HP-UX Secure Shell A.04.30.006 and A.04.30.007 Release Notes

HP-UX Secure Shell A.04.30.006 and A.04.30.007

Defects Fixed in OpenSSH4.3p2

Chapter11

Defects Fixed in OpenSSH4.3p2

HP-UX Secure Shell Versions A.04.30.006 and A.04.30.007 are based on

OpenSSH4.3p2. The defects fixed in OpenSSH4.3p2 are also available in

HP-UX Secure Shell A.04.30.006 and A.04.30.007. Table 2 lists the

defects fixed in OpenSSH4.3p2.

Table 2 Defect Fixes in HP-UX Secure Shell A.04.03.006 and A.04.30.007

Identifier Description

Bugzilla #1094 The scp command (similar to rcp) invokes a

subshell to perform local to local and remote

to remote copy operations. This subshell

exposes file names to shell expansion twice,

thereby allowing a local attacker to create

file names containing shell meta characters.

If these meta characters are matched by a

wild card, attackers can execute their

commands that would run with the same

privilege as that of the user executing the

scp command.

Bugzilla #1064 The ssh-keygen now generates an SSH-2

protocol RSA key when invoked without

arguments.

Bugzilla #975 Fixed the timing difference between valid

versus invalid accounts while attempting

Kerberos authentication, thereby closing a

potential point of vulnerability.

Bugzilla #1028 In PAM-based authentication, when there

are “n” password prompts and when the

final password prompt fails, HP-UX Secure

Shell exits without generating an

“authentication failed” message. In addition,

HP-UX Secure Shell does not forward the

final password failure message to the client.