OpenSSH Private Key Authentication Check Vulnerability
BID:2356
Info
OpenSSH Private Key Authentication Check Vulnerability
| Bugtraq ID: | 2356 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 08 2001 12:00AM |
| Updated: | Feb 08 2001 12:00AM |
| Credit: | This vulnerability was announced to Bugtraq in an OpenBSD Security Advisory on February 8, 2001. |
| Vulnerable: |
OpenBSD OpenSSH 2.3.1 |
| Not Vulnerable: | |
Discussion
OpenSSH Private Key Authentication Check Vulnerability
OpenSSH is a freely available, open source implementation of the SSH protocol. It is actively developed and maintained by the OpenSSH project.
A problem with the implementation of the software could allow users unauthorized local access. The problem affects the 2.3.1 software between the dates of January 18, 2001, and Febuary 8, 2001. The software can be configured to allow remote connection and authentication solely on the basis of public keys. However, the code that performs this action has been omitted, leaving the check for possession of the client private key unperformed. The user is automatically granted access when the check for the public key returns true.
This makes it possible for a malicious user to gain local access to a system which allows or relies entirely upon public keys for authentication. It also opens the potential for remote users to gain elevated privileges locally.
OpenSSH is a freely available, open source implementation of the SSH protocol. It is actively developed and maintained by the OpenSSH project.
A problem with the implementation of the software could allow users unauthorized local access. The problem affects the 2.3.1 software between the dates of January 18, 2001, and Febuary 8, 2001. The software can be configured to allow remote connection and authentication solely on the basis of public keys. However, the code that performs this action has been omitted, leaving the check for possession of the client private key unperformed. The user is automatically granted access when the check for the public key returns true.
This makes it possible for a malicious user to gain local access to a system which allows or relies entirely upon public keys for authentication. It also opens the potential for remote users to gain elevated privileges locally.
Exploit / POC
OpenSSH Private Key Authentication Check Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
OpenSSH Private Key Authentication Check Vulnerability
Solution:
Upgrade available:
OpenBSD OpenSSH 2.3.1
Solution:
Upgrade available:
OpenBSD OpenSSH 2.3.1
-
OpenBSD OpenSSH 2.3.2
http://www.openssh.com/
References
OpenSSH Private Key Authentication Check Vulnerability
References:
References: