English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2005-100
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 27 Dec 2005
 Last revised: 27 Dec 2005

 Package: openssh

 Summary: GSSAPI credentials vulnerability

 More information:
    OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools
    that increasing numbers of people on the Internet are coming to rely on.
    The sshd in OpenSSH, when GSSAPIDelegateCredentials is enabled,
    allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods,
    which could cause those credentials to be exposed to untrusted users or hosts.

 Impact:
    This vulnerability may allow remote users to bypass access control rules.

 Affected Products:
    - Turbolinux FUJI
    - Turbolinux 10 Server x64 Edition
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux Multimedia
    - Turbolinux Personal
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home,
  Turbolinux Multimedia, Turbolinux Personal]
 # turbopkg
 or
 # zabom -u openssh openssh-askpass openssh-clients openssh-server

 [other]
 # turbopkg
 or
 # zabom update openssh openssh-askpass openssh-clients openssh-server
 ---------------------------------------------


 <Turbolinux FUJI>

   Source Packages
   Size: MD5

   openssh-4.1p1-3.src.rpm
       950594 c1d0ee00669844f0455de1f5fb585c03

   Binary Packages
   Size: MD5

   openssh-4.1p1-3.i686.rpm
       235186 2dc8a3d6eb6c050201adb5bb160319a3
   openssh-askpass-4.1p1-3.i686.rpm
        37519 9741146cf16ef979886dba1a07ace57b
   openssh-clients-4.1p1-3.i686.rpm
       253865 13375624cc4809d990c76b1a6efb9453
   openssh-server-4.1p1-3.i686.rpm
       255229 5a378d4361902a7b975199f4973229ab

 <Turbolinux 10 Server x64 Edition> 

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/openssh-3.9p1-7.src.rpm
       908950 917aeb4ea1da347de04929439ee089f6

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssh-3.9p1-7.x86_64.rpm
       202621 58080b9f2271fa1683642eda5d1f180e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssh-askpass-3.9p1-7.x86_64.rpm
        38451 5e5f234704643c8d5b7f94e24253aece
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssh-clients-3.9p1-7.x86_64.rpm
       237026 e7f42e70afb2bd03d7bb974c1f4ce67c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssh-server-3.9p1-7.x86_64.rpm
       245746 3dd4df1042fcf0fca4bb912032625711

 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   openssh-3.7.1p2-7.src.rpm
       842986 fda8d477f6a145c963159e3aee38accd

   Binary Packages
   Size: MD5

   openssh-3.7.1p2-7.i586.rpm
       194229 914e02a0023560bc72cc7a6937ae6eb7
   openssh-askpass-3.7.1p2-7.i586.rpm
        34042 0896aadea058e4ee9a36265596b4147e
   openssh-clients-3.7.1p2-7.i586.rpm
       216292 039046262e06d5c251613c85129388bd
   openssh-server-3.7.1p2-7.i586.rpm
       225089 f1ff8f47e20800a2a7efe1aa5b28732f

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   openssh-3.7.1p2-7.src.rpm
       842986 4d397ef6c1786a862dd7099d441c6871

   Binary Packages
   Size: MD5

   openssh-3.7.1p2-7.i586.rpm
       194337 860a4b6f2d3dc4b1db17a70d84d166fd
   openssh-askpass-3.7.1p2-7.i586.rpm
        34232 ca66c23b8904521d18c95a8c87ec835a
   openssh-clients-3.7.1p2-7.i586.rpm
       216470 a87dc806e772ce1857cf854dbf11e81f
   openssh-server-3.7.1p2-7.i586.rpm
       225243 0e9f2adc1d7f43fdfc05139754be2bca

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/openssh-3.9p1-7.src.rpm
       908950 d017c1fc3759bda87ea6d6964e7cd7c9

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/openssh-3.9p1-7.i586.rpm
       189351 480bae9b168ba45ac1933626d3c53e95
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/openssh-askpass-3.9p1-7.i586.rpm
        36522 3f8ad91ce93d6748bb15170c536d0a7d
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/openssh-clients-3.9p1-7.i586.rpm
       215265 caaea4ee2cd8dcffd92da326bf8c3d25
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/openssh-server-3.9p1-7.i586.rpm
       217280 2b9ce9b18a4f9920a222cd5664958cf4

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/openssh-3.8p1-7.src.rpm
       879480 e7463192e296082b01652d1455e54118

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/openssh-3.8p1-7.i586.rpm
       192898 74b1ed7f34377b61776e460b2b7a2620
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/openssh-askpass-3.8p1-7.i586.rpm
        36419 bdbe10961d7e1231702b47567bcb53c9
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/openssh-clients-3.8p1-7.i586.rpm
       211414 7639f743b9c535009c87257ef013a4e3
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/openssh-server-3.8p1-7.i586.rpm
       214255 161b34502bbe5e7ad9314281d0916618

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/openssh-3.7.1p2-7.src.rpm
       842986 2135415db1e00b6b153355d967847099

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-3.7.1p2-7.i586.rpm
       194458 7ef26f0180d8b1f8b845032962b6c2d4
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-askpass-3.7.1p2-7.i586.rpm
        34235 38ebbfa29398857618648d469221b718
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-askpass-gnome-3.7.1p2-7.i586.rpm
        15515 0ccb7dd85750ab3f20ad64c5a9ff4ac2
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-clients-3.7.1p2-7.i586.rpm
       216508 6f9dfa7a2bd5f6c49cb4984e2837361a
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/openssh-server-3.7.1p2-7.i586.rpm
       225130 c8d1914051c07a5b9f2f6214c1ba0041

 <Turbolinux 8 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/openssh-3.7.1p2-7.src.rpm
       842986 8b3e5198f6d7ba7d690782c4fb535dbf

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-3.7.1p2-7.i586.rpm
       194461 effeca82e99c5f588287714900c9e0ce
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-askpass-3.7.1p2-7.i586.rpm
        34233 efdbcf14cfc2864bc775ed43b0451065
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-clients-3.7.1p2-7.i586.rpm
       216449 9b03d77831caa37e124d206fdd3ed001
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/openssh-server-3.7.1p2-7.i586.rpm
       225125 8126b27f4c566ebf345c473fc61b81f9

 <Turbolinux 7 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/openssh-3.7.1p2-7.src.rpm
       842986 7aa39df615b1461b6ee8e9ae958eac4a

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-3.7.1p2-7.i586.rpm
       190143 5592f9753f6ec7dbafe79c1b97844a48
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-askpass-3.7.1p2-7.i586.rpm
        33729 556c66a88fbabfab0ac2eec954cbe671
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-clients-3.7.1p2-7.i586.rpm
       210220 b230b893f0cb77acc181819f728ac423
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/openssh-server-3.7.1p2-7.i586.rpm
       217921 626961bcb0c39eb7dc926d88750039cd


 References:

 CVE
   [CAN-2005-2798]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2798

 --------------------------------------------------------------------------
 Revision History
    27 Dec 2005 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2005 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFDsMhoK0LzjOqIJMwRAlv5AJsHb4xKYcQc9cbyGocxWiF1mjJD9wCfR306
3Xsh5qVSAvXmDUiKcT2zxOs=
=A1sc
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.