search menu icon-carat-right cmu-wordmark

CERT Coordination Center

SSH Tectia Client and Server ssh-signer local privilege escalation

Vulnerability Note VU#921339

Original Release Date: 2008-01-08 | Last Revised: 2008-01-14

Overview

The SSH Communications Security Tectia Client and Server products are vulnerable to privilege escalation, which may allow a local user to gain root access.

Description

The SSH Tectia Client and Server products contain an unspecified privilege escalation vulnerability in ssh-signer. A local user may be able to obtain root access. According to SSH Communications Security:

AFFECTED PRODUCTS
* SSH Tectia client and SSH Tectia Server 5.0, 5.1, 5.2 and 5.3 up to 5.2.3 and 5.3.5 (all Linux and Unix)

NOT AFFECTED PRODUCTS
* 4.x or older SSH Tectia client/server solution versions are NOT affected.
* Any version of SSH Tectia client/server solution for IBM mainframes is NOT affected.
* Any version of SSH Tectia client/server solution for Windows is NOT affected.

Impact

A local user may be able to obtain root access.

Solution

Apply an update

This issue is addressed in SSH Tectia Client/Server solution 5.2.4 and 5.3.6.


Remove ssh-signer

This vulnerability can be mitigated by removing the ssh-signer binary, which is located in /opt/tectia/libexec/. Note that this will disable host-based authentication of the SSH Tectia Client. This will have no adverse effect on SSH Tectia Server.

Vendor Information

921339
 

SSH Communications Security Corp Affected

Updated:  January 08, 2008

Status

Affected

Vendor Statement

Immediate work-around is to remove the ssh-signer binary which is located in /opt/tectia/libexec/.

Note that this will disable host-based authentication of the SSH Tectia Client.
This has no adverse effect on SSH Tectia Server installation.
You can also update your system to SSH Tectia client/server solution 5.2.4 or 5.3.6, which will fix the vulnerability.
Once the update has been made, you can safely use the product again.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Tuomas Siren for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

CVE IDs: CVE-2007-5616
Severity Metric: 2.25
Date Public: 2008-01-08
Date First Published: 2008-01-08
Date Last Updated: 2008-01-14 14:53 UTC
Document Revision: 6

Sponsored by CISA.