January 9, 2008
Security Advisory: Local Privilege Vulnerability
CERT reference number VU#921339
http://www.kb.cert.org/vuls/id/921339
In our ongoing internal quality assurance which is constantly done also for generally available releases, we have found an issue related to SSH Tectia client/server solution 5.0.0 and later. This issue can create a vulnerability in systems that have an SSH Tectia Client or SSH Tectia Server package installed on Unix/Linux.
DESCRIPTION
A malicious local user can cause a local privilege escalation by exploiting a vulnerability in a software component. The potential exploit requires local shell access. This is NOT exploitable remotely.
AFFECTED PRODUCTS
PRODUCTS NOT AFFECTED
FIX / WORK-AROUND
An immediate work-around is to remove the ssh-signer binary, which is located in opt/tectia/libexec/. Note that this will disable host-based authentication of SSH Tectia Client. This has no adverse effects on the SSH Tectia Server installation.
You can also update your system to SSH Tectia client/server solution 5.2.4 or 5.3.7, which will fix the vulnerability. Once the update has been made, you can safely use the product again. (Please note that version 5.3.6 did include the fix for this vulnerability.)
UPDATING SSH TECTIA CLIENT AND SSH TECTIA SERVER
If you are a Maintenance Customer, you can download the installation packages from SSH Customer Download Center at https://downloads.ssh.com. The products provided here include valid license files.
Alternatively, if you have a valid SSH Tectia client/server solution 5.2 or 5.3 license file already, you can get the update package (without the license files) for this product from http://www.ssh.com/support/downloads/ which does not require any username or password for downloading.
SSH Communications Security apologizes for any inconvenience that this vulnerability may have caused. We take security of the systems of our customers very seriously and do our utmost to provide secure software with minimum defects. We strongly urge all customers to consider the implications of this vulnerability carefully and to make an educated decision on whether or not to update.
Shiho Hashimoto
SSH Communications Security Corp.
Tel: +358 20 500 7470
E-mail:
http://www.kb.cert.org/vuls/id/921339
In our ongoing internal quality assurance which is constantly done also for generally available releases, we have found an issue related to SSH Tectia client/server solution 5.0.0 and later. This issue can create a vulnerability in systems that have an SSH Tectia Client or SSH Tectia Server package installed on Unix/Linux.
DESCRIPTION
A malicious local user can cause a local privilege escalation by exploiting a vulnerability in a software component. The potential exploit requires local shell access. This is NOT exploitable remotely.
AFFECTED PRODUCTS
- SSH Tectia Client and SSH Tectia Server 5.0.x and 5.1.x (all versions for Linux and Unix)
- SSH Tectia Client and SSH Tectia Server 5.2.0 - 5.2.3 (all versions for Linux and Unix)
- SSH Tectia Client and SSH Tectia Server 5.3.0 - 5.3.5 (all versions for Linux and Unix)
PRODUCTS NOT AFFECTED
- 4.x or older SSH Tectia client/server solution versions are NOT affected.
- Any version of SSH Tectia client/server solution for IBM mainframes is NOT affected.
- Any version of SSH Tectia client/server solution for Windows is NOT affected.
FIX / WORK-AROUND
An immediate work-around is to remove the ssh-signer binary, which is located in opt/tectia/libexec/. Note that this will disable host-based authentication of SSH Tectia Client. This has no adverse effects on the SSH Tectia Server installation.
You can also update your system to SSH Tectia client/server solution 5.2.4 or 5.3.7, which will fix the vulnerability. Once the update has been made, you can safely use the product again. (Please note that version 5.3.6 did include the fix for this vulnerability.)
UPDATING SSH TECTIA CLIENT AND SSH TECTIA SERVER
If you are a Maintenance Customer, you can download the installation packages from SSH Customer Download Center at https://downloads.ssh.com. The products provided here include valid license files.
Alternatively, if you have a valid SSH Tectia client/server solution 5.2 or 5.3 license file already, you can get the update package (without the license files) for this product from http://www.ssh.com/support/downloads/ which does not require any username or password for downloading.
SSH Communications Security apologizes for any inconvenience that this vulnerability may have caused. We take security of the systems of our customers very seriously and do our utmost to provide secure software with minimum defects. We strongly urge all customers to consider the implications of this vulnerability carefully and to make an educated decision on whether or not to update.
SSH Corp. Contact
George Adams
SSH Communications Security Corp.
Tel: +1 781 247 2100
E-mail: 
Americas Contact
Byron Rashed
SSH Communications Security, Inc.
Tel: +1 650 251 2721
E-mail: 
Europe Contact
Bo Sorensen
SSH Communications Security Corp.
Tel: +358 20 500 7404
E-mail: 
Investor Relations
Mika Peuranen
SSH Communications Security Corp.
Tel: +358 20 500 7419
E-mail: 
U.S. Agency Contact
Cheryl Taylor
Walt & Company
Tel: +1 408 496 0900 x 2981
E-mail: 
Shiho Hashimoto
SSH Communications Security Corp.
Tel: +358 20 500 7470
E-mail: