Info

Disclosure

Sep 01, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

OpenSSH contains a flaw that may allow a remote user to gain elevated privileges. The issue occurs when GSSAPIDelegateCredentials is enabled and may delegate GSSAPI credentials to arbitrary users that authenticate using non-GSSAPI methods.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 4.2p1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

OpenSSH

OpenSSH Portable

4.1p1

References

Security Tracker: 1014845
Secunia Advisory ID: 16686 16729 16789 17077 17245 18010 18406 18507 18661 18717
Related OSVDB ID: 19142
CVE ID: 2005-2798 (see also: NVD)
Vendor Specific Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html
http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-033.htm
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00589050
Mail List Post: http://archives.neohapsis.com/archives/apps/freshmeat/2005-09/0001.html
Vendor URL: http://openssh.com/
Other Advisory URL: http://www.ubuntu.com/usn/usn-209-1
RedHat RHSA: RHSA-2005:527

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218