 155430 ba07c6d05c5b2fcfab23525ab1d2a9e2
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-5ubuntu1.2_i386.deb
Size/MD5: 612374 cec1d2eb7071bd77af0f97bdd1e87127
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-5ubuntu1.2_i386.deb
Size/MD5: 217444 ac4a4ea32498fcfb85555ef7eed06f47
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-5ubuntu1.2_i386.deb
Size/MD5: 99750 c393d03129303dacabe615941a236d70
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.3p2-5ubuntu1.2_i386.udeb
Size/MD5: 162594 c0bfed177f9ada9861e499ebb763d79d
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-5ubuntu1.2_powerpc.udeb
Size/MD5: 169730 224851fea13b7c3710fc8995772f0a45
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-5ubuntu1.2_powerpc.deb
Size/MD5: 651210 181d78aa90afc797f6e6a513c4e9d2b5
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-5ubuntu1.2_powerpc.deb
Size/MD5: 232302 16847acac5b087337bb02cf4d4fd57ef
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-5ubuntu1.2_powerpc.deb
Size/MD5: 101312 c95917858fdc4fe937e6ab63e17973c3
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.3p2-5ubuntu1.2_powerpc.udeb
Size/MD5: 172480 7228dc84886c03652e50a2b84745224b
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-5ubuntu1.2_sparc.udeb
Size/MD5: 160058 0d9ad412a2e50a4f62c950c111419887
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-5ubuntu1.2_sparc.deb
Size/MD5: 599452 ee374a2e26423cc41422b4cea24ebb75
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-5ubuntu1.2_sparc.deb
Size/MD5: 214388 7e470015f5705e7c866692c08364dfa4
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-5ubuntu1.2_sparc.deb
Size/MD5: 99704 7eca83add879793d979af67d9a287425
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.3p2-5ubuntu1.2_sparc.udeb
Size/MD5: 166838 6115b3e0baa6e32b851cbfe8f21b99af
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2-8ubuntu1.2.diff.gz
Size/MD5: 265384 fed3e4874f40b6475edd015b654693ca
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2-8ubuntu1.2.dsc
Size/MD5: 1074 cd1a6520c1dca6eb6f9479d3c6c81cea
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.3p2.orig.tar.gz
Size/MD5: 920186 239fc801443acaffd4c1f111948ee69c
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.3p2-8ubuntu1.2_all.deb
Size/MD5: 1084 c66f25a64619593a467260c38d3113d9
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/ssh-krb5_4.3p2-8ubuntu1.2_all.deb
Size/MD5: 93068 221e4a1b96fc9a5be476f6095c65b35c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-8ubuntu1.2_amd64.udeb
Size/MD5: 172486 111d3628f5c3a7d9b7e1bb04438a4093
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-8ubuntu1.2_amd64.deb
Size/MD5: 691282 7094027a354d92154f4193f67fe88201
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.3p2-8ubuntu1.2_amd64.udeb
Size/MD5: 184488 5beea05c07e0a614dbcbb8ea663853bb
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-8ubuntu1.2_amd64.deb
Size/MD5: 254096 2f8686e2da6b7a55864f809a46c1be02
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-8ubuntu1.2_amd64.deb
Size/MD5: 101438 bf59a63f2fb039d23582db8907b5978f
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-8ubuntu1.2_i386.udeb
Size/MD5: 155802 9e64db938cc7eb701ae541b90c1f76ce
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-8ubuntu1.2_i386.deb
Size/MD5: 654874 770a9632542f4456ce57db9ccefef8dc
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.3p2-8ubuntu1.2_i386.udeb
Size/MD5: 162994 907b641a56f0330eba2099ce3a8fc543
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-8ubuntu1.2_i386.deb
Size/MD5: 236022 e9ae72242b33aef00ea801dd7e8f447b
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-8ubuntu1.2_i386.deb
Size/MD5: 101150 613d2dd5213af02a3bc081234422e795
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-8ubuntu1.2_powerpc.udeb
Size/MD5: 177386 b58f7bc4b63e86c2347c7f69a247d2b2
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-8ubuntu1.2_powerpc.deb
Size/MD5: 712516 47a0be3beb6f0aaa616d4cee568c3a72
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.3p2-8ubuntu1.2_powerpc.udeb
Size/MD5: 180834 447c4a8e80fd7255c2d0c9448fd19d6b
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-8ubuntu1.2_powerpc.deb
Size/MD5: 257010 c1c5731be72a82f93b7ed3215e432d0f
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-8ubuntu1.2_powerpc.deb
Size/MD5: 103906 3133a245c90ab9edc08c425d2d4b4a5e
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.3p2-8ubuntu1.2_sparc.udeb
Size/MD5: 163268 1bbf94e36877e3a36624746c3f895858
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.3p2-8ubuntu1.2_sparc.deb
Size/MD5: 702316 30a773daf182c4d156922fa3e61a0826
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.3p2-8ubuntu1.2_sparc.udeb
Size/MD5: 170356 c8647ecc728d77aaadc29395396e93db
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.3p2-8ubuntu1.2_sparc.deb
Size/MD5: 261142 b1f4e31c6f0882f2973f7e81c47a0385
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.3p2-8ubuntu1.2_sparc.deb
Size/MD5: 101390 a91dc46eb0726f06133717df9d054e80
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.6p1-5ubuntu0.2.diff.gz
Size/MD5: 188249 4a5cfad0640d13b665ecdf7fc2685ee3
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.6p1-5ubuntu0.2.dsc
Size/MD5: 1169 47fc3f0e3cfc6e5ae9f11948fd287165
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.6p1.orig.tar.gz
Size/MD5: 946439 cee58cd226138191561fa2d484e18f49
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.6p1-5ubuntu0.2_all.deb
Size/MD5: 1094 7ebb9c93e0ce5e2abd99e53df6447741
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/ssh-krb5_4.6p1-5ubuntu0.2_all.deb
Size/MD5: 80244 de8bc5959a6a5962d3c9d646bba5c7bb
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.6p1-5ubuntu0.2_amd64.udeb
Size/MD5: 175878 b11a5712beef7547615dcba520d2e323
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.6p1-5ubuntu0.2_amd64.deb
Size/MD5: 696454 a3d8d59c019a494cc821fb1169940674
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.6p1-5ubuntu0.2_amd64.udeb
Size/MD5: 191976 cef956003caa9ae201e49b687afabd75
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.6p1-5ubuntu0.2_amd64.deb
Size/MD5: 266714 2fa98d4f7910ed6eb6e5c01c3d9fdc67
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.6p1-5ubuntu0.2_amd64.deb
Size/MD5: 88382 ec70425a10aa35781175b19422c06ec5
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.6p1-5ubuntu0.2_i386.udeb
Size/MD5: 158194 0cfdf097b212a881220b920273f6c37a
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.6p1-5ubuntu0.2_i386.deb
Size/MD5: 656828 bf563187fbbd6eb6bd08467f522a4749
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.6p1-5ubuntu0.2_i386.udeb
Size/MD5: 169028 d44cd4a31b1a8e879e2a44220847a246
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.6p1-5ubuntu0.2_i386.deb
Size/MD5: 247578 e91b2014ac012f6276746390ee68b584
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.6p1-5ubuntu0.2_i386.deb
Size/MD5: 88032 95ad2c683cf079ebf1e2207bef66a876
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.6p1-5ubuntu0.2_powerpc.udeb
Size/MD5: 180234 5e3cd63862b4659de83de44299d1e153
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.6p1-5ubuntu0.2_powerpc.deb
Size/MD5: 717230 14e30fed3d0dade9bd851df3b125cf0e
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.6p1-5ubuntu0.2_powerpc.udeb
Size/MD5: 187310 f23b8a5fa0b602f21ec230c8ebc442a7
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.6p1-5ubuntu0.2_powerpc.deb
Size/MD5: 269624 3d2cd008a087d3deecb7d65e54517f01
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.6p1-5ubuntu0.2_powerpc.deb
Size/MD5: 90756 43aa8a4cd34884f24e5c412d581e87cb
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.6p1-5ubuntu0.2_sparc.udeb
Size/MD5: 166152 4bb1de1ee32945c51f492e95aa47b350
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.6p1-5ubuntu0.2_sparc.deb
Size/MD5: 707646 a97dd22b1a8181239b4483689f876430
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server-udeb_4.6p1-5ubuntu0.2_sparc.udeb
Size/MD5: 176762 0eff3109cf41ece689470902599e8e4a
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.6p1-5ubuntu0.2_sparc.deb
Size/MD5: 274528 978fecd7269599ea851d972ef3b3d6a6
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.6p1-5ubuntu0.2_sparc.deb
Size/MD5: 88352 b60a65f9604f90c7618ebd1a565ae5e2