FreeBSD Local Security Checks : FreeBSD Ports: ssh2, ssh2-nox11

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.56349

Kategorie: FreeBSD Local Security Checks

Titel: FreeBSD Ports: ssh2, ssh2-nox11

Zusammenfassung: The remote host is missing an update to the system; as announced in the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

ssh2
ssh2-nox11

CVE-2006-0705
Format string vulnerability in a logging function as used by various
SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT
UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows
Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before
5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5)
SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell
Server 3.2.9 and earlier, allows remote authenticated users to execute
arbitrary commands via unspecified vectors, involving crafted
filenames and the stat command.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2006-0705
BugTraq ID: 16625
http://www.securityfocus.com/bid/16625
BugTraq ID: 16640
http://www.securityfocus.com/bid/16640
CERT/CC vulnerability note: VU#419241
http://www.kb.cert.org/vuls/id/419241
http://security.gentoo.org/glsa/glsa-200703-13.xml
HPdes Security Advisory: HPSBTU02322
http://marc.info/?l=bugtraq&m=120654385125315&w=2
HPdes Security Advisory: SSRT080011
http://securitytracker.com/id?1015619
http://secunia.com/advisories/18828
http://secunia.com/advisories/18843
http://secunia.com/advisories/24516
http://secunia.com/advisories/29552
http://www.vupen.com/english/advisories/2006/0554
http://www.vupen.com/english/advisories/2006/0555
http://www.vupen.com/english/advisories/2008/1008/references
XForce ISS Database: sftp-logging-format-string(24651)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24651

Copyright Copyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.56349
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: ssh2, ssh2-nox11
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: ssh2 ssh2-nox11 CVE-2006-0705 Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2006-0705 BugTraq ID: 16625 http://www.securityfocus.com/bid/16625 BugTraq ID: 16640 http://www.securityfocus.com/bid/16640 CERT/CC vulnerability note: VU#419241 http://www.kb.cert.org/vuls/id/419241 http://security.gentoo.org/glsa/glsa-200703-13.xml HPdes Security Advisory: HPSBTU02322 http://marc.info/?l=bugtraq&m=120654385125315&w=2 HPdes Security Advisory: SSRT080011 http://securitytracker.com/id?1015619 http://secunia.com/advisories/18828 http://secunia.com/advisories/18843 http://secunia.com/advisories/24516 http://secunia.com/advisories/29552 http://www.vupen.com/english/advisories/2006/0554 http://www.vupen.com/english/advisories/2006/0555 http://www.vupen.com/english/advisories/2008/1008/references XForce ISS Database: sftp-logging-format-string(24651) https://exchange.xforce.ibmcloud.com/vulnerabilities/24651
Copyright	Copyright (C) 2008 E-Soft Inc.