HP-UX Secure Shell A.04.30.014 and A.04.30.015 Release Notes, Nov 2006

HP-UX Secure Shell A04.30.014 and A.04.30.015

Defects Fixed in OpenSSH 4.3p2

Chapter12

Defects Fixed in OpenSSH 4.3p2

HP-UX Secure Shell Versions A.04.30.014 and A.04.30.015 are based on

OpenSSH 4.3p2. The defects fixed in OpenSSH 4.3p2 are also available

in HP-UX Secure Shell A.04.30.014 and A.04.30.015. Table 2 lists the

defects fixed in OpenSSH4.3p2.

Table 2 Defects Fixed in OpenSSH 4.3p2

Identifier Description

Bugzilla #1094 The scp command (similar to rcp) invokes a

subshell to perform local to local and remote to

remote copy operations. This subshell exposes file

names to shell expansion twice, thereby allowing a

local attacker to create file names containing shell

meta characters. If these meta characters are

matched by a wild card, attackers can execute their

commands that would run with the same privilege

as that of the user executing the scp command.

Bugzilla #1064 The ssh-keygen tool now generates an SSH-2

protocol RSA key when invoked without arguments.

Bugzilla #975 Fixed the timing difference between valid versus

invalid accounts while attempting Kerberos

authentication, thereby closing a potential point of

vulnerability.

Bugzilla #1028 In PAM-based authentication, when there are “n”

password prompts and when the final password

prompt fails, HP-UX Secure Shell exits without

generating an “authentication failed” message. In

addition, HP-UX Secure Shell does not forward the

final password failure message to the client.

Bugzilla #1076 Set SO_REUSEADDR on X11 listeners to avoid

problems caused by lingering messages on the same

port (caused by a previous instance of the same

listener daemon).

Bugzilla #1082 The Xauth list invocation has bogus "." argument.