[USN-355-1] openssh vulnerabilities

To: ubuntu-security-announce@xxxxxxxxxxxxxxxx
Subject: [USN-355-1] openssh vulnerabilities
From: Martin Pitt <martin.pitt@xxxxxxxxxxxxx>
Date: Mon, 2 Oct 2006 15:40:49 +0200
Cc: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mutt/1.5.12-2006-07-14
=========================================================== 
Ubuntu Security Notice USN-355-1           October 02, 2006
openssh vulnerabilities
CVE-2006-4924, CVE-2006-5051
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  openssh-server                           1:3.9p1-1ubuntu2.3

Ubuntu 5.10:
  openssh-server                           1:4.1p1-7ubuntu4.2

Ubuntu 6.06 LTS:
  openssh-server                           1:4.2p1-7ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Tavis Ormandy discovered that the SSH daemon did not properly handle
authentication packets with duplicated blocks. By sending specially
crafted packets, a remote attacker could exploit this to cause the ssh
daemon to drain all available CPU resources until the login grace time
expired. (CVE-2006-4924)

Mark Dowd discovered a race condition in the server's signal handling.
A remote attacker could exploit this to crash the server.
(CVE-2006-5051)


Updated packages for Ubuntu 5.04:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_3.9p1-1ubuntu2.3.diff.gz
      Size/MD5:   143243 ee5b491cf023e53b4991fe319da669aa
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_3.9p1-1ubuntu2.3.dsc
      Size/MD5:      866 237dcc91dde3201ba0bc5b9372654708
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_3.9p1.orig.tar.gz
      Size/MD5:   832804 530b1dcbfe7a4a4ce4959c0775b85a5a

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_3.9p1-1ubuntu2.3_all.deb
      Size/MD5:    31312 a25012353606283dbae09b56dc60f1bb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_3.9p1-1ubuntu2.3_amd64.udeb
      Size/MD5:   166846 b0507203d786efa365cef305acc0b790
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_3.9p1-1ubuntu2.3_amd64.deb
      Size/MD5:   544562 4464ce148432194666a3fd7fae5b884f
    
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_3.9p1-1ubuntu2.3_amd64.udeb
      Size/MD5:   179290 2774b437173889390312fab14a0d9edf
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_3.9p1-1ubuntu2.3_amd64.deb
      Size/MD5:   279624 deb54b320447ab79b8d8fb351c04960d
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_3.9p1-1ubuntu2.3_amd64.deb
      Size/MD5:    62924 083fd0c899ed8c0c088f6f659d2fd017

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_3.9p1-1ubuntu2.3_i386.udeb
      Size/MD5:   139452 31deaca18b94b27d52c1870d86810db4
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_3.9p1-1ubuntu2.3_i386.deb
      Size/MD5:   492810 8df816ca89945adc93e80d49f53aebe6
    
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_3.9p1-1ubuntu2.3_i386.udeb
      Size/MD5:   149160 632d59e71b6a3f5aab50e4cfd3842442
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_3.9p1-1ubuntu2.3_i386.deb
      Size/MD5:   256218 5f9791afb335d57cd1a830c1e886ee08
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_3.9p1-1ubuntu2.3_i386.deb
      Size/MD5:    62512 9f21ce3a1134980ec47c1e99cf62ff61

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_3.9p1-1ubuntu2.3_powerpc.udeb
      Size/MD5:   159886 447da8535b3b4c0b85fefd44e01f4c4d
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_3.9p1-1ubuntu2.3_powerpc.deb
      Size/MD5:   541254 8d16c7e18fef84ab8f6a435c8c988b93
    
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_3.9p1-1ubuntu2.3_powerpc.udeb
      Size/MD5:   163428 e0ca6e79f907c35e2c32e515b8e808dd
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_3.9p1-1ubuntu2.3_powerpc.deb
      Size/MD5:   273640 c8e00fcbe413ac902ccc4dca508572f2
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_3.9p1-1ubuntu2.3_powerpc.deb
      Size/MD5:    64092 a88a46209fac664959c35b36fb93066e

Updated packages for Ubuntu 5.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.1p1-7ubuntu4.2.diff.gz
      Size/MD5:   158624 fc0f2620cc3fc07ad4ea050b675e5f1b
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.1p1-7ubuntu4.2.dsc
      Size/MD5:      971 cd61da4d0742c684aaf90b8390252818
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.1p1.orig.tar.gz
      Size/MD5:   909689 3709109adf0b82176668b3d3478dd033

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.1p1-7ubuntu4.2_all.deb
      Size/MD5:     1050 d520acb54639c9b900b973c08e1a5fe8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.1p1-7ubuntu4.2_amd64.udeb
      Size/MD5:   162614 0e4e07c663d0f33f3fd73a0b6c2e433a
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.1p1-7ubuntu4.2_amd64.deb
      Size/MD5:   584852 bb1ac6382aa349a7bea3cccf0948117e
    
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.1p1-7ubuntu4.2_amd64.udeb
      Size/MD5:   179490 a1bccf78a412d6799d25f0ca73ab4623
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.1p1-7ubuntu4.2_amd64.deb
      Size/MD5:   223914 ec3d782f9c3b88c97cea3b928e458fea
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.1p1-7ubuntu4.2_amd64.deb
      Size/MD5:    78228 02951ff37cc638222a067c77b808523d

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.1p1-7ubuntu4.2_i386.udeb
      Size/MD5:   138272 3a49a90c6f6f9f52c775aeecb05caf76
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.1p1-7ubuntu4.2_i386.deb
      Size/MD5:   515080 0100950f90ddd99704be28b2c9ff8478
    
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.1p1-7ubuntu4.2_i386.udeb
      Size/MD5:   149782 c89f7310123da769a7eec86d6ba72a6a
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.1p1-7ubuntu4.2_i386.deb
      Size/MD5:   195292 7cf57e81b03dce633eb56bdc44655c89
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.1p1-7ubuntu4.2_i386.deb
      Size/MD5:    77944 15d8e58dd24c85d380432bc3b7a633c7

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.1p1-7ubuntu4.2_powerpc.udeb
      Size/MD5:   155858 f4f64f9b3de12bfc043661e8e31d090c
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.1p1-7ubuntu4.2_powerpc.deb
      Size/MD5:   569144 baabd24742192f1df2ceb5220d540937
    
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.1p1-7ubuntu4.2_powerpc.udeb
      Size/MD5:   163322 42064b77c600c04ba5441876830a772d
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.1p1-7ubuntu4.2_powerpc.deb
      Size/MD5:   215386 c4360aa642d117f539ff2d1082ae705b
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.1p1-7ubuntu4.2_powerpc.deb
      Size/MD5:    79512 e25ff733bd60854f7a42cfa0c636eb7d

  sparc architecture (Sun SPARC/UltraSPARC)

    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.1p1-7ubuntu4.2_sparc.udeb
      Size/MD5:   147902 13d070c8101686ef53e062c136d609be
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.1p1-7ubuntu4.2_sparc.deb
      Size/MD5:   524974 c67b3c3cd75b37b9e10d03033e657c7c
    
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.1p1-7ubuntu4.2_sparc.udeb
      Size/MD5:   158836 a425ab0c6cbc9ae5dd09a4880a36e374
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.1p1-7ubuntu4.2_sparc.deb
      Size/MD5:   199192 85892b06e6780bba357d9c68ff36e0fd
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.1p1-7ubuntu4.2_sparc.deb
      Size/MD5:    77982 ab47361323b0a7686fe4fad3639df44d

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1-7ubuntu3.1.diff.gz
      Size/MD5:   171326 3d966ce050b176961a34c8f14148ef18
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1-7ubuntu3.1.dsc
      Size/MD5:     1005 acf698bd9a5e848b80343a49b3ab5f5b
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_4.2p1.orig.tar.gz
      Size/MD5:   928420 93295701e6bcd76fabd6a271654ed15c

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh_4.2p1-7ubuntu3.1_all.deb
      Size/MD5:     1056 ff5c9e1bc32aac160738d603fb3c9015

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.1_amd64.udeb
      Size/MD5:   165846 e483c01679c325ac0edeb5981cdba060
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.1_amd64.deb
      Size/MD5:   610616 5a5b73f2d68a90385b2dd70c539cfb4a
    
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.1_amd64.udeb
      Size/MD5:   182038 bc2c80a21f2afde523a17e311233ebc5
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.1_amd64.deb
      Size/MD5:   236212 90663453b5c114622627469f4ffd822a
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.1_amd64.deb
      Size/MD5:    86868 12bbd3d97943ce3751a3186494c31798

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.1_i386.udeb
      Size/MD5:   140068 8873836c923eb3205df376916b0c3669
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.1_i386.deb
      Size/MD5:   536704 801dcb0f46badf9ff4376a4484663b00
    
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.1_i386.udeb
      Size/MD5:   151544 28e22a72700630c00231c843662ed755
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.1_i386.deb
      Size/MD5:   205490 7e5acb93eb0243e1272f1ffed0145112
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.1_i386.deb
      Size/MD5:    86476 091d1ca0ef964b1cbc714cb050ef558d

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.1_powerpc.udeb
      Size/MD5:   158524 ae42600aed557c45556394035eacd10a
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.1_powerpc.deb
      Size/MD5:   593628 29d5510f526ddfa16a138b1d61c1cc75
    
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.1_powerpc.udeb
      Size/MD5:   165942 d5d1c6333c9406b1bf623b4db1c8824a
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.1_powerpc.deb
      Size/MD5:   226264 166b3da3dd64758a38f7731dc0c16703
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.1_powerpc.deb
      Size/MD5:    88152 2860a81b3d8d554f5356bab74573504b

  sparc architecture (Sun SPARC/UltraSPARC)

    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client-udeb_4.2p1-7ubuntu3.1_sparc.udeb
      Size/MD5:   149224 5f60da6926ed8b994cdc8dcf42b65088
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-client_4.2p1-7ubuntu3.1_sparc.deb
      Size/MD5:   543560 c9003ef5e14236a26d3b3a7abb25db9f
    
http://security.ubuntu.com/ubuntu/pool/universe/o/openssh/openssh-server-udeb_4.2p1-7ubuntu3.1_sparc.udeb
      Size/MD5:   160664 51e52151d74fd317648700234478e638
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/openssh-server_4.2p1-7ubuntu3.1_sparc.deb
      Size/MD5:   208870 6833a77599010cfe464f54bf0290b516
    
http://security.ubuntu.com/ubuntu/pool/main/o/openssh/ssh-askpass-gnome_4.2p1-7ubuntu3.1_sparc.deb
      Size/MD5:    86516 8dac0a82e5edaabfac6f8596a84ff884
Attachment: signature.asc
Description: Digital signature
Prev by Date: "POC 2006" by Korean hackers
Next by Date: Dayfox Blog v2.0 Remote file include
Previous by thread: "POC 2006" by Korean hackers
Next by thread: Dayfox Blog v2.0 Remote file include
Index(es):
- Date
- Thread