• info
• discussion
• exploit
• solution
• references

OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability

Solution:
NetBSD Solution:

For NetBSD-current:

If you are using the in-tree sshd(8) in /usr/sbin/sshd, upgrade the binary using source code more recent than June 14, 2001. If you are using anonymous CVS, the following steps should upgrade the binaries.
# cd src
# cvs update -d -P crypto/dist/ssh usr.bin/ssh
# cd usr.bin/ssh
# make cleandir; make obj; make dependall
# make install

For NetBSD 1.5:

If you are using the in-tree sshd(8) in /usr/sbin/sshd, upgrade the binary using source code more recent than June 25, 2001. If you are using anonymous CVS, the following steps should upgrade the binaries.
# cd src
# cvs update -d -P -r netbsd-1-5 crypto/dist/ssh usr.bin/ssh
# cd usr.bin/ssh
# make cleandir; make obj; make dependall
# make install

NetBSD 1.5.1 is not vulnerable.


OpenBSD OpenSSH 2.1.1

• OpenBSD sshcookie patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/006_sshcookie.pat ch

OpenBSD OpenSSH 2.2 .0

• OpenBSD sshcookie patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/006_sshcookie.pat ch

OpenBSD OpenSSH 2.3.1

• OpenBSD sshcookie patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/006_sshcookie.pat ch

OpenBSD OpenSSH 2.5.2

• OpenBSD sshcookie patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/006_sshcookie.pat ch

OpenBSD OpenSSH 2.9

• OpenBSD sshcookie patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/006_sshcookie.pat ch

OpenBSD OpenSSH 2.9 p1

• Caldera eServer 2.3.1 openssh-2.9p2-3.i386.rpm
  ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS/openssh-2.9 p2-3.i386.rpm


• Caldera eServer 2.3.1 openssh-askpass-2.9p2-3.i386.rpm
  ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS/openssh-ask pass-2.9p2-3.i386.rpm


• Caldera eServer 2.3.1 openssh-server-2.9p2-3.i386.rpm
  ftp://ftp.caldera.com/pub/updates/eServer/2.3/current/RPMS/openssh-ser ver-2.9p2-3.i386.rpm


• Caldera OpenLinux 3.1 Server openssh-2.9p2-3.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/op enssh-2.9p2-3.i386.rpm


• Caldera OpenLinux 3.1 Server openssh-askpass-2.9p2-3.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/op enssh-askpass-2.9p2-3.i386.rpm


• Caldera OpenLinux 3.1 Server openssh-server-2.9p2-3.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS/op enssh-server-2.9p2-3.i386.rpm


• Caldera OpenLinux 3.1 Workstation openssh-2.9p2-3.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RP MS/openssh-2.9p2-3.i386.rpm


• Caldera OpenLinux 3.1 Workstation openssh-askpass-2.9p2-3.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RP MS/openssh-askpass-2.9p2-3.i386.rpm


• Caldera OpenLinux 3.1 Workstation openssh-server-2.9p2-3.i386.rpm
  ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RP MS/openssh-server-2.9p2-3.i386.rpm