Wind River Support Network

HomeOther DownloadsFixing known vulenarbilities in OpenSSH in WRLinux1.2
Recommended Type: Patch

Fixing known vulenarbilities in OpenSSH in WRLinux1.2

Released: Jan 23, 2008     Updated: Jan 23, 2008

Description

This defect' includes 4 CVEs, which is CVE-2003-0693, CVE-2003-0695,
CVE-2006-0225 and CVE-2006-5051.

WRLinux 1.2 is vulnerable to CVE-2006-5051 only, among the four.

This patch fixes that.

On a booted target if the vulnerability exists when you issue the following commands:

1. In the target console:

a. touch foo\ bar;
b. mkdir temp;
c. scp foo\ bar temp;
If the kernel is vulnerable the output will as follows:
cp: cannot statfoo': No such file or directory
cp: cannot stat `bar': No such file or directory
IDENTIFIER = WIND00112285

Product Version

Linux Platforms 1.x

Downloads

Installation Notes

Installation Notes

  1. Unzip the patch under [install_dir]/updates

    2. Install the patch CD by entering the patch CD directory and run setup_linux.

    3. This is a source only patch so you will have to build the openssh package.

    4. Issue a make fs and maybe make the kernel in a configured directory.

    6. uploading the kernel and rootfs into the target and booting it up.

    7. In the target console:

    a. touch foo\ bar;
    b. mkdir temp;
    c. scp foo\ bar temp;
    d. The scp command will works correctly with this patch.

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube