From markus at openbsd.org Wed Apr 2 06:21:46 2003 From: markus at openbsd.org (Markus Friedl) Date: Tue, 1 Apr 2003 22:21:46 +0200 Subject: [openssh-unix-announce] OpenSSH 3.6.1 released Message-ID: <20030401202146.GA312@folly> OpenSSH 3.6.1 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support to the project, especially those who contributed source and bought T-shirts or posters. We have a new design of T-shirt available, more info on http://www.openbsd.org/tshirts.html#18 For international orders use http://https.openbsd.org/cgi-bin/order and for European orders, use http://https.openbsd.org/cgi-bin/order.eu Changes since OpenSSH 3.6: ========================== * The 'kex guesses' bugfix from OpenSSH 3.6 triggers a bug in a few other SSH v2 implementations and causes connections to stall. OpenSSH 3.6.1 disables this bugfix when interoperating with these implementations. Changes between OpenSSH 3.5 and OpenSSH 3.6: ============================================ * RSA blinding is now used by ssh(1), sshd(8) and ssh-agent(1). in order to avoid potential timing attacks against the RSA keys. Older versions of OpenSSH have been using RSA blinding in ssh-keysign(1) only. Please note that there is no evidence that the SSH protocol is vulnerable to the OpenSSL/TLS timing attack described in http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf * ssh-agent(1) optionally requires user confirmation if a key gets used, see '-c' in ssh-add(1). * sshd(8) now handles PermitRootLogin correctly when UsePrivilegeSeparation is enabled. * sshd(8) now removes X11 cookies when a session gets closed. * ssh-keysign(8) is disabled by default and only enabled if the new EnableSSHKeysign option is set in the global ssh_config(5) file. * ssh(1) and sshd(8) now handle 'kex guesses' correctly (key exchange guesses). * ssh(1) no longer overwrites SIG_IGN. This matches behaviour from rsh(1) and is used by backup tools. * setting ProxyCommand to 'none' disables the proxy feature, see ssh_config(5). * scp(1) supports add -1 and -2. * scp(1) supports bandwidth limiting. * sftp(1) displays a progressmeter. * sftp(1) has improved error handling for scripting. Checksums: ========== - MD5 (openssh-3.6.1p1.tar.gz) = d4c2c88b883f097fe88e327cbb4b2e2a - MD5 (openssh-3.6.1.tgz) = aa2acd2be17dc3fd514a1e09336aab51 Reporting Bugs: =============== - please read http://www.openssh.com/report.html and http://bugzilla.mindrot.org/ OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller and Ben Lindstrom. From djm at mindrot.org Wed Apr 30 13:37:28 2003 From: djm at mindrot.org (Damien Miller) Date: Wed, 30 Apr 2003 13:37:28 +1000 (EST) Subject: [openssh-unix-announce] Portable OpenSSH 3.6.1p2 Message-ID: OpenSSH 3.6.1p2 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. This is a release of the Portable version only. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support and encouragement. Changes since OpenSSH 3.6.1p1: ============================ * Security: corrected linking problem on AIX/gcc. AIX users are advised to upgrade immediately. For details, please refer to separate advisory (aixgcc.adv). * Corrected build problems on Irix * Corrected build problem when building with AFS support * Merged some changes from Openwall Linux Checksums: ========== - MD5 (openssh-3.6p1.tar.gz) = f3879270bffe479e1bd057aa36258696 Reporting Bugs: =============== - please read http://www.openssh.com/report.html and http://bugzilla.mindrot.org/ OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller and Ben Lindstrom. From djm at mindrot.org Wed Apr 30 13:39:49 2003 From: djm at mindrot.org (Damien Miller) Date: Wed, 30 Apr 2003 13:39:49 +1000 (EST) Subject: [openssh-unix-announce] Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) Message-ID: 1. Systems affected: Users of Portable OpenSSH prior to 3.6.1p2 on AIX are affected if OpenSSH was compiled using a non-AIX compiler (e.g. gcc). Please note that the IBM-supplied OpenSSH packages[1] are not vulnerable. 2. Description: The default behavior of the runtime linker on AIX is to search the current directory for dynamic libraries before searching system paths. This is done regardless of the executable's set[ug]id status. This behavior is insecure and extremely dangerous. It allows an attacker to locally escalate their privilege level through the use of replacement libraries. Portable OpenSSH includes configure logic to override this broken behavior, but only for the native compiler. gcc uses a different command-line option (without changing the dangerous default behavior). 3. Impact: Privilege escalation by local users. 4. Short-term workaround: Remove any set[ug]id bits from the installed binaries, usually 'ssh-agent' and 'ssh-keysign'. Older versions of OpenSSH may also install the 'ssh' binary as setuid. Please note that removing the setuid bit from ssh-keysign will disable hostbased authentication. Portable OpenSSH 3.6.1p2 uses the correct compiler flags to avoid the dangerous linker behavior. 5. Solution: For the problem to be solved, the AIX linker must be changed to only search system paths by default and never search the current directory or user-specified paths for set[ug]id programs. We consider this a serious flaw in IBM's linker, and urge them to fix it immediately. IBM, are you listening? 6. Credits: Thanks to Andreas Repp (IBM Deutschland GmbH) for bringing the issue to our attention. Darren Tucker contributed the fix. [1] http://oss.software.ibm.com/developerworks/projects/opensshi From djm at mindrot.org Wed Apr 30 13:39:49 2003 From: djm at mindrot.org (Damien Miller) Date: Wed, 30 Apr 2003 13:39:49 +1000 (EST) Subject: [openssh-unix-announce] Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) Message-ID: 1. Systems affected: Users of Portable OpenSSH prior to 3.6.1p2 on AIX are affected if OpenSSH was compiled using a non-AIX compiler (e.g. gcc). Please note that the IBM-supplied OpenSSH packages[1] are not vulnerable. 2. Description: The default behavior of the runtime linker on AIX is to search the current directory for dynamic libraries before searching system paths. This is done regardless of the executable's set[ug]id status. This behavior is insecure and extremely dangerous. It allows an attacker to locally escalate their privilege level through the use of replacement libraries. Portable OpenSSH includes configure logic to override this broken behavior, but only for the native compiler. gcc uses a different command-line option (without changing the dangerous default behavior). 3. Impact: Privilege escalation by local users. 4. Short-term workaround: Remove any set[ug]id bits from the installed binaries, usually 'ssh-agent' and 'ssh-keysign'. Older versions of OpenSSH may also install the 'ssh' binary as setuid. Please note that removing the setuid bit from ssh-keysign will disable hostbased authentication. Portable OpenSSH 3.6.1p2 uses the correct compiler flags to avoid the dangerous linker behavior. 5. Solution: For the problem to be solved, the AIX linker must be changed to only search system paths by default and never search the current directory or user-specified paths for set[ug]id programs. We consider this a serious flaw in IBM's linker, and urge them to fix it immediately. IBM, are you listening? 6. Credits: Thanks to Andreas Repp (IBM Deutschland GmbH) for bringing the issue to our attention. Darren Tucker contributed the fix. [1] http://oss.software.ibm.com/developerworks/projects/opensshi