OBSOLETE Patch-ID# 113273-16


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security sshd sftp-server integer overlow pam keyboard interactive
Synopsis: Obsoleted by: 122300-17 SunOS 5.9: /usr/lib/ssh/sshd patch
Date: Oct/19/2007


Install Requirements: After installing this patch on an active boot environment, the system will be in a potentially inconsistent state until a reconfigure reboot is performed. Unless otherwise specified in the Special Install Instructions below, it is normally safe to apply further patches prior to initiating the reboot due to the relatively small footprint of the patch utilities. Normal operations must not be resumed until after the reconfigure reboot is performed.
Use Single User Mode (run level S) when installing this patch on an active boot environment. An alternative may be specified in the Special Install Instructions.

Solaris Release: 9

SunOS Release: 5.9

Unbundled Product:

Unbundled Release:

Xref: This patch available for x86 as patch 114858

Topic: SunOS 5.9: /usr/lib/ssh/sshd patch

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
440691415050242
445233915062632
461497915091161
462121915092635
463554615096390
468023015106684
470778815113194
470859015113432
470884615113496
470947515113635
471010815113786
471011115113787
471133515114104
471309715114498
471359215114590
471459615114853
471859015115791
471965415116032
472059515116271
472570215117604
473353215119703
474096915121918
475098915124873
475975915127483
477743615133006
478487215135301
479912215139946
480104415140684
481157515144194
481659015145766
482846715149452
483714015152228
484156615153752
485717915158294
486012015159103
486244915159625
489507615169172
492331215177189
492455415177535
492597015177949
492639115178062
492662415178115
492896415178794
493905515181452
496483915188484
496652115188958
496767415189315
496930615189702
497163015190375
497181015190438
497505715191280
497615515191545
497674515191712
497757415191927
498299115193450
499012215195508
500210015198109
500587015198978
500646915199124
500669015199198
500669515199199
500676215199221
501276515201191
501364015201468
501418015201617
501460015201754
501494615201854
501495115201856
501496915201859
501904415202913
502032515203300
502134715203532
502290315203838
502307415203897
502529615204449
503624215207916
503966915209023
504814515211478
504859615211609
504966015211868
505424015213143
505483515213332
505570315213528
505829315214254
506042515214595
506054815214638
506061815214657
506250815215181
506337515215431
506676715216389
507680415219587
508082815220975
508228215221461
508304815221724
508319715221775
508779215223174
508867015223455
509032415223954
509414215225129
509452815225254
510922515229870
510940415229926
510948715229970
510949615229975
617625615231196
618168015232849
618269515233133
618572615234077
641076215324284
646637015348570
646721815348966
647627915353033
647677215353250
647772015353718
652706415379925
655296615394203


Changes incorporated in this version: 6527064 6552966

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch: 112908-27 (or greater)

Obsoleted by: 122300-17

Files included with this patch:

/etc/init.d/sshd
/etc/rc0.d/K03sshd
/etc/rc1.d/K03sshd
/etc/rc2.d/K03sshd
/etc/rc3.d/S89sshd
/etc/rcS.d/K03sshd
/etc/ssh/moduli
/etc/ssh/sshd_config
/usr/lib/ssh/sftp-server
/usr/lib/ssh/ssh-http-proxy-connect
/usr/lib/ssh/ssh-keysign
/usr/lib/ssh/ssh-socks5-proxy-connect
/usr/lib/ssh/sshd

Problem Description:

6527064 sshd uses LC_CTIME instead of LC_TIME
6552966 ssh should issue warning message for expired passwords again
 
(from 113273-15)
 
6477720 possible DoS in CRC compensation attack detector for SSH protocol 1
 
(from 113273-14)
 
6466370 security vulnerabilities in OpenSSL may lead to DoS or code execution
        (CVE-2006-3738,CVE-2006-4343)
6467218 fix RSA signature forgery (CVE-2006-4339)
6476279 multiple vulnerabilities in OpenSSL (CVE-2006-2937, CVE-2006-2940)
6476772 update OpenSSL version string with information about security patches included
 
(from 113273-13)
 
6410762 Solaris 9 SSH patch 113273-11 does not check for SUNWfns dependencies
 
(from 113273-12)
 
5080828 sshd's default SUPATH = PATH = /usr/bin when SUPATH not set in dflt login
 
(from 113273-11)
 
6176256 Solaris 9 ssh backporting project
4406914 support draft-ietf-secsh-dh-group-exchange-01.txt
4452339 key_fingerprint needs to support md5/sha/bubblebabble output
4614979 ssh connections break after the rekey interval elapses on
4621219 sftp prints incorrect error message if connection refused
4635546 superfluous IP options check in ssh should be removed
4680230 usr/src/cmd/ssh/ssh Makefile needs to have lib dependencies
4707788 implement ClientAlive on the server side
4708846 vis in libopenbsd-compat has I18N problem
4709475 ssh and ssh-keygen: not extracted messages for localization
4710108 sshd: locale environments are not passed to shells
4710111 ssh-agent: strings 'echo' should not be extracted for localization
4711335 sshd V1 authentication behaves poorly for invalid users
4713097 sftp: word 'abormally' should be 'abnormally'
4713592 ssh & friends print incorrect error message if server breaks connection at login
4714596 request for filename option in sftp commandline
4719654 ssh: localized messages should be extracted per sentence
4720595 ssh-keygen does not finish with dsa key
4733532 scp leaves connection open
4740969 cli_write() in libssh.a has a memory leak
4750989 expired passwords not working with KbdInteractiveAuthentication yes
4759759 ssh(1) doesn't terminate proxy commands on exit
4777436 ssh client should ignore signals which are already ignored
4784872 locales !=  RFC-1766 language tags
4799122 ssh doesn't use getopt(3c) (concatenated options don't work)
4811575 ssh-keygen list fails on long public key entries (base64 encoding > 1024b)
4816590 ssh in Solaris 9 doesn't forward the X11 session from 3-party software
4828467 sftp client sends directory path that causes windows interop problems
4837140 sshd sets bogus fixed path and ignores /etc/default/login
4841566 ksh limits ssh/Xauth using -X option with uid's 99 or less
4857179 ssh and password expiry do not work
4862449 SUNWssh needs a resync
4924554 resync'ed ssh cores after connect from Solaris 9 client with mixed locale setting
4925970 sshd logging extra warning messages on console
4926391 fatal_remove_cleanup() should not fatal()
4926624 ssh exits with -1 if stdin is not a terminal
4928964 sshd breaks finger
4964839 SUNWsshdr needs to remove CheckMail from sshd_config
4966521 sshd core dumps/drops connection if server has many locales
4967674 sshd sets LC_ALL and LANG to strange values
4969306 sshd dumps core on root login
4971630 ssh attempts to do exit(-1) arbitrarily when not using ptys
4971810 fix for 4406914 is incomplete - /etc/ssh/moduli is missing
4975057 ssh got smarter about proxy commands, but not enough: always prepends "exec "
4976155 ssh crashes with SEGV when connecting to Sun_SSH_1.1 (in iso_8859_1)
4976745 sshd has a small malloc problem
4977574 sshd dumps core when some clients connect
4982991 Please enter user name: prompt doesn't go away quickly enough
4990122 sshd has a(nother) malloc problem
5002100 ssh displays wrong (useless) 'Last login' date and time
5005870 sshd setsockopt SO_KEEPALIVE Invalid argument error
5006690 sshd does not pass PAM environment variables to its children
5006695 SUNWssh should support GSS-API extensions to SSHv2 (PSARC 2003/778)
5006762 sshd(1M) does not support optimistic key exchange (SSHv2)
5012765 sshd(1M) should do something about privileges (PSARC 2004/677)
5013640 sshd core dumps while trying to log messages, take 2
5014180 ssh should keep /dev/random open
5014600 ssh-add cores if the agent socket could not be opened
5014969 default X11Forwarding to yes in sshd_config (PSARC 2004/011)
5019044 sshd(1M) lets libgss spew on stderr on startup about unconfigured mechs
5020325 sftp: 'get *' coredumps
5021347 ssh commands link with -ldl, shouldn't (-z ignore masked this)
5022903 ssh(1) should support send-break extension
5023074 SUNWsshdr: /etc/ssh is not a valid temp directory during install
5025296 sshd should use closefrom() instead of a 3-to-64 close() loop
5036242 sshd(1M) should workaround KEXGSS_HOSTKEY bug in MacOS ssh(1) with GSS
5048596 ssh(1) host-based authentication should try all client host keys, not just 1st
5049660 locale problems with ssh
5054240 ssh should be more descriptive when GSS key exchange fails
5054835 sshd GSS error logic needs a little work
5058293 ssh packages do not declare dependency on GSS-API
5060425 ssh backspace not working
5060618 ssh-keysign needs to utilize privileges
5062508 GSS option names should match OpenSSH's (PSARC/2004/461)
5063375 sshd(1M) PAM svc change after pam_start() ineffective
5066767 sshd dumps core in finish_userauth_do_pam()
5076804 sshd(1M) logs successful login messages to auth.notice (and thence the console)
5082282 sshd core dumps printing usage message
5083048 accepted yes/no strings itself should be displayed
5083197 another coredump in finish_userauth_do_pam()
5088670 RFE 5062528 breaks ssh-agent (missing privileges)
5090324 session id confusion with ssh & su
5094142 sshd calls pam_chauthtok() as root, skips pw quality checks
5094528 ssh(1) core dumps in gssapi userauth
5109225 version string missing from sshd's usage message
5109404 missing whitespace in some ssh messages
5109487 language negotiation is not useful after initial key exchange
5109496 packet_set_connection() should be more careful
6181680 sshd doesn't log logouts in utmpx
6182695 sshd debug mode deadlock potential
6185726 MaxStartups now counts all concurrent sessions
5014946 add support to libgss for gss_store_cred() (PSARC 2003/779) (phase 1)
5014951 mech_krb5 needs a krb5_gss_store_cred() (PSARC 2003/779)
 
(from 113273-10)
 
5087792 patch 113273-08 breaks who and last from populating IP/hostname
 
(from 113273-09)
 
5039669 Solaris 9 ssh -L portforwarding tunnel does not persist
 
(from 113273-08)
 
5048145 race relating to SIGCHLD in sshd results in ssh hanging
5055703 sshd fails to set PAM_RHOST correctly during authentication
5060548 scp/ssh to Solaris 9 sshd daemon arbitrarily returns success or failure
 
(from 113273-07)
 
5006469 sshd is not calling pam_close_session() when exiting
 
(from 113273-06)
 
4939055 ssh does not return standard errors
 
(from 113273-05)
 
4718590 sshd doesn't do proper check when changing expired passwords
4895076 ssh does not allow logins after password expiration when using pk authentication
4725702 sshd fails to report remote address when listening to IPv4 only
 
(from 113273-04)
 
4923312 possible root exploit in ssh
 
(from 113273-03)
 
4860120 ssh echoes back "Kerberos authentication failed: password incorrect"
 
(from 113273-02)
 
4801044 sshd writes incorrect audit session ID for logout events
 
(from 113273-01)
 
4708590 sshd(1m) vulnerable to integer overlow in PAM keyboard interactive code


Patch Installation Instructions:
--------------------------------
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.


Special Install Instructions:
-----------------------------
 
NOTE 1:  Perform a reconfiguration boot, boot -r, after patch installation.
 
NOTE 2:  To get the complete fix for the bug 4939055 (ssh does not return
         standard errors), please also install the following patch:
 
         114356-03 (or greater)  ssh patch
 
NOTE 3:  To get the complete fix for ALL the bugids in -11 revision of
         the patch, please also install the following patches:
 
         117177-02 (or greater)  gssapi module patch
         114356-07 (or greater)  ssh patch
 
NOTE 4:  To get the complete fix for multiple vulnerabilities in OpenSSL,
         please make sure to install the following patches:
 
         113713-24 (or greater)  pkg utilities patch
         114356-11 (or greater)  ssh patch
         117123-08 (or greater)  wanboot patch
         123376-01 (or greater)  bootconfchk patch


NOTE: The list of 'patches required with this patch' (above) has been
modified from the list specified at patch creation time. The reason for
the modification is that one or more of the required patches was
either never released or withdrawn after its release. The following
substitutions (which are guaranteed to satisfy the original requirements)
were therefore made:

112908-27 replaces 112908-24




README -- Last modified date: Friday, November 9, 2012