网络通信 频道
IT168首页 > 网络通信 > 网络通信资讯 > 正文

OpenSSH缓存溢出漏洞

作者:ChinaITLab 编辑: IT168 2007-07-05 00:00
分享


  涉及程序:
  OpenSSH
  
  描述:
  OpenSSH缓存溢出漏洞
  
  详细:
  
    在OpenSSH的设置文件sshd_config中,如果把KerberosTgtPassing或
  AFSTokenPassing打开,那么程序就会出现缓存溢出。恶意攻击者可以利用此漏
  洞得到系统的特权。
  
  受影响系统
  ----------
  
  系统 软件包(包括此版本在内的旧版本)
  ---------------------------------------------------------------------
  OpenLinux 3.1.1 Server openssh-2.9p2-6.i386.rpm
  openssh-askpass-2.9p2-6.i386.rpm
  openssh-server-2.9p2-6.i386.rpm
  
  OpenLinux 3.1.1 Workstation openssh-2.9p2-6.i386.rpm
  openssh-askpass-2.9p2-6.i386.rpm
  
  OpenLinux 3.1 Server openssh-2.9p2-6.i386.rpm
  openssh-askpass-2.9p2-6.i386.rpm
  openssh-server-2.9p2-6.i386.rpm
  
  OpenLinux 3.1 Workstation openssh-2.9p2-6.i386.rpm
  openssh-askpass-2.9p2-6.i386.rpm
  
  
  补丁
  ----
  
  1. OpenLinux 3.1.1 Server
  -------------------------
  软件包位置: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS
  
  软件包(前面为MD5校验):
  f9a494af5e0e6a8eec419f8f94087f7e openssh-2.9p2-6.i386.rpm
  b9fcc6352bc4c65f63cda1b0caa2b89c openssh-askpass-2.9p2-6.i386.rpm
  ff4a5bc7e7b1d4fd3f79c647d11d9162 openssh-server-2.9p2-6.i386.rpm
  
  安装:
  rpm -Fvh openssh-2.9p2-6.i386.rpm
  rpm -Fvh openssh-askpass-2.9p2-6.i386.rpm
  rpm -Fvh openssh-server-2.9p2-6.i386.rpm
  
  源码位置:ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRP
  MS
  
  源码(前面为MD5校验):
  ab3e90f4e70fc3eecd7e456fa2c2a97e openssh-2.9p2-6.src.rpm
  
  2. OpenLinux 3.1.1 Workstation
  ------------------------------
  软件包位置: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/current
  /RPMS
  
  软件包(前面为MD5校验):
  3406e8a3e55b52b2eb3e7644327d783c openssh-2.9p2-6.i386.rpm
  e57817246b56ffdf0322be8afcec08ae openssh-askpass-2.9p2-6.i386.rpm
  
  安装:
  rpm -Fvh openssh-2.9p2-6.i386.rpm
  rpm -Fvh openssh-askpass-2.9p2-6.i386.rpm
  
  源码位置:ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/curren
  t/SRPMS
  
  源码(前面为MD5校验):
  fde335f6bce93b3a3bf3cc20d8231849 openssh-2.9p2-6.src.rpm
  
  3. OpenLinux 3.1 Server
  -----------------------
  软件包位置: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS
  
  软件包(前面为MD5校验):
  41f489ad60ed068a2a027589ca49e6ea openssh-2.9p2-6.i386.rpm
  c4b8c1e011708a9e8fa04d927387bde5 openssh-askpass-2.9p2-6.i386.rpm
  3bbb580c64ba83efaeefac20d891148f openssh-server-2.9p2-6.i386.rpm
  
  安装:
  rpm -Fvh openssh-2.9p2-6.i386.rpm
  rpm -Fvh openssh-askpass-2.9p2-6.i386.rpm
  rpm -Fvh openssh-server-2.9p2-6.i386.rpm
  
  源码位置:ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS
  
  源码(前面为MD5校验):
  1c30685cf106f5ee05ec201cd55044f8 openssh-2.9p2-6.src.rpm
  
  4. OpenLinux 3.1 Workstation
  ----------------------------
  软件包位置: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/R
  PMS
  
  软件包(前面为MD5校验):
  45502ddfa3d9bc67eefc2ec6a6bd992a openssh-2.9p2-6.i386.rpm
  c5bedc4946ee432f66255161ba61bbf5 openssh-askpass-2.9p2-6.i386.rpm
  
  安装:
  rpm -Fvh openssh-2.9p2-6.i386.rpm
  rpm -Fvh openssh-askpass-2.9p2-6.i386.rpm
  
  源码位置:ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/
  SRPMS
  
  源码(前面为MD5校验):
  5ddea2209f395da08ca715a128e5485a openssh-2.9p2-6.src.rpm
  
  
  解决方案:
  为OpenSSH升级为最新版本
  

0
相关文章
    盛拓传媒简介 关于IT168 广告服务 使用条款 投稿指南 联系我们
    北京盛拓优讯信息技术有限公司. 版权所有 中华人民共和国增值电信业务经营许可证 编号:京B2-20170206 北京市公安局海淀分局网监中心备案编号:11010802020118
    广播电视节目制作经营许可证:(京) 字第25315号 信息系统安全等级保护备案:11010813655-00001 京公网安备11010802020118号
    违法和不良信息举报电话 :010-58859066,18101376593,shengtuo20@it168.com