SSH1 SSH Daemon Logging Failure Vulnerability

Solution:
Patch supplied by Jose Nazario <jose@crimelabs.net> :

--- ssh-1.2.30/sshd.c.orig Wed Jan 31 12:11:08 2001
+++ ssh-1.2.30/sshd.c Wed Jan 31 12:57:36 2001
@@ -2408,7 +2408,7 @@
remote_user_name = client_user;
break;
}
- debug("Rhosts authentication failed for '%.100s', remote '%.100s', host '%.200s'.",
+ log_msg("Rhosts authentication failed for '%.100s', remote '%.100s', host '%.200s'.",
user, client_user, get_canonical_hostname());
xfree(client_user);
break;
@@ -2469,7 +2469,7 @@
mpz_clear(&client_host_key_n);
break;
}
- debug("RhostsRSA authentication failed for '%.100s', remote '%.100s', host '%.200s'.",
+ log_msg("RhostsRSA authentication failed for '%.100s', remote '%.100s', host '%.200s'.",
user, client_user, get_canonical_hostname());
xfree(client_user);
mpz_clear(&client_host_key_e);
@@ -2500,7 +2500,7 @@
break;
}
mpz_clear(&n);
- debug("RSA authentication for %.100s failed.", user);
+ log_msg("RSA authentication for %.100s failed.", user);
}
break;

@@ -2633,7 +2633,7 @@
authenticated = 1;
break;
} else {
- debug("TIS authentication for %.100s failed",user);
+ log_msg("TIS authentication for %.100s failed",user);
memset(password, 0, strlen(password));
xfree(password);
break;
@@ -2672,7 +2672,7 @@
if (password_attempts > 0)
{
/* Log failures if attempted more than once. */
- debug("Password authentication failed for user %.100s from %.100s.",
+ log_msg("Password authentication failed for user %.100s from %.100s.",

user, get_canonical_hostname());
}
password_attempts++;
@@ -2693,7 +2693,7 @@
authenticated = 1;
break;
}
- debug("Password authentication for %.100s failed.", user);
+ log_msg("Password authentication for %.100s failed.", user);
memset(password, 0, strlen(password));
xfree(password);
break;


SSH Communications Security SSH 1.2.30


 

Privacy Statement
Copyright 2010, SecurityFocus