Debian Security Advisory DSA 134-1 (ssh)

Published: 2008-01-17 21:24:46
CVE Author: NIST National Vulnerability Database

CVSS Base Vector:


Technical Details:
Theo de Raadt announced that the OpenBSD team is working with ISS on a remote exploit for OpenSSH (a free implementation of the Secure SHell protocol). They are refusing to provide any details on the vulnerability but instead are advising everyone to upgrade to the latest release, version 3.3. This version was released 3 days ago and introduced a new feature to reduce the effect of exploits in the network handling code called privilege separation. Unfortunately this release has a few known problems: compression does not work on all operating systems since the code relies on specific mmap features, and the PAM support has not been completed. There may be other problems as well. The new privilege separation support from Niels Provos changes ssh to use a separate non-privileged process to handle most of the work. This means any vulnerability in this part of OpenSSH can never lead to a root compromise but only to access to a separate account restricted to a chroot. Theo made it very clear this new version does not fix the vulnerability, instead by using the new privilege separation code it merely reduces the risk since the attacker can only gain access to a special account restricted in a chroot. Since details of the problem have not been released we were forced to move to the latest release of OpenSSH portable, version 3.3p1. Due to the short time frame we have had we have not been able to update the ssh Linux Distribution Package for Debian GNU/Linux 2.2 / potato yet. Packages for the upcoming 3.0 release (woody) are available for most architectures. Please note that we have not had the time to do proper QA on these Linux Distribution Packages they might contain bugs or break things unexpectedly. If you notice any such problems please file a bug-report so we can investigate. This Linux Distribution Package introduce a new account called `sshd' that is used in the privilege separation code. If no sshd account exists the Linux Distribution Package will try to create one. If the account already exists it will be re-used. If you do not want this to happen you will have to fix this manually.

The remote host is missing an update to ssh announced via advisory DSA 134-1.

Detection Type:
Linux Distribution Package

Solution Type:
Vendor Patch

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

CVSS Score
Debian Local Security Checks

Free Vulnerability Scanning, Assessment and Management

Mageni's Platform is packed with all the features you need to scan, assess and manage vulnerabilities like this - it is free, open source, lightning fast, reliable and scalable.


Frequently Asked Questions

No, you can scan concurrently as many assets as you want. Please note that you must be aware of the hardware requeriments of the platform to ensure a good performance.

No, you can add as many assest as you want. It doesn't matters if you have millions of assets, we won't charge you for that.

No. The software is completely free. We have no intention to charge you to use the software, in fact - it completely goes against our beliefs and business model.

A vulnerability is defined in the ISO 27002 standard as “A weakness of an asset or group of assets that can be exploited by one or more threats” (International Organization for Standardization, 2005)

We generate revenue by providing support and other services for customers that require a subscription so they get guaranteed support and enterprise services. To use Mageni's Platform is completely free, with no limits at all.

Yes. Mageni understands that there are professionals and businesses that need commercial support so Mageni provides an active support subscription with everything needed to run Mageni's Platform reliably and securely. More than software, it's access to security experts, knowledge resources, security updates, and support tools you can't get anywhere else. The subscription includes:

  • Ongoing delivery
    • Patches
    • Bug fixes
    • Updates
    • Upgrades
  • Technical support
    • 24/7 availability
    • Unlimited Incidents
    • Specialty-based routing
    • Multi-Channel
  • Commitments
    • Software certifications
    • Software assurance
    • SLA

No, we don't store the information of your vulnerabilities in our servers.

Vulnerability management is the process in which vulnerabilities in IT are identified and the risks of these vulnerabilities are evaluated. This evaluation leads to correcting the vulnerabilities and removing the risk or a formal risk acceptance by the management of an organization. The term vulnerability management is often confused with vulnerability scanning. Despite the fact both are related, there is an important difference between the two. Vulnerability scanning consists of using a computer program to identify vulnerabilities in networks, computer infrastructure or applications. Vulnerability management is the process surrounding vulnerability scanning, also taking into account other aspects such as risk acceptance, remediation etc. Source: "Implementing a Vulnerability Management Process". SANS Institute.

I am ready to start scanning for vulnerabilities