SSH Communications SSH Server权限提升漏洞

漏洞信息详情

SSH Communications SSH Server权限提升漏洞

• CNNVD编号：CNNVD-200211-038
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2002-1644
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2002-11-25
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  ssh
• 漏洞来源：
  SSH Security Advis…

Secure Shell是一款由SSH Communications分发和维护的商业SSH实现。
Secure Shell Servers在非交互命令执行之后没有正确从主进程组删除子进程，远程攻击者可以利用这个漏洞发送误导消息给syslog和其他应用程序。
当使用非交互连接时，在处理SSH Secure Shell主进程组时没有正确处理子进程，如果非交互命令不带pty执行(包含运行命令和子系统)，子进程就会保留在主进程组中而不被删除。
在依靠getlogin()平台上的恶意用户利用这个漏洞至少可以发送误导消息给SYSLOG和其他应用程序(getlogin()调用会返回\”root\”)。
目前认为此漏洞不能用于提升到root用户权限，但是如果某一个setuid应用程序依靠getlogin()输出就可能存在root用户权限获得的可能。

厂商补丁：
SSH Communications Security
—————————
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

SSH Communications Security SSH2 2.0.13:

SSH Communications Security SSH2 2.1:

SSH Communications Security SSH2 2.2:

SSH Communications Security SSH2 2.3:

SSH Communications Security SSH2 2.4:

SSH Communications Security SSH2 2.5:

SSH Communications Security SSH2 3.0:

SSH Communications Security SSH2 3.0.1:

SSH Communications Security SSH2 3.1:

SSH Communications Security Upgrade ssh-3.1.5

http://ftp.ssh.com/priv/secureshell/h7cq89th/” target=”_blank”>
http://ftp.ssh.com/priv/secureshell/h7cq89th/

SSH Communications Security SSH2 3.1.1:

SSH Communications Security Upgrade ssh-3.1.5

http://ftp.ssh.com/priv/secureshell/h7cq89th/” target=”_blank”>
http://ftp.ssh.com/priv/secureshell/h7cq89th/

SSH Communications Security SSH2 3.1.2:

SSH Communications Security Upgrade ssh-3.1.5

http://ftp.ssh.com/priv/secureshell/h7cq89th/” target=”_blank”>
http://ftp.ssh.com/priv/secureshell/h7cq89th/

SSH Communications Security SSH2 3.1.3:

SSH Communications Security Upgrade ssh-3.1.5

http://ftp.ssh.com/priv/secureshell/h7cq89th/” target=”_blank”>
http://ftp.ssh.com/priv/secureshell/h7cq89th/

SSH Communications Security SSH2 3.1.4:

SSH Communications Security Upgrade ssh-3.1.5

http://ftp.ssh.com/priv/secureshell/h7cq89th/” target=”_blank”>
http://ftp.ssh.com/priv/secureshell/h7cq89th/

SSH Communications Security SSH2 3.2:

SSH Communications Security Upgrade ssh-3.2.2

http://ftp.ssh.com/priv/secureshell/6g3zslpk” target=”_blank”>
http://ftp.ssh.com/priv/secureshell/6g3zslpk

SSH Communications Security SSH2 3.2.1:

SSH Communications Security Upgrade ssh-3.2.2

http://ftp.ssh.com/priv/secureshell/6g3zslpk” target=”_blank”>
http://ftp.ssh.com/priv/secureshell/6g3zslpk

来源:US-CERT Vulnerability Note: VU#740619
名称: VU#740619
链接:http://www.kb.cert.org/vuls/id/740619

来源: www.ssh.com
链接:http://www.ssh.com/company/newsroom/article/286/

来源: BID
名称: 6247
链接:http://www.securityfocus.com/bid/6247

来源: XF
名称: ssh-setsid-privilege-elevation(10710)
链接:http://xforce.iss.net/xforce/xfdb/10710