December 10, 2004
We are pleased to announce the release of OpenNTPD 3.6.1.

This is our second formal release, which includes improvents and

enhancements done after the OpenNTPD 3.6 release.
OpenNTPD is a time syncronization application, allowing network-based

time syncronization, either to a number of time servers or to a single

"master" time server. OpenNTPD keeps a machine's local clock in sync

with a number of Network Time Protocol (NTP) servers, and can

redistribute the local clock, being an NTP server itself.
The default configuration file will sync the computer's time

to pool.ntp.org, a large group of NTP servers from around

the world, which is a good timekeeping solution for many OpenNTPD users.

This means that for many people, using OpenNTPD consists of just running

the installed program -- the default configuation is useful and "safe".
Highlights include:

-Support for the Network Time Protocol, per RFC 1305 and 2030

-low memory footprint

-easy, straightforward configuration file and command line options

-complete and accurate manpages

-Written using secure and reliable programming techniques, including

 privilege separation and exclusive use of bounded buffer operations

-OpenNTPD can now account for large clock offsets at startup by

 setting the time hard instead of stepping, making the use of

 rdate or ntpdate prior to startup superfluous.
OpenNTPD is in use in many production environments.
OpenNTPD comes with OpenBSD 3.6, or can be downloaded seperately

from one of the mirrors listed at http://www.openntpd.org/.
OpenNTPD is developed as part of the OpenBSD project, which offers CDs,

T-Shirts and Posters. Sales of these items help funding OpenNTPD

development. Orders can be placed via

  http://www.openbsd.org/orders.html
OpenNTPD is primarily written by Henning Brauer. Many thanks to the

whole OpenBSD developer base and especially Theo de Raadt for their

continued help and support.

This is the 2nd revision of the Advisory.
1. Versions affected:
        Serveral versions of OpenSSH's sshd between 2.3.1 and 3.3

        contain an input validation error that can result in an

        integer overflow and privilege escalation.
        All versions between 2.3.1 and 3.3 contain a bug in the

        PAMAuthenticationViaKbdInt code.
        All versions between 2.9.9 and 3.3 contain a bug in the

        ChallengeResponseAuthentication code.
        OpenSSH 3.4 and later are not affected.
        OpenSSH 3.2 and later prevent privilege escalation if

        UsePrivilegeSeparation is enabled in sshd_config.  OpenSSH

        3.3 enables UsePrivilegeSeparation by default.
        Although some earlier versions are not affected upgrading

        to OpenSSH 3.4 is recommended, because OpenSSH 3.4 adds

        checks for a class of potential bugs.
2. Impact:
        This bug can be exploited remotely if

		ChallengeResponseAuthentication

	is enabled in sshd_config.
        Affected are at least systems supporting s/key over

        SSH protocol version 2 (OpenBSD, FreeBSD and NetBSD

        as well as other systems supporting s/key with SSH).

        Exploitablitly of systems using

		PAMAuthenticationViaKbdInt

	has not been verified.
3. Short-Term Solution:
        Disable ChallengeResponseAuthentication in sshd_config.
	and
	Disable PAMAuthenticationViaKbdInt in sshd_config.
	Alternatively you can prevent privilege escalation

	if you enable UsePrivilegeSeparation in sshd_config.
4. Solution:
	Upgrade to OpenSSH 3.4 or apply the following patches.
5. Credits:
	ISS.
Appendix:
A:
Index: auth2-chall.c

===================================================================

RCS file: /cvs/src/usr.bin/ssh/auth2-chall.c,v

retrieving revision 1.18

diff -u -r1.18 auth2-chall.c

--- auth2-chall.c	19 Jun 2002 00:27:55 -0000	1.18

+++ auth2-chall.c	26 Jun 2002 09:37:03 -0000

@@ -256,6 +256,8 @@
 	authctxt->postponed = 0;	/* rese...
[ message continues ]

This mail is probably spam.  The original message has been attached

along with this report, so you can recognize or block similar unwanted

mail in future.  See http://spamassassin.org/tag/ for more details.
Content preview:  WATA INNOVATION ELECTRONICS CO.,LTD.

  URI:http://www.ezlink.com.tw/e-mail/huatai/brg1.gif

  URI:http://www.ezlink.com.tw/e-mail/huatai/spacer.gif

  URI:http://www.ezlink.com.tw/e-mail/huatai/spacer.gif

  URI:http://www.ezlink.com.tw/e-mail/huatai/spacer.gif [...] 
Content analysis details:   (7.00 points, 5 required)

FROM_ENDS_IN_NUMS  (0.7 points)  From: ends in numbers

HTML_IMAGE_RATIO_06 (0.8 points)  BODY: HTML has a low ratio of text to image area

HTML_50_60         (0.1 points)  BODY: Message is 50% to 60% HTML

MAILTO_TO_SPAM_ADDR (0.6 points)  URI: Includes a link to a likely spammer email address

MSG_ID_ADDED_BY_MTA_2 (0.9 points)  'Message-Id' was added by a relay (2)

PLING_PLING        (1.7 points)  Subject has lots of exclamation marks

MIME_HTML_ONLY     (0.1 points)  Message only has text/html MIME parts

FORGED_MUA_OUTLOOK (2.1 points)  Forged mail pretending to be from MS Outlook
The original message did not contain plain text, and may be unsafe to

open with some email clients; in particular, it may contain a virus,

or confirm that your address can receive spam.  If you wish to view

it, it may be safer to save it to a file and open it with an editor.

This mail is probably spam.  The original message has been attached

along with this report, so you can recognize or block similar unwanted

mail in future.  See http://spamassassin.org/tag/ for more details.
Content preview:  WATA INNOVATION ELECTRONICS CO.,LTD.

  URI:http://www.ezlink.com.tw/e-mail/huatai/brg1.gif

  URI:http://www.ezlink.com.tw/e-mail/huatai/spacer.gif

  URI:http://www.ezlink.com.tw/e-mail/huatai/spacer.gif

  URI:http://www.ezlink.com.tw/e-mail/huatai/spacer.gif [...] 
Content analysis details:   (7.00 points, 5 required)

FROM_ENDS_IN_NUMS  (0.7 points)  From: ends in numbers

HTML_IMAGE_RATIO_06 (0.8 points)  BODY: HTML has a low ratio of text to image area

HTML_50_60         (0.1 points)  BODY: Message is 50% to 60% HTML

MAILTO_TO_SPAM_ADDR (0.6 points)  URI: Includes a link to a likely spammer email address

MSG_ID_ADDED_BY_MTA_2 (0.9 points)  'Message-Id' was added by a relay (2)

PLING_PLING        (1.7 points)  Subject has lots of exclamation marks

MIME_HTML_ONLY     (0.1 points)  Message only has text/html MIME parts

FORGED_MUA_OUTLOOK (2.1 points)  Forged mail pretending to be from MS Outlook
The original message did not contain plain text, and may be unsafe to

open with some email clients; in particular, it may contain a virus,

or confirm that your address can receive spam.  If you wish to view

it, it may be safer to save it to a file and open it with an editor.

OpenSSH 3.7.1 has just been released. It will be available from the

mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0

implementation and includes sftp client and server support.
We would like to thank the OpenSSH community for their continued

support to the project, especially those who contributed source and

bought T-shirts or posters.
We have a new design of T-shirt available, more info on

        http://www.openbsd.org/tshirts.html#18
For international orders use https://https.openbsd.org/cgi-bin/order

and for European orders, use https://https.openbsd.org/cgi-bin/order.eu
Security Changes:

=================
  All versions of OpenSSH's sshd prior to 3.7.1 contain buffer

  management errors.  It is uncertain whether these errors are

  potentially exploitable, however, we prefer to see bugs

  fixed proactively.
  OpenSSH 3.7 fixed one of these bugs.
  OpenSSH 3.7.1 fixes more similar bugs.
Changes since OpenSSH 3.6.1:

============================ 
* The entire OpenSSH code-base has undergone a license review. As

  a result, all non-ssh1.x code is under a BSD-style license with no

  advertising requirement. Please refer to README in the source

  distribution for the exact license terms.
* Rhosts authentication has been removed in ssh(1) and sshd(8).
* Changes in Kerberos support:
    - KerberosV password support now uses a file cache instead of

      a memory cache.
    - KerberosIV and AFS support has been removed.
    - KerberosV support has been removed from SSH protocol 1.
    - KerberosV password authentication support remains for SSH

      protocols 1 and 2.
    - This release contains some GSSAPI user authentication support

      to replace legacy KerberosV authentication support. At present

      this code is still considered experimental and SHOULD NOT BE

      USED.
* Changed order that keys are tried in public key authentication.

  The ssh(1) client tries the key...
[ message continues ]