-----BEGIN PGP SIGNED MESSAGE-----
FreeBSD-SA-02:31 Security Advisory
The FreeBSD Project
Topic: openssh contains remote vulnerability
Credits: ISS X-Force <xforce@ISS.net>
Theo DeRaadt <deraadt@OpenBSD.org>
Affects: FreeBSD-CURRENT between 2002-03-18 and 2002-06-25
Corrected: 2002-06-25 19:10:07 (HEAD)
FreeBSD only: NO
OpenSSH is a free implementation of the SSH protocol suite, and
provides encrypted and authenticated remote login, file transfer and
II. Problem Description
SSH clients and servers communicate by exchanging discrete messages
with a variable number of parameters. Due to the lack of sufficient
integrity checks in a portion of the server code responsible for
handling incoming SSH2_MSG_USERAUTH_INFO_RESPONSE messages, it was
possible for a malicious client to send a message that would cause the
server to overwrite portions of its memory with client-provided data.
An remote attacker using an SSH client modified to send carefully
crafted SSH2_MSG_USERAUTH_INFO_RESPONSE to the server could obtain
superuser privileges on the server.
Please note that this problem only affects FreeBSD-CURRENT. No
versions of FreeBSD-STABLE are or were ever vulnerable to this bug.
Do one of the following:
1) Disable SSH entirely.
2) Use a firewall to block incoming SSH connections from untrusted
3) Add the following line to /etc/ssh/sshd_config, and restart sshd.
Note that this will prevent the use of OPIE and similar challenge-
based authentication methods with SSH.
Update your system to the latest -CURRENT.
VI. Correction details
No correction details are provided in this advisory.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
Comment: FreeBSD: The Power To Serve
-----END PGP SIGNATURE-----