Your message dated Mon, 24 Dec 2007 17:17:03 +0000 with message-id <E1J6qvH-0004wW-QK@ries.debian.org> and subject line Bug#444738: fixed in openssh 1:4.7p1-1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: CVE-2007-4752 privilege escalation
- From: Nico Golde <nion@debian.org>
- Date: Sun, 30 Sep 2007 18:48:14 +0200
- Message-id: <20070930164814.GA17266@ngolde.de>Package: openssh Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for openssh. CVE-2007-4752[0]: | ssh in OpenSSH before 4.7 does not properly handle when an untrusted | cookie cannot be created and uses a trusted X11 cookie instead, which | allows attackers to violate intended policy and gain privileges by | causing an X client to be treated as trusted. If you fix this vulnerability please also include the CVE id in your changelog entry. As far as I can see the fix for this issue is: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/clientloop.c.diff?r1=1.180&r2=1.181 For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752 Kind regards Nico -- Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment: pgp8qtDkSQfXT.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 444738-close@bugs.debian.org
- Subject: Bug#444738: fixed in openssh 1:4.7p1-1
- From: Colin Watson <cjwatson@debian.org>
- Date: Mon, 24 Dec 2007 17:17:03 +0000
- Message-id: <E1J6qvH-0004wW-QK@ries.debian.org>
Source: openssh Source-Version: 1:4.7p1-1 We believe that the bug you reported is fixed in the latest version of openssh, which is due to be installed in the Debian FTP archive: openssh-client-udeb_4.7p1-1_i386.udeb to pool/main/o/openssh/openssh-client-udeb_4.7p1-1_i386.udeb openssh-client_4.7p1-1_i386.deb to pool/main/o/openssh/openssh-client_4.7p1-1_i386.deb openssh-server-udeb_4.7p1-1_i386.udeb to pool/main/o/openssh/openssh-server-udeb_4.7p1-1_i386.udeb openssh-server_4.7p1-1_i386.deb to pool/main/o/openssh/openssh-server_4.7p1-1_i386.deb openssh_4.7p1-1.diff.gz to pool/main/o/openssh/openssh_4.7p1-1.diff.gz openssh_4.7p1-1.dsc to pool/main/o/openssh/openssh_4.7p1-1.dsc openssh_4.7p1.orig.tar.gz to pool/main/o/openssh/openssh_4.7p1.orig.tar.gz ssh-askpass-gnome_4.7p1-1_i386.deb to pool/main/o/openssh/ssh-askpass-gnome_4.7p1-1_i386.deb ssh-krb5_4.7p1-1_all.deb to pool/main/o/openssh/ssh-krb5_4.7p1-1_all.deb ssh_4.7p1-1_all.deb to pool/main/o/openssh/ssh_4.7p1-1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 444738@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Colin Watson <cjwatson@debian.org> (supplier of updated openssh package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 24 Dec 2007 16:43:02 +0000 Source: openssh Binary: ssh-askpass-gnome ssh-krb5 openssh-client-udeb ssh openssh-server openssh-client openssh-server-udeb Architecture: source i386 all Version: 1:4.7p1-1 Distribution: unstable Urgency: low Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> Changed-By: Colin Watson <cjwatson@debian.org> Description: openssh-client - secure shell client, an rlogin/rsh/rcp replacement openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell server, an rshd replacement openssh-server-udeb - secure shell server for the Debian installer (udeb) ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Closes: 123013 246774 303453 327886 345628 365541 390699 405041 433181 444738 453285 453367 Changes: openssh (1:4.7p1-1) unstable; urgency=low . * New upstream release (closes: #453367). - CVE-2007-4752: Prevent ssh(1) from using a trusted X11 cookie if creation of an untrusted cookie fails; found and fixed by Jan Pechanec (closes: #444738). - sshd(8) in new installations defaults to SSH Protocol 2 only. Existing installations are unchanged. - The SSH channel window size has been increased, and both ssh(1) sshd(8) now send window updates more aggressively. These improves performance on high-BDP (Bandwidth Delay Product) networks. - ssh(1) and sshd(8) now preserve MAC contexts between packets, which saves 2 hash calls per packet and results in 12-16% speedup for arcfour256/hmac-md5. - A new MAC algorithm has been added, UMAC-64 (RFC4418) as "umac-64@openssh.com". UMAC-64 has been measured to be approximately 20% faster than HMAC-MD5. - Failure to establish a ssh(1) TunnelForward is now treated as a fatal error when the ExitOnForwardFailure option is set. - ssh(1) returns a sensible exit status if the control master goes away without passing the full exit status. - When using a ProxyCommand in ssh(1), set the outgoing hostname with gethostname(2), allowing hostbased authentication to work. - Make scp(1) skip FIFOs rather than hanging (closes: #246774). - Encode non-printing characters in scp(1) filenames. These could cause copies to be aborted with a "protocol error". - Handle SIGINT in sshd(8) privilege separation child process to ensure that wtmp and lastlog records are correctly updated. - Report GSSAPI mechanism in errors, for libraries that support multiple mechanisms. - Improve documentation for ssh-add(1)'s -d option. - Rearrange and tidy GSSAPI code, removing server-only code being linked into the client. - Delay execution of ssh(1)'s LocalCommand until after all forwardings have been established. - In scp(1), do not truncate non-regular files. - Improve exit message from ControlMaster clients. - Prevent sftp-server(8) from reading until it runs out of buffer space, whereupon it would exit with a fatal error (closes: #365541). - pam_end() was not being called if authentication failed (closes: #405041). - Manual page datestamps updated (closes: #433181). * Install the OpenSSH FAQ in /usr/share/doc/openssh-client. - Includes documentation on copying files with colons using scp (closes: #303453). * Create /var/run/sshd on start even if /etc/ssh/sshd_not_to_be_run exists (closes: #453285). * Fix "overriden" typo in ssh(1) (thanks, A. Costa; closes: #390699). * Refactor debian/rules configure and make invocations to make development easier. * Remove the hideously old /etc/ssh/primes on upgrade (closes: #123013). * Update moduli(5) to revision 1.11 from OpenBSD CVS. * Document the non-default options we set as standard in ssh_config(5) and sshd_config(5) (closes: #327886, #345628). * Recode LICENCE to UTF-8 when concatenating it to debian/copyright. * Override desktop-file-but-no-dh_desktop-call lintian warning; the .desktop file is intentionally not installed (see 1:3.8.1p1-10). * Update copyright dates for Kerberos patch in debian/copyright.head. * Policy version 3.7.3: no changes required. Files: e4be8bf0d8eeb50aced09e83b971ee1b 1132 net standard openssh_4.7p1-1.dsc bea83d2e0f9ac7b3d4393d693e68b5c1 1009361 net standard openssh_4.7p1.orig.tar.gz 8dbea4ef533097fe69f373be3391884e 201822 net standard openssh_4.7p1-1.diff.gz 05d181f3d6ded8352216fd2c5334f5a1 1044 net extra ssh_4.7p1-1_all.deb c0b77420c1144e9c546b89522dbad3a7 86892 net extra ssh-krb5_4.7p1-1_all.deb 9681446b5860a92b931f48b33c2bde09 661682 net standard openssh-client_4.7p1-1_i386.deb 04c0b2d9d2c6658fa91ba5cc2208f1fe 244302 net optional openssh-server_4.7p1-1_i386.deb 150374216e2494558e6657bf11474e4e 94468 gnome optional ssh-askpass-gnome_4.7p1-1_i386.deb 2ddb6b74912130c019f6874d9fda20e6 158566 debian-installer optional openssh-client-udeb_4.7p1-1_i386.udeb 56e6ed3cdd943b9dac92830004a82d8f 169090 debian-installer optional openssh-server-udeb_4.7p1-1_i386.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Colin Watson <cjwatson@debian.org> -- Debian developer iD8DBQFHb+Vx9t0zAhD6TNERAvdSAJ9pCqLCB8vG2v0gIO/PClsJWlJp/QCdGs4U IKqTDQgKydVQv435xVHnYD8= =k6Bk -----END PGP SIGNATURE-----
--- End Message ---