Note: This is an archival copy of Security Sun Alert 201922 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001423.1.
Sun Cobalt RaQ 550 Server
Date of Workaround Release
Date of Resolved Release
The vulnerability in OpenSSH could lead to a remote root compromise or a denial of service. It may result in system integrity being compromised and may require reinstallation or restoration of the system.
This issue is described in the CERT Vulnerability VU#369347 (see http://www.kb.cert.org/vuls/id/369347) which is referenced in CERT advisory CA-2002-18 (see http://www.cert.org/advisories/CA-2002-18.html).
Note: This CERT advisory also impacts the Secure Shell shipped with Solaris 9. Please see Sun Alert Notification 45525 for details.
This issue can occur in the following releases:
Sun Cobalt RaQ 550 is implemented only on x86 systems, under Linux.
OpenSSH is the tool of choice for secure remote command line management and secure port forwarding. OpenSSH is a free version of the SSH (Secure Shell) communications suite and is used as a secure replacement for protocols such as "telnet", "rlogin", "rsh", and "FTP". It operates by establishing an encrypted channel between the client and server hosts. Several options are included to enhance security. Among these options is the use of "challenge-response" technology which causes the client to respond to the challenge with several responses. The vulnerability lies in this mechanism. By sending specially crafted responses to the server's challenge, a Denial of Service or, possibly, a root compromise can occur.
The inability to login to the RaQ 550 through an SSH client could indicate that a denial of service is in progress.
Unmatched root logins in the /var/log/secure log file could indicate a root compromise.
The workaround is to disable the "ChallengeResponseAuthentication" parameter within the OpenSSH daemon configuration file, "/etc/ssh/sshd_config" by setting it to "no", as below :
The "sshd" process must be restarted for this change to take effect. This can be done by executing the following command, as root :
# /etc/rc.d/init.d/sshd restart
This issue is addressed in the following releases:
Note: The above patch depends on another patch located at http://ftp.cobalt.sun.com/pub/packages/raq550/all/RaQ550-All-Security-0.0.1-15674.pkg.
This solution has no attachment