English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 148472 CVE descriptions
and 72306 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2003-31
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date : 13 May 2003
 Last revised           : 21 May 2003

 Package : openssh

 Summary : OpenSSH/PAM timing attack allows remote users identification

 More information :
    The opessh immediately returns an error message if the user does not exist
    on openssh server.
    As a result, it is possible to check user's validity by measuring response time.

 Impact :
    The remote attackers may be able to identify valid users on OpenSSH server.

 Affected Products :
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1
    - Turbolinux Workstation 6.0

 Solution :
    Please use turbopkg tool to apply the update.


 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   openssh-3.6.1p1-11.src.rpm
       922615 d8db86b93b1bb1f0eff54176b9f78652

   Binary Packages
   Size : MD5

   openssh-3.6.1p1-11.i586.rpm
       183709 2001ba97dc2ff9028902c81f82cebac8
   openssh-askpass-3.6.1p1-11.i586.rpm
        32792 55bf100facd53053406a7808ed45b12c
   openssh-askpass-gnome-3.6.1p1-11.i586.rpm
        14040 402993f41c642e81ab5c5a0d037bf898
   openssh-clients-3.6.1p1-11.i586.rpm
       210302 789a9c06751a1b17fda842d63548ae48
   openssh-server-3.6.1p1-11.i586.rpm
       223222 e341abf8669ef0dbd7c300f07168b61b

 <Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   openssh-3.6.1p1-11.src.rpm
       922615 bdb287c39fa4dc3d4ebbbbf586a8c03c

   Binary Packages
   Size : MD5

   openssh-3.6.1p1-11.i586.rpm
       183694 ebe978597f902dd9589ea82eb5456080
   openssh-askpass-3.6.1p1-11.i586.rpm
        32766 46e5347dfd4a989edecaacfd8d2117a4
   openssh-clients-3.6.1p1-11.i586.rpm
       210410 6b0594339f576716120226a3657625b7
   openssh-server-3.6.1p1-11.i586.rpm
       223250 0d0c7c71b0834f0c12e36744fd79ea53

 <Turbolinux 7 Server>

   Source Packages
   Size : MD5

   openssh-3.6.1p1-11.src.rpm
       922615 de79063eb5518cabc0e3501c35d695e4

   Binary Packages
   Size : MD5

   openssh-3.6.1p1-11.i586.rpm
       180107 9b2d11131337a4fbaacb07c59d461e9a
   openssh-askpass-3.6.1p1-11.i586.rpm
        32309 4f22d99e58b60cb33443ea0c3679b9b9
   openssh-clients-3.6.1p1-11.i586.rpm
       204421 652fde9c029d066773b8a079fd31f33a
   openssh-server-3.6.1p1-11.i586.rpm
       216270 0feba4ba855868d7fd8cb8490731e9f8

 <Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   openssh-3.6.1p1-11.src.rpm
       922615 4ec0ede4a7746fac1ed0ff08eba0e315

   Binary Packages
   Size : MD5

   openssh-3.6.1p1-11.i586.rpm
       180147 ae5d67fe212555b95a9488afed90c69b
   openssh-askpass-3.6.1p1-11.i586.rpm
        32289 240836a3156aa0d9115bafb49e6d8059
   openssh-clients-3.6.1p1-11.i586.rpm
       204467 068bbbf513c3ae976338db26569c54b4
   openssh-server-3.6.1p1-11.i586.rpm
       216284 0ed9fa045b509c4c566d35fe9fc54651

 <Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   openssh-3.6.1p1-11.src.rpm
       922615 bd9af261c15d8cf112b6e5e72df725d7

   Binary Packages
   Size : MD5

   openssh-3.6.1p1-11.i386.rpm
       202996 edb771c092c4bdf83d74d84be90c6bcb
   openssh-askpass-3.6.1p1-11.i386.rpm
        31989 c27a6b89b64e9992d1555d920eb0375e
   openssh-clients-3.6.1p1-11.i386.rpm
       236782 ef74923445200c82671104bbe50371ef
   openssh-server-3.6.1p1-11.i386.rpm
       247422 079405eb11a76806df51ca65d47a2d56

 <Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   openssh-3.6.1p1-11.src.rpm
       922615 229f036969f74313ba0317eafc322fcc

   Binary Packages
   Size : MD5

   openssh-3.6.1p1-11.i386.rpm
       202990 dd437be00ce09a0077a9bed9cd9ee5d6
   openssh-askpass-3.6.1p1-11.i386.rpm
        31992 ec0a88706a06f1b4b9823b212fd9d56a
   openssh-askpass-gnome-3.6.1p1-11.i386.rpm
        13697 966ff854db07c67bdfcdbdcc853d4f95
   openssh-clients-3.6.1p1-11.i386.rpm
       236774 a403fe08b7b483ee3369135d5bd6eb79
   openssh-server-3.6.1p1-11.i386.rpm
       247423 839397e1d98b17ad4950bd604992470b

 <Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   openssh-3.6.1p1-11.src.rpm
       922615 a0b81fcdf3266e09cd21444adc68ed17

   Binary Packages
   Size : MD5

   openssh-3.6.1p1-11.i386.rpm
       202991 70536840d83fe4ba60fa27261f03a373
   openssh-askpass-gnome-3.6.1p1-11.i386.rpm
        13695 c34c1a778d28f178354fd1b8008bfb1c
   openssh-clients-3.6.1p1-11.i386.rpm
       236787 2c73357f8d920fcdf85333fb2d0cee35
   openssh-server-3.6.1p1-11.i386.rpm
       247367 aed8bdc4512ebd5f7d26bff989fcb0a6

 <Turbolinux Workstation 6.0>

   Source Packages
   Size : MD5

   openssh-3.6.1p1-11.src.rpm
       922615 31c758f705628805564485675771b9b6

   Binary Packages
   Size : MD5

   openssh-3.6.1p1-11.i386.rpm
       203003 105243bdbcfc6de251b09b3bda729224
   openssh-askpass-3.6.1p1-11.i386.rpm
        31992 5f0babf4d89e88c1dade240186c8de56
   openssh-askpass-gnome-3.6.1p1-11.i386.rpm
        13699 31b75a8f94ca86f687f68333e8ba0567
   openssh-clients-3.6.1p1-11.i386.rpm
       236784 59a89502f691fc99ee0dc0965547ecff
   openssh-server-3.6.1p1-11.i386.rpm
       247385 fd477b6a5a5af8ae9454eefc0d7f32ae


 References :

 CVE
   [CAN-2003-0190]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0190


 --------------------------------------------------------------------------
 Revision History
    13 May 2003 Initial release
    21 May 2003 modifyed MD5
 --------------------------------------------------------------------------

 Copyright(C) 2003 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+y49EK0LzjOqIJMwRAqZJAJsGcQf5QhBtjBdYT0G21zN7LKlMsACgl0uU
fG/1elJWfN15e7kTfuwJAic=
=q6sh
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.