Displaying 20 results from an estimated 7000 matches similar to: "Revised: Portable OpenSSH security advisory: portable-keysign-rand-helper.adv"
2011 May 03
0
Revised: Portable OpenSSH security advisory: portable-keysign-rand-helper.adv
OpenSSH Security Advisory: portable-keysign-rand-helper.adv
This document may be found at:
http://www.openssh.com/txt/portable-keysign-rand-helper.adv
1. Vulnerability
Portable OpenSSH's ssh-keysign utility may allow unauthorised
local access to host keys on platforms if ssh-rand-helper is
used.
2. Affected configurations
Portable OpenSSH prior to version
2011 May 03
0
Announce: Portable OpenSSH 5.8p2 released
Portable OpenSSH 5.8p2 has just been released. It will be available
from the mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or
2002 Mar 08
2
Cannot run OpenSSH 3.1p1 on Solaris 8, Irix 6.5.14, Irix 6.5.4, SunOS 4.1.3_U1 - ssh-rand-helper child produced insufficient data
I have successfully compiled OpenSSH 3.1p1 for the following systems:
Solaris 8
Solaris 7
Irix 6.5.14
Irix 6.5.4
SunOS 4.1.3_U1
Unfortunately, the new sshd is not working on any of the above systems
with the exception of Solaris 7. (I then put the Solaris 7 executables
on Solaris 8, and they worked there too.)
This is the error I'm getting:
$ /usr/etc/sshd -D -d -d -d
debug3: Seeing PRNG
2002 Jan 22
4
ssh-rand-helper
Now that ssh-rand-helper has been segregated into a separate program,
I'd like to revisit an old question about its entropy gathering.
- would it be desirable to make it possible for ssh-rand-helper to fall
back to external commands if PRNGD cannot be reached, instead of
choosing one or the other at compile time?
- When using PRNGD, the program gets 48 bytes of entropy from PRNGD,
2003 Mar 31
1
[Bug 526] potential ssh-keysign segfault if pktype == KEY_UNSPEC
http://bugzilla.mindrot.org/show_bug.cgi?id=526
Summary: potential ssh-keysign segfault if pktype == KEY_UNSPEC
Product: Portable OpenSSH
Version: 3.6p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Miscellaneous
AssignedTo: openssh-unix-dev at mindrot.org
2002 Apr 25
2
ssh-rand-helper probs
Hi all
Am i doing this right? Is this the right list to post to? If not, a
quick lesson in ettiquette for me would not hurt. As I am both just
starting to use newsgroups and SSH, I am not entirely familiar with the
processes. I have a question about ssh-rand-helper. First an outline: I
am currently using the SSH packages for Solaris 2.8 available at
sunfreeware.com. The environment is
2002 Apr 01
4
path to find ssh-rand-helper
Before I actually implement the small changes needed to allow the
location of ssh-rand-helper to be specified in the config file, I'd
like to check that in doing so I won't be opening up a huge security
hole.
My brief reading of the code suggests that in entropy.c:seed_rng() the
ssh-rand-helper is run as the original uid (for binaries which were
setuid in the first place of course), so I
2003 Aug 25
3
[Bug 630] built-in ssh-rand-helper
http://bugzilla.mindrot.org/show_bug.cgi?id=630
Summary: built-in ssh-rand-helper
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Miscellaneous
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: aet at cc.hut.fi
2004 Dec 18
0
Make ssh-rand-helper fall back to commands when configured with prngd
Hi.
I recently snookered myself: I build OpenSSH on an old box that didn't
have /dev/random, but happened to be running prngd at the time for other
reasons. Because I wanted to use commands, I configured
--with-rand-helper, however configure found the prngd socket and built
ssh-rand-helper to use it exclusively.
Next reboot: no prngd, no random seed, no sshd. Do not log in, do not
2003 Jun 22
16
[Bug 600] compilation of ssh-askpass or ssh-rand-helper fails on NCR MP-RAS v3.02
http://bugzilla.mindrot.org/show_bug.cgi?id=600
Summary: compilation of ssh-askpass or ssh-rand-helper fails on
NCR MP-RAS v3.02
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: other
Status: NEW
Severity: normal
Priority: P2
Component: Build system
2002 Jul 25
1
[Bug 371] New: OpenSSH fails to build on Alpha True64 in cipher.c
http://bugzilla.mindrot.org/show_bug.cgi?id=371
Summary: OpenSSH fails to build on Alpha True64 in cipher.c
Product: Portable OpenSSH
Version: -current
Platform: Alpha
OS/Version: OSF/1
Status: NEW
Severity: normal
Priority: P2
Component: Build system
AssignedTo: openssh-unix-dev at mindrot.org
2003 Apr 30
4
Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv)
1. Systems affected:
Users of Portable OpenSSH prior to 3.6.1p2 on AIX are affected
if OpenSSH was compiled using a non-AIX compiler (e.g. gcc).
Please note that the IBM-supplied OpenSSH packages[1] are
not vulnerable.
2. Description:
The default behavior of the runtime linker on AIX is to search
the current directory for dynamic libraries before searching
system paths. This is done
2003 Apr 30
4
Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv)
1. Systems affected:
Users of Portable OpenSSH prior to 3.6.1p2 on AIX are affected
if OpenSSH was compiled using a non-AIX compiler (e.g. gcc).
Please note that the IBM-supplied OpenSSH packages[1] are
not vulnerable.
2. Description:
The default behavior of the runtime linker on AIX is to search
the current directory for dynamic libraries before searching
system paths. This is done
2011 Jun 08
5
[Bug 1912] New: 5.8 ssh-keysign lacks ECDSA support
https://bugzilla.mindrot.org/show_bug.cgi?id=1912
Summary: 5.8 ssh-keysign lacks ECDSA support
Product: Portable OpenSSH
Version: 5.8p2
Platform: All
OS/Version: All
Status: NEW
Severity: critical
Priority: P2
Component: Miscellaneous
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy:
2007 Nov 13
1
compile error in hp-ux 11.23PA system with OpenSSH4.7p1
Hi all,
I am compiling the OpenSSH4.7p1 on hp-ux PA11.23 system, however, it gives the following bug:
cc +DD64 -I. -I. -I../include/openssl -I../include/tcpwrap -I../include/zlib -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -I/usr/local/include -I../include/gssapi -DSSHDIR=\"/opt/ssh/etc\" -D_PATH_SSH_PROGRAM=\"/opt/ssh/bin/ssh\"
2001 Dec 21
6
Killing the builtin entropy code
Over the holidays, I intend to finally rid portable OpenSSH of the
builtin entropy collection code. Here's what I intend to do:
When init_rng is called, we'll check OpenSSL's RAND_status(). If this
indicates that their PRNG is already seeded, we'll do nothing. This
effectively detects platforms which have /dev/urandom (or similar)
configured into OpenSSL.
If OpenSSL isn't
2004 Dec 17
0
ssh-keysign bug?
I use ssh in a batch environment (www.pbspro.com) and am using host based
authentication to allow sshes between some resources. When I converted from
openssh 3.1 to newer versions (up to an including 3.8 where ssh-keysign was
moved to a standalone binary) I had issues with ssh-keysign failing with the
error "bad fd". A little exploring showed that this was happening because
in the
2002 Apr 26
0
Revised OpenSSH Security Advisory (adv.token)
This is the 2nd revision of the Advisory.
Buffer overflow in OpenSSH's sshd if AFS has been configured on the
system or if KerberosTgtPassing or AFSTokenPassing has been enabled
in the sshd_config file. Ticket and token passing is not enabled
by default.
1. Systems affected:
All Versions of OpenSSH with AFS/Kerberos token passing
compiled in and enabled (either in the
2002 Apr 26
0
Revised OpenSSH Security Advisory (adv.token)
This is the 2nd revision of the Advisory.
Buffer overflow in OpenSSH's sshd if AFS has been configured on the
system or if KerberosTgtPassing or AFSTokenPassing has been enabled
in the sshd_config file. Ticket and token passing is not enabled
by default.
1. Systems affected:
All Versions of OpenSSH with AFS/Kerberos token passing
compiled in and enabled (either in the
2008 Nov 23
0
Revised: OpenSSH security advisory: cbc.adv
Hi,
There was an error in the original advisory. The estimate of 32768
attempts to carry out a successful attack is incorrect. The correct
estimate is 11356 attempts. A revised version is now available at:
http://www.openssh.com/txt/cbc.adv
The advisory and its recommendations are otherwise unchanged.
-d