SuSE Support Database

Title: Security hole in ssh

---

Mainpage ---- Searchform ---- History ---- Versions ---- Categories ---- Contents
Deutsch
---

Security hole in ssh

The program ssh-agent is vulnerable to security attacks on Unix platforms. This vulnerability affects all free versions of SSH up to version 1.2.21 as well as the commercial versions from F-Secure prior to version 1.3.3.

The vulnerabilty makes it possible for a local user to get access to the private RSA-Keys of another user using ssh-agent to manage his private keys. He can then use these keys to connect to other machines using the identity of the other user.

You can obtain an updated copy of the ssh package from our ftp-server: ftp://ftp.suse.com/pub/suse_update/suse51/n1/ssh/ssh.rpm

The original CERT-Advisory can be obtained from the following URL: http://www.secnet.com/sni-advisories/sni-23.ssh.agent.advisory.html

---

Keywords: SSH, NETWORK

---

Categories: Network

---

Mainpage ---- Searchform ---- History ---- Versions ---- Categories ---- Contents
Deutsch
---

SDB-ssh_advis, Copyright SuSE GmbH, Nuremberg, Germany - Version:
Impressum - Last generated: 24. Feb 1999 15:24:40 by maddin with sdb_gen 1.00.0