-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IBM SECURITY ADVISORY First Issued: Wed May 21 11:27:51 CDT 2008 =============================================================================== VULNERABILITY SUMMARY VULNERABILITY: AIX OpenSSH multiple vulnerabilities PLATFORMS: AIX 5.2, 5.3, 6.1 SOLUTION: Apply the fix as described below. THREAT: See below CERT VU Number: n/a CVE Numbers: CVE-2008-1657 CVE-2008-1483 =============================================================================== DETAILED INFORMATION I. DESCRIPTION CVE-2008-1483: OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs. CVE-2008-1657: OpenSSH before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file. II. PLATFORM VULNERABILITY ASSESSMENT To determine if your system is vulnerable, execute the following command: lslpp -L openssh.base.server The following fileset levels are vulnerable: AIX 6.1: all versions less than 4.7.0.5301 AIX 5.3: all versions less than 4.7.0.5301 AIX 5.2: all versions less than 4.7.0.5201 III. FIXES A fix is available, and it can be downloaded from: AIX 5.2: http://downloads.sourceforge.net/openssh-aix/openssh-4.7_5201.tar.Z AIX 5.3: http://downloads.sourceforge.net/openssh-aix/openssh-4.7_5301.tar.Z AIX 6.1: http://downloads.sourceforge.net/openssh-aix/openssh-4.7_5301aix61.tar.Z IV. WORKAROUNDS There are no workarounds. V. CONTACT INFORMATION If you would like to receive AIX Security Advisories via email, please visit: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd Comments regarding the content of this announcement can be directed to: security-alert@austin.ibm.com To request the PGP public key that can be used to communicate securely with the AIX Security Team you can either: A. Send an email with "get key" in the subject line to: security-alert@austin.ibm.com B. Download the key from a PGP Public Key Server. The key ID is: 0xADA6EB4D Please contact your local IBM AIX support center for any assistance. eServer is a trademark of International Business Machines Corporation. IBM, AIX and pSeries are registered trademarks of International Business Machines Corporation. All other trademarks are property of their respective holders. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (AIX) iD8DBQFINFL9P9Qud62m600RAs7LAJ900av+ZmOGM4nmecQ2K8ka4UI7TQCfTIcj VyhoKJrbwhRpVAuM7t2OGR8= =Q3YI -----END PGP SIGNATURE-----