Results 1 to 2 of 2

Thread: OpenSSH Vulnerability Issue

  1. #1
    Join Date
    Apr 2008
    Beans
    9

    OpenSSH Vulnerability Issue

    Hello All -


    During a security scan on one of my Ubuntu 10.04 servers, a vulnerability was reported. The report mentions that it is due to the version of OpenSSH(Ver 5.3) that comes with the above Ubuntu Server. The vulnerability details are given below


    Level: Critical

    OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.


    Questions
    ==========
    #1) I'm not sure if the vulnerability is applicable to the version I'm using, even though the scan has flagged it and recommended I upgrade to OpenSSH 5.9.

    #2) To test out the procedure, just in case my client insists, I did a test upgrade on one of my other servers. Below is the sequence of steps that I used, please kindly let me know if you see that I'm missing something.

    Code:
    sudo cp -r ~/.ssh ~/backup/
    
    cd /usr/local
    
    sudo wget http://ftp5.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-5.9p1.tar.gz
    
    ./configure --with-kerberos5 --with-md5-passwords 
    (No --with-pam)
    make
    
    make install
    The above sequence of steps upgraded my ssh server to 5.9. Not sure, if that is all I need or do I have to do anything else.

    Any replies or suggestions are much appreciated.

    Thanks,
    Sanjay.
    Last edited by sanjaymk; March 14th, 2012 at 04:18 AM.

  2. #2
    Join Date
    Mar 2012
    Beans
    1

    Re: OpenSSH Vulnerability Issue

    What did you use to run your security scan?

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •