Patch-ID# 113273-12 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** Keywords: security sshd sftp-server integer overlow pam keyboard interactive Synopsis: SunOS 5.9: /usr/lib/ssh/sshd Patch Date: Nov/15/2006 Install Requirements: Reconfigure immediately after patch is installed Install in Single User Mode Solaris Release: 9 SunOS Release: 5.9 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 114858 Topic: SunOS 5.9: /usr/lib/ssh/sshd Patch Relevant Architectures: sparc BugId's fixed with this patch: 4406914 4452339 4614979 4621219 4635546 4680230 4707788 4708590 4708846 4709475 4710108 4710111 4711335 4713097 4713592 4714596 4718590 4719654 4720595 4725702 4733532 4740969 4750989 4759759 4777436 4784872 4799122 4801044 4811575 4816590 4828467 4837140 4841566 4857179 4860120 4862449 4895076 4923312 4924554 4925970 4926391 4926624 4928964 4939055 4964839 4966521 4967674 4969306 4971630 4971810 4975057 4976155 4976745 4977574 4982991 4990122 5002100 5005870 5006469 5006690 5006695 5006762 5012765 5013640 5014180 5014600 5014946 5014951 5014969 5019044 5020325 5021347 5022903 5023074 5025296 5036242 5039669 5048145 5048596 5049660 5054240 5054835 5055703 5058293 5060425 5060548 5060618 5062508 5063375 5066767 5076804 5080828 5082282 5083048 5083197 5087792 5088670 5090324 5094142 5094528 5109225 5109404 5109487 5109496 6176256 6181680 6182695 6185726 Changes incorporated in this version: 5080828 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 112908-24 (or greater) Obsoleted by: Files included with this patch: /etc/init.d/sshd /etc/rc0.d/K03sshd /etc/rc1.d/K03sshd /etc/rc2.d/K03sshd /etc/rc3.d/S89sshd /etc/rcS.d/K03sshd /etc/ssh/moduli /etc/ssh/sshd_config /usr/lib/ssh/sftp-server /usr/lib/ssh/ssh-http-proxy-connect /usr/lib/ssh/ssh-keysign /usr/lib/ssh/ssh-socks5-proxy-connect /usr/lib/ssh/sshd Problem Description: 5080828 sshd's default SUPATH = PATH = /usr/bin when SUPATH not set in dflt login (from 113273-11) 6176256 S9 ssh backporting project 4406914 Support draft-ietf-secsh-dh-group-exchange-01.txt 4452339 key_fingerprint needs to support md5/sha/bubblebabble output 4614979 ssh connections break after the rekey interval elapses on 4621219 sftp prints incorrect error message if connection refused 4635546 superfluous IP options check in ssh should be removed 4680230 usr/src/cmd/ssh/ssh Makefile needs to have lib dependencies 4707788 implement ClientAlive on the server side 4708846 vis in libopenbsd-compat has I18N problem. 4709475 ssh and ssh-keygen: not extracted messages for localization 4710108 sshd: locale environments are not passed to shells. 4710111 ssh-agent: strings 'echo' should not be extracted for localization. 4711335 sshd V1 authentication behaves poorly for invalid users 4713097 sftp: word 'abormally' should be 'abnormally' 4713592 ssh & friends print incorrect error message if server breaks connection at login 4714596 Request for filename option in sftp commandline 4719654 ssh: localized messages should be extracted per sentence. 4720595 ssh-keygen does not finish with dsa key 4733532 scp leaves connection open 4740969 cli_write() in libssh.a has a memory leak 4750989 expired passwords not working with KbdInteractiveAuthentication yes 4759759 ssh(1) doesn't terminate proxy commands on exit 4777436 ssh client should ignore signals which are already ignored 4784872 locales != RFC-1766 language tags 4799122 ssh doesn't use getopt(3c) (concatenated options don't work) 4811575 ssh-keygen list fails on long public key entries (base64 encoding > 1024b) 4816590 SSH in Solaris 9 don't forward the X11 session from 3-party software 4828467 sftp client sends directory path that causes windows interop problems 4837140 SSHD sets bogus fixed path and ignores /etc/default/login 4841566 ksh limits ssh/Xauth using -X option with uid's 99 or less 4857179 SSH and Password expiry do not work. 4862449 SUNWssh needs a resync 4924554 Resynced SSH cores after connect from Solaris 9 client with mixed locale setting 4925970 sshd logging extra warning messages on console 4926391 fatal_remove_cleanup() should not fatal() 4926624 ssh exits with -1 if stdin is not a terminal 4928964 sshd breaks finger 4964839 SUNWsshdr needs to remove CheckMail from sshd_config 4966521 sshd core dumps/drops connection if server has many locales 4967674 sshd sets LC_ALL and LANG to strange values 4969306 sshd dumps core on root login 4971630 ssh attempts to do exit(-1) arbitrarily when not using ptys 4971810 fix for 4406914 is incomplete - /etc/ssh/moduli is missing 4975057 ssh got smarter about proxy commands, but not enough: always prepends "exec " 4976155 ssh crashes with SEGV when connecting to Sun_SSH_1.1 (in iso_8859_1) 4976745 sshd has a small malloc problem. 4977574 sshd dumps core when some clients connect 4982991 Please enter user name: prompt doesn't go away quickly enough. 4990122 sshd has a(nother) malloc problem. 5002100 ssh displays wrong (useless) 'Last login' date and time 5005870 sshd setsockopt SO_KEEPALIVE Invalid argument error 5006690 sshd does not pass PAM environment variables to its children 5006695 SUNWssh should support GSS-API extensions to SSHv2 (PSARC 2003/778) 5006762 sshd(1M) does not support optimistic key exchange (SSHv2) 5012765 sshd(1M) should do something about privileges (PSARC 2004/677) 5013640 sshd core dumps while trying to log messages, take 2 5014180 SSH should keep /dev/random open 5014600 ssh-add cores if the agent socket could not be opened 5014969 default X11Forwarding to yes in sshd_config (PSARC 2004/011) 5019044 sshd(1M) lets libgss spew on stderr on startup about unconfigured mechs 5020325 sftp: 'get *' coredumps 5021347 ssh commands link with -ldl, shouldn't (-z ignore masked this) 5022903 ssh(1) should support send-break extension 5023074 SUNWsshdr: /etc/ssh is not a valid temp directory during install 5025296 sshd should use closefrom() instead of a 3-to-64 close() loop 5036242 sshd(1M) should workaround KEXGSS_HOSTKEY bug in MacOS ssh(1) w/ GSS 5048596 ssh(1) hostbased authentication should try all client host keys, not just 1st 5049660 locale problems with ssh 5054240 ssh should be more descriptive when GSS key exchange fails 5054835 sshd GSS error logic needs a little work 5058293 ssh packages do not declare dependency on GSS-API 5060425 ssh backspace not working 5060618 ssh-keysign needs to utilize privileges 5062508 GSS option names should match OpenSSH's (PSARC/2004/461) 5063375 sshd(1M) PAM svc change after pam_start() ineffective 5066767 sshd dumps core in finish_userauth_do_pam() 5076804 sshd(1M) logs successful login messages to auth.notice (and thence the console) 5082282 sshd core dumps printing usage message 5083048 Accepted yes/no strings itself should be displayed 5083197 another coredump in finish_userauth_do_pam() 5088670 RFE 5062528 breaks ssh-agent (missing privileges) 5090324 session id confusion with ssh & su 5094142 sshd calls pam_chauthtok() as root, skips pw quality checks 5094528 ssh(1) core dumps in gssapi userauth 5109225 version string missing from sshd's usage message 5109404 missing whitespace in some ssh messages 5109487 language negotiation is not useful after initial key exchange 5109496 packet_set_connection() should be more careful 6181680 sshd doesn't log logouts in utmpx 6182695 sshd debug mode deadlock potential 6185726 MaxStartups now counts all concurrent sessions 5014946 add support to libgss for gss_store_cred() (PSARC 2003/779) (phase 1) 5014951 mech_krb5 needs a krb5_gss_store_cred() (PSARC 2003/779) (from 113273-10) 5087792 patch 113273-08 breaks who and last from populating ip/hostname (from 113273-09) 5039669 S9 ssh -L portforwarding tunnel does not persist (from 113273-08) 5048145 Race relating to SIGCHLD in sshd results in ssh hanging 5055703 sshd fails to set PAM_RHOST correctly during authentication 5060548 scp/ssh to Solaris 9 sshd daemon arbitrarily returns success or failure (from 113273-07) 5006469 sshd is not calling pam_close_session() when exiting (from 113273-06) 4939055 ssh does not return standard errors (from 113273-05) 4718590 sshd doesn't do proper check when changing expired passwords 4895076 ssh does not allow logins after password expiration when using pk authentication 4725702 sshd fails to report remote address when listening to IPv4 only (from 113273-04) 4923312 Possible root exploit in ssh (from 113273-03) 4860120 ssh echoes back "Kerberos authentication failed: password incorrect" (from 113273-02) 4801044 sshd writes incorrect audit session ID for logout events (from 113273-01) 4708590 sshd(1m) vulnerable to integer overlow in PAM keyboard interactive code Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-10 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE 1: Perform a reconfiguration boot, boot -r, after patch installation. NOTE 2: To get the complete fix for the bug 4939055 (ssh does not return standard errors), please also install the following patch: 114356-03 (or greater) /usr/bin/ssh patch NOTE 3: To get the complete fix for ALL the bugids for -11 revision of the patch, please also install the following patches: 117177-02 (or greater) gssapi module patch 114356-07 (or greater) /usr/bin/ssh patch README -- Last modified date: Wednesday, November 15, 2006