Debian DSA-086-1 : ssh-nonfree - remote root exploit

critical Nessus Plugin ID 14923

Synopsis

The remote Debian host is missing a security-related update.

Description

We have received reports that the 'SSH CRC-32 compensation attack detector vulnerability' is being actively exploited. This is the same integer type error previously corrected for OpenSSH in DSA-027-1.
OpenSSH (the Debian ssh package) was fixed at that time, but ssh-nonfree and ssh-socks were not.

Though packages in the non-free section of the archive are not officially supported by the Debian project, we are taking the unusual step of releasing updated ssh-nonfree/ssh-socks packages for those users who have not yet migrated to OpenSSH. However, we do recommend that our users migrate to the regularly supported, DFSG-free 'ssh' package as soon as possible. ssh 1.2.3-9.3 is the OpenSSH package available in Debian 2.2r4.

The fixed ssh-nonfree/ssh-socks packages are available in version 1.2.27-6.2 for use with Debian 2.2 (potato) and version 1.2.27-8 for use with the Debian unstable/testing distribution. Note that the new ssh-nonfree/ssh-socks packages remove the setuid bit from the ssh binary, disabling rhosts-rsa authentication. If you need this functionality, run

chmod u+s /usr/bin/ssh1

after installing the new package.

Solution

Upgrade the affected ssh-nonfree, and ssh-socks packages.

See Also

http://www.debian.org/security/2001/dsa-086

Plugin Details

Severity: Critical

ID: 14923

File Name: debian_DSA-086.nasl

Version: 1.22

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:ssh-nonfree, p-cpe:/a:debian:debian_linux:ssh-socks, cpe:/o:debian:debian_linux:2.2

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/13/2001

Vulnerability Publication Date: 2/8/2001

Reference Information

CVE: CVE-2001-0144, CVE-2001-0361

CWE: 310

DSA: 086