ALAS-2015-625


Amazon Linux 1 Security Advisory: ALAS-2015-625
Advisory Release Date: 2015-12-14 10:00 Pacific
Advisory Updated Date: 2015-12-13 14:24 Pacific
Severity: Medium

Issue Overview:

A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users.

It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks.

A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges.


Affected Packages:

openssh


Issue Correction:
Run yum update openssh to update your system.

New Packages:
i686:
    openssh-6.6.1p1-22.58.amzn1.i686
    openssh-server-6.6.1p1-22.58.amzn1.i686
    pam_ssh_agent_auth-0.9.3-9.22.58.amzn1.i686
    openssh-keycat-6.6.1p1-22.58.amzn1.i686
    openssh-ldap-6.6.1p1-22.58.amzn1.i686
    openssh-debuginfo-6.6.1p1-22.58.amzn1.i686
    openssh-clients-6.6.1p1-22.58.amzn1.i686

src:
    openssh-6.6.1p1-22.58.amzn1.src

x86_64:
    openssh-6.6.1p1-22.58.amzn1.x86_64
    openssh-clients-6.6.1p1-22.58.amzn1.x86_64
    pam_ssh_agent_auth-0.9.3-9.22.58.amzn1.x86_64
    openssh-server-6.6.1p1-22.58.amzn1.x86_64
    openssh-debuginfo-6.6.1p1-22.58.amzn1.x86_64
    openssh-keycat-6.6.1p1-22.58.amzn1.x86_64
    openssh-ldap-6.6.1p1-22.58.amzn1.x86_64