SSH 1.2.27 Kerberos Ticket Cache Exposure Vulnerability

Bugtraq ID:	1426
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	Yes
Published:	Jul 05 2000 12:00AM
Updated:	Jul 05 2000 12:00AM
Credit:	This vulnerability was posted to the Bugtraq mailing list on July 5, 2000 by Richard E. Silverman <[email protected]>
Vulnerable:	SSH Communications Security SSH 1.2.27 - Debian Linux 2.2 sparc - Debian Linux 2.2 powerpc - Debian Linux 2.2 arm - Debian Linux 2.2 alpha - Debian Linux 2.2 68k - Debian Linux 2.2
Not Vulnerable:	SSH Communications Security SSH 1.2.30 - BSDI BSD/OS 4.0.1 - BSDI BSD/OS 4.0 - BSDI BSD/OS 3.1 - Caldera OpenLinux 2.4 - Debian Linux 2.2 - Digital (Compaq) TRU64/DIGITAL UNIX 5.0 - Digital (Compaq) TRU64/DIGITAL UNIX 4.0 g - FreeBSD FreeBSD 4.2 - FreeBSD FreeBSD 3.5.1 - HP HP-UX 11.11 - HP HP-UX 11.0 - HP HP-UX 10.20 - IBM AIX 4.3.3 - IBM AIX 4.3.2 - IBM AIX 4.3.1 - Mandriva Linux Mandrake 7.2 - Mandriva Linux Mandrake 7.1 - Mandriva Linux Mandrake 7.0 - OpenBSD OpenBSD 2.8 - Redhat Linux 7.0 - Redhat Linux 6.2 - SCO eDesktop 2.4 - SCO eServer 2.3.1 - Sun Solaris 2.5.1 - Sun Solaris 8_sparc - Sun Solaris 7.0 - Sun Solaris 2.6 - SuSE Linux 7.0 - SuSE Linux 6.4 SSH Communications Security SSH 1.2.29 SSH Communications Security SSH 1.2.28

SSH 1.2.27 Kerberos Ticket Cache Exposure Vulnerability

See discussion for exploit information.

SSH 1.2.27 Kerberos Ticket Cache Exposure Vulnerability

Solution:
This vulnerability is fixed in versions of SSH 1.2 after 1.2.27. At the time of writing, this includes 1.2.28, 1.2.29 and 1.2.30.


SSH Communications Security SSH 1.2.27

• SSH Communications ssh 1.2.30
  http://www.ssh.com