Debian DSA-119-1 : ssh -- local root exploit, remote client exploit

critical Nessus Plugin ID 14956

Synopsis

The remote Debian host is missing a security-related update.

Description

Joost Pol reports that OpenSSH versions 2.0 through 3.0.2 have an off-by-one bug in the channel allocation code. This vulnerability can be exploited by authenticated users to gain root privilege or by a malicious server exploiting a client with this bug.

Solution

Since Debian 2.2 (potato) shipped with OpenSSH (the 'ssh' package) version 1.2.3, it is not vulnerable to this exploit. No fix is required for Debian 2.2 (potato).

The Debian unstable and testing archives do include a more recent OpenSSH (ssh) package. If you are running these pre-release distributions you should ensure that you are running version 3.0.2p1-8, a patched version which was added to the unstable archive today, or a later version.

See Also

http://www.debian.org/security/2002/dsa-119

Plugin Details

Severity: Critical

ID: 14956

File Name: debian_DSA-119.nasl

Version: 1.15

Type: local

Agent: unix

Published: 9/29/2004

Updated: 7/9/2018

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:debian:debian_linux

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/7/2002

Exploitable With

Core Impact

Reference Information

CVE: CVE-2002-0083

BID: 4241

CWE: 189

DSA: 119