AIX OpenSSH Vulnerability : openssh_advisory3.asc
Medium Nessus Plugin ID 73308
SynopsisThe remote AIX host is running a vulnerable version of OpenSSH.
DescriptionThe mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.
SolutionA fix is available, and it can be downloaded from the AIX website.
To extract the fixes from the tar file :
zcat OpenSSH_188.8.131.5204.tar.Z | tar xvf -
IMPORTANT : If possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.
To preview the fix installation :
installp -apYd . OpenSSH_184.108.40.20604
To install the fix package :
installp -aXYd . OpenSSH_220.127.116.1104