SuSE: 2004-011: Live CD 9.1 Security Update
Summary
-----BEGIN PGP SIGNED MESSAGE-----______________________________________________________________________________
SuSE Security Announcement
Package: Live CD 9.1
Announcement-ID: SuSE-SA:2004:011
Date: Thursday, May 6th 2004 22:30 MEST
Affected products: SUSE LINUX 9.1 Personal Edition Live CD
Vulnerability Type: remote root access
Severity (1-10): 8
SuSE default package: yes
Other affected systems: none
Content of this advisory:
1) security vulnerability resolved: Live CD 9.1
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
The freshly released SUSE LINUX 9.1 comes in two variants:
* SUSE LINUX 9.1 Professional (5 CD-ROMs, 2 double sided DVDs, printed
manuals, for Intel i386 32Bit platform and 1 DVD for the AMD 64Bit
platform)
* SUSE LINUX 9.1 Personal (2 CD-ROMs: 1 installable CD-ROM, 1 Live CD-ROM
for running SUSE LINUX on your PC without actually installing the
system.)
This SUSE Security Announcement targets the Live CD that comes with the
SUSE LINUX 9.1 Personal edition. The Live CD can boot and run on any PC
that has a CD-ROM drive, offering a convenient opportunity for users
who want to try out SUSE Linux without any modification to the system
that is installed on the computer. Similar CD-ROM iso images have been
available for download from our ftp server with each release of the
SUSE LINUX home user product for years.
Upon boot, the Live CD will automatically configure a network card if
one has been detected. It requires user interaction for dialup
network access.
A configuration error on the Live CD allows for a passwordless, remote
root login to the system via ssh, if the computer has booted from the
Live CD and if it is connected to a network. Since the CD-ROM is a
read-only medium by definition, there is no solution for this error
that would be persistent over a reboot from the Live CD. Manually
killing all running instances of the secure shell daemon ("killall
sshd" as root) after each boot cures the problem, while still exposing
the vulnerability in the time window between startup and the killing
of the sshd process.
It is a policy for a fresh install of SUSE LINUX products to enable
the user to log on to the system using secure shell (ssh). During the
installation of the system, the user is prompted for a root password.
The Live CD does not install any system on a medium and therefore does
not ask for a root password. By consequence, passwordless logins
should be denied on the system, regardless of whether the account in
question is the super user account or not. The Live CD 9.1 suffers
from this misconfiguration.
Our permanent fix for the vulnerability is to download the iso image
of the fixed Live CD 9.1 from the URL as listed below and to burn it
on a CD-R using a CD-burner and the software that comes with the SUSE
LINUX 9.1 Personal or Professional (cdrecord, k3b). The new image
still runs a secure shell daemon for remote login, but it does not
allow remote logins on a zero-length password account, and it denies
remote root login attempts, independently from the password.
We thank Patrick Kranefeld and Fabian Franz who have reported the
configuration neglectfulness on the SUSE LINUX 9.1 Live CD to SUSE
Security.
Image authenticity verification:
The file LiveCD-9.1-01.iso has a length of 706349056 bytes. If you run
the command "md5sum LiveCD-9.1-01.iso" after you have downloaded the
file, the md5sum command should print the following md5sum:
9f4ed1bc6b3ee582bf593fde75d5db43
This md5 sum is also contained in the file MD5SUMS in the same
directory as the LiveCD-9.1-01.iso file. Its signature (by
security@suse.de) is contained in the file MD5SUMS.sig.
The download location:
9f4ed1bc6b3ee582bf593fde75d5db43
A note: Please use a mirror for downloading the SUSE LINUX 9.1 Live
CD. Mirrors close to you can be found at
https://www.suse.com/
______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- canna
New canna packages are available on our ftp servers, fixing tmp race
conditions.
- xchat
A buffer overflow in the SOCKS5 code of the XChat program has been
fixed. New packages are available on our ftp servers.
- tcpdump
The tcpdump program contained a remote DoS condition in its ISAKMP
packet handling (CAN-2004-0183 and CAN-2004-0184).
Fixed packages are available on our ftp servers.
- lha
A buffer overflow in the header parsing routines of lha has been fixed.
Additionally lha did not properly handle pathnames within archives
(CAN-2004-0234 and CAN-2004-0235).
Fixed packages are available on our ftp servers.
______________________________________________________________________________
3) standard appendix: authenticity verification, additional information
- Package authenticity verification:
SuSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.
1) execute the command
md5sum
References
