OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability

Solution:
NetBSD Solution:

For NetBSD-current:

If you are using the in-tree sshd(8) in /usr/sbin/sshd, upgrade the binary using source code more recent than June 14, 2001. If you are using anonymous CVS, the following steps should upgrade the binaries.
# cd src
# cvs update -d -P crypto/dist/ssh usr.bin/ssh
# cd usr.bin/ssh
# make cleandir; make obj; make dependall
# make install

For NetBSD 1.5:

If you are using the in-tree sshd(8) in /usr/sbin/sshd, upgrade the binary using source code more recent than June 25, 2001. If you are using anonymous CVS, the following steps should upgrade the binaries.
# cd src
# cvs update -d -P -r netbsd-1-5 crypto/dist/ssh usr.bin/ssh
# cd usr.bin/ssh
# make cleandir; make obj; make dependall
# make install

NetBSD 1.5.1 is not vulnerable.


OpenBSD OpenSSH 2.1.1

OpenBSD OpenSSH 2.2 .0

OpenBSD OpenSSH 2.3.1

OpenBSD OpenSSH 2.5.2

OpenBSD OpenSSH 2.9

OpenBSD OpenSSH 2.9 p1


 

Privacy Statement
Copyright 2010, SecurityFocus