首页 -> 安全研究

安全研究

绿盟月刊
绿盟安全月刊->第29期->最新漏洞
期刊号: 类型: 关键词:
OpenSSH  'Channel'代码实现off-by-one漏洞

日期:2002-03-18

更新日期: 2002-3-8
受影响的系统:  
OpenSSH OpenSSH 3.0.2
OpenSSH OpenSSH 2.9p2
OpenSSH OpenSSH 2.9p1
OpenSSH OpenSSH 2.9.9
OpenSSH OpenSSH 2.9
OpenSSH OpenSSH 2.5.2
OpenSSH OpenSSH 2.5.1
OpenSSH OpenSSH 2.5
OpenSSH OpenSSH 2.3
OpenSSH OpenSSH 2.2
OpenSSH OpenSSH 2.1.1
OpenSSH OpenSSH 2.1
OpenSSH OpenSSH 2.0

不受影响系统:  
OpenSSH OpenSSH 3.1

描述:
--------------------------------------------------------------------------


BUGTRAQ  ID: 4241
CVE(CAN) ID: CAN-2002-0083

OpenSSH是一个对SSH协议开放源码的,免费的实现。它对所有网络通讯进行加密传输,从而避开了许多网络层的攻击,是个很有用的网络连接工具。

OpenSSH实现上存在缓冲区溢出漏洞,一个有合法登录帐号的用户可以利用此漏洞得到主机的root权限。

为了实现X11、TCP和代理转发,OpenSSH在一个TCP连接上复用多个“channel”。OpenSSH在管理“channel”的代码实现上存在一个off-by-one(偏移一个单位)漏洞,程序可能会错误地使用正常范围之外的内存数据,一个有合法登录帐号的攻击者登录到系统以后可以利用此漏洞让sshd以root权限执行任意指令。一个恶意的ssh服务器也可能利用此漏洞在用户的客户机上执行任意指令。

<*来源:Joost Pol (joost@pine.nl)
  
  链接:http://archives.neohapsis.com/archives/bugtraq/2002-03/att-0062/01-pine-cert-20020301.txt.asc
        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc
        http://www.linuxsecurity.com/advisories/other_advisory-1937.html
        ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11
        ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.10
        ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc
        https://www.redhat.com/support/errata/RHSA-2002-043.html
        http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php3
                http://www.debian.org/security/2002/dsa-119
        http://www.suse.com/de/support/security/2002_009_openssh_txt.html
*>


--------------------------------------------------------------------------------
建议:

临时解决方法:

如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:

* 此问题没有好的临时解决方法,您应该尽快升级软件。如果即使升级,您应该限制不可信用户对sshd的访问。

* 您也可以使用下列补丁:
--- channels_old.c    Mon Mar  4 02:07:06 2002
+++ channels.c    Mon Mar  4 02:07:16 2002
@@ -151,7 +151,7 @@
channel_lookup(int id)
{
     Channel *c;
-    if (id < 0 || id > channels_alloc) {
+    if (id < 0 || id >= channels_alloc) {
         log("channel_lookup: %d: bad id", id);
         return NULL;
     }

厂商补丁:

Caldera
-------
Caldera已经为此发布了一个安全公告(CSSA-2002-SCO.10)以及相应补丁:
CSSA-2002-SCO.10:OpenServer: OpenSSH channel code vulnerability
链接:ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.10

补丁下载:

OpenServer:

ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/openssh-3.1p1-VOLS.tar

从上述地址将补丁下载到/tmp目录下并展开:

    # cd /tmp
    # tar xvf openssh-3.1p1-VOLS.tar

运行custom命令,指定从媒介映像中安装,将/tmp目录作为映像所在位置。

Conectiva
---------
Conectiva已经为此发布了一个安全公告(CLA-2002:467)以及相应补丁:
CLA-2002:467:openssh
链接:

补丁下载:


ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/openssh-3.0.2p1-1U50_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/openssh-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/openssh-askpass-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/openssh-askpass-gnome-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/openssh-clients-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/openssh-server-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/openssh-3.0.2p1-1U51_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/openssh-3.0.2p1-1U51_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/openssh-askpass-3.0.2p1-1U51_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/openssh-askpass-gnome-3.0.2p1-1U51_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/openssh-clients-3.0.2p1-1U51_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/openssh-server-3.0.2p1-1U51_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/openssh-3.0.2p1-1U60_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openssh-3.0.2p1-1U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openssh-askpass-3.0.2p1-1U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openssh-askpass-gnome-3.0.2p1-1U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openssh-clients-3.0.2p1-1U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openssh-server-3.0.2p1-1U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/openssh-3.0.2p1-1U70_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-3.0.2p1-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-askpass-3.0.2p1-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-askpass-gnome-3.0.2p1-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-clients-3.0.2p1-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssh-server-3.0.2p1-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/openssh-3.0.2p1-1U50_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/openssh-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/openssh-askpass-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/openssh-askpass-gnome-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/openssh-clients-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/openssh-server-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/openssh-3.0.2p1-1U50_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/openssh-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/openssh-askpass-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/openssh-askpass-gnome-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/openssh-clients-3.0.2p1-1U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/openssh-server-3.0.2p1-1U50_2cl.i386.rpm

Debian
------
Debian已经为此发布了一个安全公告(DSA-119-1):
DSA-119-1:ssh channel bug
链接:http://www.debian.org/security/2002/dsa-119

Debian 2.2 (potato)正在使用的ssh版本为1.2.3,因此不受此漏洞影响。

EnGarde
-------
EnGarde已经为此发布了一个安全公告(ESA-20020307-007)以及相应补丁:
ESA-20020307-007:Local vulnerability in OpenSSH's channel code
链接:http://www.linuxsecurity.com/advisories/other_advisory-1937.html

补丁下载:

ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
http://ftp.engardelinux.org/pub/engarde/stable/updates/

补丁安装方法:

安装程序之前,主机必须是以下两种状态之一:

    a) 启到一个标准的kernel
    b) 禁用LIDS

  用以下命令禁用LIDS:

    # /sbin/lidsadm -S -- -LIDS_GLOBAL

  安装更新软件:

    # rpm -Uvh <filename>

  更新LIDS的设置:

    # /usr/sbin/config_lids.pl

  开启LIDS:

    # /sbin/lidsadm -S -- +LIDS_GLOBAL

  检查更新文件的签名:

    # rpm -Kv <filename>

FreeBSD
-------
FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-02:13)以及相应补丁:
FreeBSD-SA-02:13:OpenSSH contains exploitable off-by-one bug
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc

补丁下载:

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch.asc

补丁安装方法:

以root身份执行以下命令:
# cd /usr/src
# patch < /path/to/sshd.patch
# cd /usr/src/secure/lib/libssh
# make depend && make all
# cd /usr/src/secure/usr.sbin/sshd
# make depend && make all install
# cd /usr/src/secure/usr.bin/ssh
# make depend && make all install

MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2002:019)以及相应补丁:
MDKSA-2002:019:openssh
链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php3

补丁下载:

________________________________________________________________________

Updated Packages:

Linux-Mandrake 7.1:
bc34824969b478a98a5a5a76d8be06b5  7.1/RPMS/openssh-3.0.2p1-1.7mdk.i586.rpm
429ebe6c85060b520768175f1b739743  7.1/RPMS/openssh-askpass-3.0.2p1-1.7mdk.i586.rpm
889aa64afb4602f5f170b8669b8008b0  7.1/RPMS/openssh-askpass-gnome-3.0.2p1-1.7mdk.i586.rpm
90607450de8453562bad9dbf45bb1f2d  7.1/RPMS/openssh-clients-3.0.2p1-1.7mdk.i586.rpm
333454f7b2a6b16eb67742ae93c08fce  7.1/RPMS/openssh-server-3.0.2p1-1.7mdk.i586.rpm
616f318fe1a6a4edb33f299f75916747  7.1/SRPMS/openssh-3.0.2p1-1.7mdk.src.rpm

Linux-Mandrake 7.2:
c14977e0a4b7298dd81ab19fdc88440b  7.2/RPMS/openssh-3.0.2p1-1.6mdk.i586.rpm
35a7b31ed5bda3881677daac6201ef01  7.2/RPMS/openssh-askpass-3.0.2p1-1.6mdk.i586.rpm
a3dfd2f05699e31617e5f92805efbd01  7.2/RPMS/openssh-askpass-gnome-3.0.2p1-1.6mdk.i586.rpm
2312e6704c681a217542f18114e42975  7.2/RPMS/openssh-clients-3.0.2p1-1.6mdk.i586.rpm
26486934d611183d82f51f42e24bb1da  7.2/RPMS/openssh-server-3.0.2p1-1.6mdk.i586.rpm
93d28e0b0a54ba70a8948f8d099abcbd  7.2/SRPMS/openssh-3.0.2p1-1.6mdk.src.rpm

Mandrake Linux 8.0:
0fd791ab728bfcc7fe0378b6b24f168c  8.0/RPMS/openssh-3.1p1-1.1mdk.i586.rpm
23873cfc4e6fc201fbcf4ae70c858256  8.0/RPMS/openssh-askpass-3.1p1-1.1mdk.i586.rpm
c61377a9986bd903f7f965fc21db402e  8.0/RPMS/openssh-askpass-gnome-3.1p1-1.1mdk.i586.rpm
374702df268b15ce2d33b33916fdb0b0  8.0/RPMS/openssh-clients-3.1p1-1.1mdk.i586.rpm
56f2c487ae041ef662ac45f338f5c331  8.0/RPMS/openssh-server-3.1p1-1.1mdk.i586.rpm
15e3cdabaf6685e36f2a8c92cf8c68e9  8.0/SRPMS/openssh-3.1p1-1.1mdk.src.rpm

Mandrake Linux 8.0/ppc:
6bb51cef03c8c1d6ff84ac8a46be74f4  ppc/8.0/RPMS/openssh-3.1p1-1.1mdk.ppc.rpm
b655673634b667a27e0d67a49e44dfdc  ppc/8.0/RPMS/openssh-askpass-3.1p1-1.1mdk.ppc.rpm
e1d9f17730903e3c4d046d75d84bed52  ppc/8.0/RPMS/openssh-askpass-gnome-3.1p1-1.1mdk.ppc.rpm
bf68372dfee08ecc606d4db37f559722  ppc/8.0/RPMS/openssh-clients-3.1p1-1.1mdk.ppc.rpm
3c3f67d6ed2bd85174aa9c2654f222bf  ppc/8.0/RPMS/openssh-server-3.1p1-1.1mdk.ppc.rpm
15e3cdabaf6685e36f2a8c92cf8c68e9  ppc/8.0/SRPMS/openssh-3.1p1-1.1mdk.src.rpm

Mandrake Linux 8.1:
44ff50aad9a9696ee747d201b9a3bd5f  8.1/RPMS/openssh-3.1p1-1.1mdk.i586.rpm
a8d4315ed3b5fab0e8d8f3abcae36ce7  8.1/RPMS/openssh-askpass-3.1p1-1.1mdk.i586.rpm
4df4ec7a72c4c5dbda179799738b8bd7  8.1/RPMS/openssh-askpass-gnome-3.1p1-1.1mdk.i586.rpm
a332044cf9eaeaaae0af923d55678e2b  8.1/RPMS/openssh-clients-3.1p1-1.1mdk.i586.rpm
a2a39c0c29d0c3a7660d8c58023edbe4  8.1/RPMS/openssh-server-3.1p1-1.1mdk.i586.rpm
15e3cdabaf6685e36f2a8c92cf8c68e9  8.1/SRPMS/openssh-3.1p1-1.1mdk.src.rpm

Mandrake Linux 8.1/ia64:
f885782f2ff38dc6a49cc72a2b9d7275  ia64/8.1/RPMS/openssh-3.1p1-1.1mdk.ia64.rpm
d475cb384418532d86fbdf83833049c8  ia64/8.1/RPMS/openssh-askpass-3.1p1-1.1mdk.ia64.rpm
eedf9742b96bcc09149b27b0bcd0eec9  ia64/8.1/RPMS/openssh-askpass-gnome-3.1p1-1.1mdk.ia64.rpm
92d50a697f93113791c45f0e92afb5d8  ia64/8.1/RPMS/openssh-clients-3.1p1-1.1mdk.ia64.rpm
088704726b7b77d6bee5f16df3eeba09  ia64/8.1/RPMS/openssh-server-3.1p1-1.1mdk.ia64.rpm
15e3cdabaf6685e36f2a8c92cf8c68e9  ia64/8.1/SRPMS/openssh-3.1p1-1.1mdk.src.rpm

Corporate Server 1.0.1:
bc34824969b478a98a5a5a76d8be06b5  1.0.1/RPMS/openssh-3.0.2p1-1.7mdk.i586.rpm
429ebe6c85060b520768175f1b739743  1.0.1/RPMS/openssh-askpass-3.0.2p1-1.7mdk.i586.rpm
889aa64afb4602f5f170b8669b8008b0  1.0.1/RPMS/openssh-askpass-gnome-3.0.2p1-1.7mdk.i586.rpm
90607450de8453562bad9dbf45bb1f2d  1.0.1/RPMS/openssh-clients-3.0.2p1-1.7mdk.i586.rpm
333454f7b2a6b16eb67742ae93c08fce  1.0.1/RPMS/openssh-server-3.0.2p1-1.7mdk.i586.rpm
616f318fe1a6a4edb33f299f75916747  1.0.1/SRPMS/openssh-3.0.2p1-1.7mdk.src.rpm

Single Network Firewall 7.2:
c14977e0a4b7298dd81ab19fdc88440b  snf7.2/RPMS/openssh-3.0.2p1-1.6mdk.i586.rpm
35a7b31ed5bda3881677daac6201ef01  snf7.2/RPMS/openssh-askpass-3.0.2p1-1.6mdk.i586.rpm
a3dfd2f05699e31617e5f92805efbd01  snf7.2/RPMS/openssh-askpass-gnome-3.0.2p1-1.6mdk.i586.rpm
2312e6704c681a217542f18114e42975  snf7.2/RPMS/openssh-clients-3.0.2p1-1.6mdk.i586.rpm
26486934d611183d82f51f42e24bb1da  snf7.2/RPMS/openssh-server-3.0.2p1-1.6mdk.i586.rpm
93d28e0b0a54ba70a8948f8d099abcbd  snf7.2/SRPMS/openssh-3.0.2p1-1.6mdk.src.rpm
________________________________________________________________________


上述升级软件可以在下列地址中的任意一个镜像ftp服务器上下载:  
http://www.mandrakesecure.net/en/ftp.php

NetBSD
------
NetBSD已经为此发布了一个安全公告(NetBSD-SA2002-004)以及相应补丁:
NetBSD-SA2002-004:Off-by-one error in openssh session
链接:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc

OpenSSH
-------
目前厂商已经在3.1版的软件中修复了这个安全问题,请到厂商的主页下载:

http://www.openssh.org

RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2002:043-10)以及相应补丁:
RHSA-2002:043-10:Updated openssh packages available
链接:https://www.redhat.com/support/errata/RHSA-2002-043.html

补丁下载:

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/openssh-3.1p1-1.src.rpm

alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/openssh-3.1p1-1.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/openssh-clients-3.1p1-1.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/openssh-server-3.1p1-1.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/openssh-askpass-3.1p1-1.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/openssh-askpass-gnome-3.1p1-1.alpha.rpm

i386:
ftp://updates.redhat.com/7.0/en/os/i386/openssh-3.1p1-1.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssh-clients-3.1p1-1.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssh-server-3.1p1-1.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssh-askpass-3.1p1-1.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/openssh-askpass-gnome-3.1p1-1.i386.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/openssh-3.1p1-1.src.rpm

alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/openssh-3.1p1-1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/openssh-clients-3.1p1-1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/openssh-server-3.1p1-1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/openssh-askpass-3.1p1-1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/openssh-askpass-gnome-3.1p1-1.alpha.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/openssh-3.1p1-1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssh-clients-3.1p1-1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssh-server-3.1p1-1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssh-askpass-3.1p1-1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssh-askpass-gnome-3.1p1-1.i386.rpm

ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/openssh-3.1p1-1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/openssh-clients-3.1p1-1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/openssh-server-3.1p1-1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/openssh-askpass-3.1p1-1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/openssh-askpass-gnome-3.1p1-1.ia64.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/openssh-3.1p1-2.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/openssh-3.1p1-2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssh-clients-3.1p1-2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssh-server-3.1p1-2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssh-askpass-3.1p1-2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssh-askpass-gnome-3.1p1-2.i386.rpm

ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/openssh-3.1p1-2.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssh-clients-3.1p1-2.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssh-server-3.1p1-2.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssh-askpass-3.1p1-2.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssh-askpass-gnome-3.1p1-2.ia64.rpm

可使用下列命令安装补丁:

rpm -Fvh [文件名]

S.u.S.E.
--------
S.u.S.E.已经为此发布了一个安全公告(SuSE-SA:2002:009)以及相应补丁:
SuSE-SA:2002:009:openssh
链接:http://www.suse.com/de/support/security/2002_009_openssh_txt.html

补丁下载:

  i386 Intel Platform:

    SuSE-7.3
    ftp://ftp.suse.com/pub/suse/i386/update/7.3/sec1/openssh-2.9.9p2-98.i386.rpm
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/openssh-2.9.9p2-98.src.rpm

    SuSE-7.2
    ftp://ftp.suse.com/pub/suse/i386/update/7.2/sec1/openssh-2.9.9p2-96.i386.rpm
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/openssh-2.9.9p2-96.src.rpm

    SuSE-7.1
    ftp://ftp.suse.com/pub/suse/i386/update/7.1/sec1/openssh-2.9.9p2-98.i386.rpm
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/openssh-2.9.9p2-98.src.rpm

    SuSE-7.0
    ftp://ftp.suse.de/pub/suse/i386/update/7.0/sec1/openssh-2.9.9p2-97.i386.rpm
    source rpm:
    ftp://ftp.suse.de/pub/suse/i386/update/7.0/zq1/openssh-2.9.9p2-97.src.rpm

    SuSE-6.4
    ftp://ftp.suse.de/pub/suse/i386/update/6.4/sec1/openssh-2.9.9p2-94.i386.rpm
    source rpm:
    ftp://ftp.suse.de/pub/suse/i386/update/6.4/zq1/openssh-2.9.9p2-94.src.rpm



  Sparc Platform:

    SuSE-7.3
    ftp://ftp.suse.com/pub/suse/sparc/update/7.3/sec1/openssh-2.9.9p2-36.sparc.rpm
    source rpm:
    ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/openssh-2.9.9p2-36.src.rpm

    SuSE-7.1
    ftp://ftp.suse.com/pub/suse/sparc/update/7.1/sec1/openssh-2.9.9p2-36.sparc.rpm
    source rpm:
    ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/openssh-2.9.9p2-36.src.rpm

    SuSE-7.0
    ftp://ftp.suse.de/pub/suse/sparc/update/7.0/sec1/openssh-2.9.9p2-36.sparc.rpm
    source rpm:
    ftp://ftp.suse.de/pub/suse/sparc/update/7.0/zq1/openssh-2.9.9p2-36.src.rpm

  AXP Alpha Platform:

    SuSE-7.1
    ftp://ftp.suse.com/pub/suse/axp/update/7.1/sec1/openssh-2.9.9p2-39.alpha.rpm
    source rpm:
    ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/openssh-2.9.9p2-39.src.rpm

    SuSE-7.0
    ftp://ftp.suse.de/pub/suse/axp/update/7.0/sec1/openssh-2.9.9p2-38.alpha.rpm
    source rpm:
    ftp://ftp.suse.de/pub/suse/axp/update/7.0/zq1/openssh-2.9.9p2-38.src.rpm

    SuSE-6.4
    ftp://ftp.suse.de/pub/suse/axp/update/6.4/sec1/openssh-2.9.9p2-37.alpha.rpm
    source rpm:
    ftp://ftp.suse.de/pub/suse/axp/update/6.4/zq1/openssh-2.9.9p2-37.src.rpm

  PPC Power PC Platform:

    SuSE-7.3
    ftp://ftp.suse.com/pub/suse/ppc/update/7.3/sec1/openssh-2.9.9p2-69.ppc.rpm
    source rpm:
    ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/openssh-2.9.9p2-69.src.rpm

    SuSE-7.1
    ftp://ftp.suse.com/pub/suse/ppc/update/7.1/sec1/openssh-2.9.9p2-69.ppc.rpm
    source rpm:
    ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/openssh-2.9.9p2-69.src.rpm

    SuSE-7.0
    ftp://ftp.suse.de/pub/suse/ppc/update/7.0/sec1/openssh-2.9.9p2-68.ppc.rpm
    source rpm:
    ftp://ftp.suse.de/pub/suse/ppc/update/7.0/zq1/openssh-2.9.9p2-68.src.rpm

    SuSE-6.4
    ftp://ftp.suse.de/pub/suse/ppc/update/6.4/sec1/openssh-2.9.9p2-67.ppc.rpm
    source rpm:
    ftp://ftp.suse.de/pub/suse/ppc/update/6.4/zq1/openssh-2.9.9p2-67.src.rpm

版权所有,未经许可,不得转载