Security hole in ssh

Support knowledgebase (ssh_advis)

The program ssh-agent is vulnerable to security attacks on Unix platforms. This vulnerability affects all free versions of SSH up to version 1.2.21 as well as the commercial versions from F-Secure prior to version 1.3.3.

The vulnerabilty makes it possible for a local user to get access to the private RSA-Keys of another user using ssh-agent to manage his private keys. He can then use these keys to connect to other machines using the identity of the other user.

You can obtain an updated copy of the ssh package from our ftp-server: ftp://ftp.suse.com/pub/suse/i386/update/suse51/n1/ssh/ssh.rpm

The original CERT-Advisory can be obtained from the following URL: http://www.secnet.com/sni-advisories/sni-23.ssh.agent.advisory.html


Keywords: SSH, NETWORK

Categories: Network

SDB-ssh_advis, Copyright SuSE Linux AG, Nürnberg, Germany - Version: 23. Jul 2002 13:54:17
SuSE Linux AG - Last generated: 23. Jul 2002 13:54:17 by ro (sdb_gen 1.40.0)