AIX OpenSSH Vulnerability : openssh_advisory4.asc
Medium Nessus Plugin ID 76168
SynopsisThe remote AIX host has a vulnerable version of OpenSSH.
DescriptionThe version of OpenSSH running on the remote host is affected by multiple security bypass vulnerabilities :
- sshd in OpenSSH versions before 6.6 do not properly support wildcards on AcceptEnv lines in sshd_config, which allow a remote attacker to bypass intended environment restrictions by using a substring located before a wildcard character. (CVE-2014-2532)
- The verify_host_key function in sshconnect.c in the OpenSSH client for versions 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS checking by presenting an unacceptable HostCertificate.
SolutionA fix is available and can be downloaded from the AIX website.
To extract the fixes from the tar file :
zcat OpenSSH_188.8.131.5207.tar.Z | tar xvf -
IMPORTANT : If possible, it is recommended that an mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.
To preview the fix installation :
installp -apYd . OpenSSH_184.108.40.20607
To install the fix package :
installp -aXYd . OpenSSH_220.127.116.1107