SSH Tectia Server Authentication Security Bypass Vulnerability

Secunia ID	SA51456
CVE-ID	CVE-2012-5975
Release Date	04 Dec 2012
Last Change	10 Dec 2012
Criticality	Highly Critical
Solution Status	Vendor Patch
Software	SSH Tectia Server 6.x
Where	From remote
Impact	Security Bypass This covers vulnerabilities or security issues where malicious users or people can bypass certain security mechanisms of the application. The actual impact varies significantly depending on the design and purpose of the affected application.
Description	Kingcope has reported a vulnerability in SSH Tectia Server, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the SSH USERAUTH CHANGE REQUEST function when handling "old-style" password authentication. This can be exploited to reset the password of any user and bypass the authentication process. The vulnerability is reported in versions 6.0.4 to 6.0.20, 6.1.0 to 6.1.12, 6.2.0 to 6.2.5, and 6.3.0 to 6.3.2 running on Unix/Linux platforms only.
Solution	Update to a fixed version.
Reported by	Kingcope
Original Advisory	SSH Tectia: http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0065.html http://www.ssh.com/index.php/component/content/article/531.html Kingcope: http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0013.html

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.

kaspersky.com

securelist.com