similar to: Revised OpenSSH Security Advisory (adv.token)

This is the 2nd revision of the Advisory. Buffer overflow in OpenSSH's sshd if AFS has been configured on the system or if KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled by default. 1. Systems affected: All Versions of OpenSSH with AFS/Kerberos token passing compiled in and enabled (either in the

A buffer overflow exists in OpenSSH's sshd if sshd has been compiled with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled by default. 1. Systems affected: All Versions of OpenSSH compiled with AFS/Kerberos support and ticket/token passing enabled contain a buffer overflow.

A buffer overflow exists in OpenSSH's sshd if sshd has been compiled with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled by default. 1. Systems affected: All Versions of OpenSSH compiled with AFS/Kerberos support and ticket/token passing enabled contain a buffer overflow.

Hi! I just saw this on bugtraq. Does someone have more details about this? Subject: OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow From: Marcell Fodor <m.fodor at mail.datanet.hu> Date: 19 Apr 2002 22:42:51 -0000 (Sat 01:42 EEST) To: bugtraq at securityfocus.com effect: local root vulnerable services: -pass Kerberos IV TGT -pass AFS Token bug

This is the 2nd revision of the Advisory. 1. Versions affected: Serveral versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. All versions between 2.3.1 and 3.3 contain a bug in the PAMAuthenticationViaKbdInt code. All versions between 2.9.9 and 3.3

This is the 2nd revision of the Advisory. 1. Versions affected: Serveral versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. All versions between 2.3.1 and 3.3 contain a bug in the PAMAuthenticationViaKbdInt code. All versions between 2.9.9 and 3.3

http://bugzilla.mindrot.org/show_bug.cgi?id=234 Summary: OpenSSH does not compile on OpenBSD 3.1 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: OpenBSD Status: NEW Severity: normal Priority: P1 Component: Build system AssignedTo: openssh-unix-dev at mindrot.org

Hey All, Found a very minor problem with client implementation of KerberosTgtPassing command line flag in ssh.c (first diff). We also made some readability patches to the config files and manpages to make the option clearer (the remainder of the diffs). diffs are against -current Index: ssh.c =================================================================== RCS file:

Hi, There was an error in the original advisory. The estimate of 32768 attempts to carry out a successful attack is incorrect. The correct estimate is 11356 attempts. A revised version is now available at: http://www.openssh.com/txt/cbc.adv The advisory and its recommendations are otherwise unchanged. -d

Hi, There was an error in the original advisory. The estimate of 32768 attempts to carry out a successful attack is incorrect. The correct estimate is 11356 attempts. A revised version is now available at: http://www.openssh.com/txt/cbc.adv The advisory and its recommendations are otherwise unchanged. -d

OpenSSH Security Advisory: portable-keysign-rand-helper.adv This document may be found at: http://www.openssh.com/txt/portable-keysign-rand-helper.adv 1. Vulnerability Portable OpenSSH's ssh-keysign utility may allow unauthorised local access to host keys on platforms if ssh-rand-helper is used. 2. Affected configurations Portable OpenSSH prior to version

With a little help, I managed to get ssh to compile. (original post 05.02.02) Now, I can login using an account that is local to the target machine but logins with AFS accounts fail. The details: IRIX 6.5.15 ssh 3.1.p1 gcc 3.0.1 ssl-0.9.6c zlib-1.1.4. I am configuring with: env CC=gcc CFLAGS=-g LDFLAGS=-Wl,-rpath,/usr/local/krb4/lib,-rpath,/usr/local/ssl/lib ./configure

OpenSSH Security Advisory: portable-keysign-rand-helper.adv This document may be found at: http://www.openssh.com/txt/portable-keysign-rand-helper.adv 1. Vulnerability Portable OpenSSH's ssh-keysign utility may allow unauthorised local access to host keys on platforms if ssh-rand-helper is used. 2. Affected configurations Portable OpenSSH prior to version

1. Versions affected: All versions of OpenSSH's sshd between 2.9.9 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. OpenSSH 3.4 and later are not affected. OpenSSH 3.2 and later prevent privilege escalation if UsePrivilegeSeparation is enabled in sshd_config. OpenSSH 3.3 enables

Weakness in OpenSSH's source IP based access control for SSH protocol v2 public key authentication. 1. Systems affected: Versions of OpenSSH between 2.5.x and 2.9.x using the 'from=' key file option in combination with both RSA and DSA keys in ~/.ssh/authorized_keys2. 2. Description: Depending on the order of the user keys in ~/.ssh/authorized_keys2 sshd might

1. Versions affected: All versions of OpenSSH's sshd between 2.9.9 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. OpenSSH 3.4 and later are not affected. OpenSSH 3.2 and later prevent privilege escalation if UsePrivilegeSeparation is enabled in sshd_config. OpenSSH 3.3 enables

Appologise if this did make it to the list but I just subscribed and didn't see it come back... I am attmepting to install ssh/sshd on my RH6.1 Intel Box. Everything seems to be working (not quite smooth sailing - I had to resort to precompiled RPM for OpenSSL). I did however get it "working." I generated a host key as root and then changed back to joe-user. I created a key for

From: Keith Baker <ssh at par.dhs.org> To: openssh-unix-dev at mindrot.org Subject: Password Login Failing... I am attmepting to install ssh/sshd on my RH6.1 Intel Box. Everything seems to be working (not quite smooth sailing - I had to resort to precompiled RPM for OpenSSL). I did however get it "working." I generated a host key as root and then changed back to joe-user. I

I'm using a OpenSSH 3.0.2p1 with the krb5 patch from <http://www.sxw.org.uk/computing/patches/openssh.html>. I'm getting KRB5CCNAME set to "" even though <http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=98269278629018&w=2> mentions fixing it. This causes things like kinit to fail with a somewhat uninformative error message. The relevant sshd_config lines

Hello, I going to use ssh with Kerberos V5 support along with support for AFS. I don't want to use Kerberos V4 or AFS token passing. The only thing I need from AFS is creating an AFS token (using appropriate function from krb5 API) after user's authentication. It seems to me that such scenario is not much supported by the current code. Rather it is assumed only Kerberos 4 will be used