USN-209-1: SSH server vulnerability

18 October 2005

openssh vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

An information disclosure vulnerability has been found in the SSH server. When the GSSAPIAuthentication option was enabled, the SSH server could send GSSAPI credentials even to users who attempted to log in with a method other than GSSAPI. This could inadvertently expose these credentials to an untrusted user.

Please note that this does not affect the default configuration of the SSH server.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.04
openssh-server
Ubuntu 4.10
openssh-server

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References