English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2001-0030

Package name:      OpenSSH
Severity:          Local root exploit if UseLogin option enabled
Date:              2001-12-19
Affected versions: TSL 1.01, 1.1, 1.2, 1.5

- --------------------------------------------------------------------------

Problem description:
  A malicious local user can pass environment variables to the login
  process if the administrator enables the UseLogin option.  This can
  be abused to bypass authentication and gain root access.
  Note that this option is not enabled by default on TSL.


Action:
  We recommend that all systems with this package installed are upgraded.


Location:
  All TSL updates are available from
  <URI:http://www.trustix.net/pub/Trustix/updates/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/updates/>


Automatic updates:
  Users of the SWUP tool, can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Get SWUP from:
  <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.net/support/>


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key available from:
  <URI:http://www.trustix.net/TSL-GPG-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.net/errata/trustix-1.2/> and
  <URI:http://www.trustix.net/errata/trustix-1.5/>
  or directly at
  <URI:http://www.trustix.net/errata/misc/2001/TSL-2001-0030-openssh.asc.txt>

MD5sums of the packages:
- --------------------------------------------------------------------------
71f9d80630a4c08f54aacfc49e0cfec7  ./1.5/SRPMS/openssh-3.0.2p1-1tr.src.rpm
55096b921e28b5af55785b8ba5535dc3  ./1.5/RPMS/openssh-server-3.0.2p1-1tr.i586.rpm
9b657aff2f8e0ac8fa5cbb46346bc72b  ./1.5/RPMS/openssh-clients-3.0.2p1-1tr.i586.rpm
6bb5b4e99d2e413ad88bff4a4e551c8b  ./1.5/RPMS/openssh-3.0.2p1-1tr.i586.rpm
71f9d80630a4c08f54aacfc49e0cfec7  ./1.2/SRPMS/openssh-3.0.2p1-1tr.src.rpm
16b64002dc47121a50eb744762db7f4b  ./1.2/RPMS/openssh-server-3.0.2p1-1tr.i586.rpm
e0abacbfe2eb860e75b9408873338953  ./1.2/RPMS/openssh-clients-3.0.2p1-1tr.i586.rpm
459b0715a16d4043211b1e4ad46acddf  ./1.2/RPMS/openssh-3.0.2p1-1tr.i586.rpm
71f9d80630a4c08f54aacfc49e0cfec7  ./1.1/SRPMS/openssh-3.0.2p1-1tr.src.rpm
8dc43857ecc5af0fc9459639a3b9d5c8  ./1.1/RPMS/openssh-server-3.0.2p1-1tr.i586.rpm
b611b85e0c30ecd5333ae30dd225d189  ./1.1/RPMS/openssh-clients-3.0.2p1-1tr.i586.rpm
a40338ee7d06e2eb9d7c73e4787e7dd9  ./1.1/RPMS/openssh-3.0.2p1-1tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8Ic5zwRTcg4BxxS0RAqdzAJ4kgDeENg3rKItgELWGfaKtA3D0QgCfUn6M
6wmPHCmvdysGL4JYsN8vzaE=
=M8lD
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.