openssh-5.3p1-122.AXS4
エラータID: AXSA:2017-1374:01
リリース日:
2017/03/22 Wednesday - 23:13
題名:
openssh-5.3p1-122.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- OpenSSH の sshd の session.c の do_setup_env 関数は,UseLogin 機
能が有効,かつユーザのホームディレクトリの .pam_environment ファイル
を読み込むように PAM が設定されている場合,/bin/login プログラムの巧
妙に細工された環境によって,ローカルのユーザが権限を得る脆弱性があり
ます。(CVE-2015-8325)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2015-8325
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
追加情報:
N/A
ダウンロード:
SRPMS
- openssh-5.3p1-122.AXS4.src.rpm
MD5: 86498ac2e2964011e72c04392af8e771
SHA-256: 176501412d2ae496313e9703f8fe7650486cc3d09bd925f69495a12c8c9f5221
Size: 1.47 MB
Asianux Server 4 for x86
- openssh-5.3p1-122.AXS4.i686.rpm
MD5: 65bf206c730be06e98af79cb97b50f09
SHA-256: 596a6ce4b42d9bf13a06deb95da1750f8011dca983b7cb8d8aa2df6d0e664d32
Size: 278.89 kB - openssh-askpass-5.3p1-122.AXS4.i686.rpm
MD5: c8af516669bbac67ce95d545c788091f
SHA-256: b96b9ea7a96f321a97427d5238d9a43cb977dd12f16e3131fd581e824735491f
Size: 60.40 kB - openssh-clients-5.3p1-122.AXS4.i686.rpm
MD5: 7d1aa54d34b930eccced95a47b2f1e28
SHA-256: 6f010dba580e2dc4021d9ed9bcd30aff8e057919c7eafc7823075ddca9d02ebc
Size: 449.59 kB - openssh-server-5.3p1-122.AXS4.i686.rpm
MD5: 2f3fda2b386dc83785b26efbbfece577
SHA-256: 485f94c39edc553a399cc3329061819bb172a0d11e35da294236c7c1f3d1f23f
Size: 327.04 kB
Asianux Server 4 for x86_64
- openssh-5.3p1-122.AXS4.x86_64.rpm
MD5: dca1fc06e62f665ebb0b19ae67f07f61
SHA-256: 70973c74f3fd23a475d21543747bbe5d4a43004e6c1e36be7d25896855f7bd7b
Size: 276.41 kB - openssh-askpass-5.3p1-122.AXS4.x86_64.rpm
MD5: 947481c7633345118f968553f4f6cf07
SHA-256: 099f2762f4efbf75405384a20ec76117d69ed3d9ef42f1137fc2a8c2994c1517
Size: 60.13 kB - openssh-clients-5.3p1-122.AXS4.x86_64.rpm
MD5: eaea28b250d5b2fdfd1852cbd0ae4ece
SHA-256: 83459cd22a3c5ec93c29b4fc017c749ac99e58778a9d7151f842c7a01984cc89
Size: 442.52 kB - openssh-server-5.3p1-122.AXS4.x86_64.rpm
MD5: 2b7e8ee4b8cf992a8a0eb8e92ecfe93a
SHA-256: 87c9ced2842a087fc41d2379d3b1a3eaa399938c6ee401016ac6e1902c253f34
Size: 327.84 kB