Detections
Analytics

Scientific Linux Security Update : openssh on SL7.x x86_64 (20150305)

medium Nessus Plugin ID 82258

Language:

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip the DNS SSHFP record check and require the user to perform manual host verification of the DNS SSHFP record.
(CVE-2014-2653)

It was found that when OpenSSH was used in a Kerberos environment, remote authenticated users were allowed to log in as a different user if they were listed in the ~/.k5users file of that user, potentially bypassing intended authentication restrictions. (CVE-2014-9278)

The openssh packages have been upgraded to upstream version 6.6.1, which provides a number of bug fixes and enhancements over the previous version.

Bug fixes :

 - An existing /dev/log socket is needed when logging using the syslog utility, which is not possible for all chroot environments based on the user's home directories. As a consequence, the sftp commands were not logged in the chroot setup without /dev/log in the internal sftp subsystem. With this update, openssh has been enhanced to detect whether /dev/log exists. If /dev/log does not exist, processes in the chroot environment use their master processes for logging.

 - The buffer size for a host name was limited to 64 bytes.
 As a consequence, when a host name was 64 bytes long or longer, the ssh-keygen utility failed. The buffer size has been increased to fix this bug, and ssh-keygen no longer fails in the described situation.

 - Non-ASCII characters have been replaced by their octal representations in banner messages in order to prevent terminal re-programming attacks. Consequently, banners containing UTF-8 strings were not correctly displayed in a client. With this update, banner messages are processed according to RFC 3454, control characters have been removed, and banners containing UTF-8 strings are now displayed correctly.

 - Scientific Linux uses persistent Kerberos credential caches, which are shared between sessions. Previously, the GSSAPICleanupCredentials option was set to 'yes' by default. Consequently, removing a Kerberos cache on logout could remove unrelated credentials of other sessions, which could make the system unusable. To fix this bug, GSSAPICleanupCredentials is set by default to 'no'.

 - Access permissions for the /etc/ssh/moduli file were set to 0600, which was unnecessarily strict. With this update, the permissions for /etc/ssh/moduli have been changed to 0644 to make the access to the file easier.

 - Due to the KRB5CCNAME variable being truncated, the Kerberos ticket cache was not found after login using a Kerberos-enabled SSH connection. The underlying source code has been modified to fix this bug, and Kerberos authentication works as expected in the described situation.

Enhancements :

 - When the sshd daemon is configured to force the internal SFTP session, a connection other then SFTP is used, the appropriate message is logged to the /var/log/secure file.

 - The sshd-keygen service was run using the 'ExecStartPre=-/usr/sbin/sshd- keygen' option in the sshd.service unit file. With this update, the separate sshd-keygen.service unit file has been added, and sshd.service has been adjusted to require sshd-keygen.service.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?55568abc

Plugin Details

Severity: Medium

ID: 82258

File Name: sl_20150305_openssh_on_SL7_x.nasl

Version: 1.5

Type: local

Agent: unix

Published: 3/26/2015

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.5

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:fermilab:scientific_linux:openssh, p-cpe:/a:fermilab:scientific_linux:openssh-askpass, p-cpe:/a:fermilab:scientific_linux:openssh-clients, p-cpe:/a:fermilab:scientific_linux:openssh-debuginfo, p-cpe:/a:fermilab:scientific_linux:openssh-keycat, p-cpe:/a:fermilab:scientific_linux:openssh-ldap, p-cpe:/a:fermilab:scientific_linux:openssh-server, p-cpe:/a:fermilab:scientific_linux:openssh-server-sysvinit, p-cpe:/a:fermilab:scientific_linux:pam_ssh_agent_auth, x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 3/5/2015

Vulnerability Publication Date: 3/27/2014

Reference Information

CVE: CVE-2014-2653, CVE-2014-9278