 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.871328 |
| Kategorie: | Red Hat Local Security Checks |
| Titel: | RedHat Update for openssh RHSA-2015:0425-01 |
| Zusammenfassung: | The remote host is missing an update for the 'openssh'; package(s) announced via the referenced advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'openssh' package(s) announced via the referenced advisory. Vulnerability Insight: OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip the DNS SSHFP record check and require the user to perform manual host verification of the DNS SSHFP record. (CVE-2014-2653) It was found that when OpenSSH was used in a Kerberos environment, remote authenticated users were allowed to log in as a different user if they were listed in the ~ /.k5users file of that user, potentially bypassing intended authentication restrictions. (CVE-2014-9278) The openssh packages have been upgraded to upstream version 6.6.1, which provides a number of bug fixes and enhancements over the previous version. (BZ#1059667) Bug fixes: * An existing /dev/log socket is needed when logging using the syslog utility, which is not possible for all chroot environments based on the user's home directories. As a consequence, the sftp commands were not logged in the chroot setup without /dev/log in the internal sftp subsystem. With this update, openssh has been enhanced to detect whether /dev/log exists. If /dev/log does not exist, processes in the chroot environment use their master processes for logging. (BZ#1083482) * The buffer size for a host name was limited to 64 bytes. As a consequence, when a host name was 64 bytes long or longer, the ssh-keygen utility failed. The buffer size has been increased to fix this bug, and ssh-keygen no longer fails in the described situation. (BZ#1097665) * Non-ASCII characters have been replaced by their octal representations in banner messages in order to prevent terminal re-programming attacks. Consequently, banners containing UTF-8 strings were not correctly displayed in a client. With this update, banner messages are processed according to RFC 3454, control characters have been removed, and banners containing UTF-8 strings are now displayed correctly. (BZ#1104662) * Red Hat Enterprise Linux uses persistent Kerberos credential caches, which are shared between sessions. Previously, the GSSAPICleanupCredentials option was set to 'yes' by default. Consequently, removing a Kerberos cache on logout could remove unrelated credentials of other sessions, which could make the system unusable. To fix this bug, GSSAPICleanupCredentials is set by default to 'no'. (BZ#1134447) * Access permissions for the /etc/ssh/moduli file were set to 0600, which was unnecessarily strict. With this update, the permissions ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: openssh on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-2653 BugTraq ID: 66459 http://www.securityfocus.com/bid/66459 Debian Security Information: DSA-2894 (Google Search) http://www.debian.org/security/2014/dsa-2894 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html HPdes Security Advisory: HPSBUX03188 http://marc.info/?l=bugtraq&m=141576985122836&w=2 HPdes Security Advisory: SSRT101487 http://www.mandriva.com/security/advisories?name=MDVSA-2014:068 http://www.mandriva.com/security/advisories?name=MDVSA-2015:095 http://openwall.com/lists/oss-security/2014/03/26/7 RedHat Security Advisories: RHSA-2014:1552 http://rhn.redhat.com/errata/RHSA-2014-1552.html RedHat Security Advisories: RHSA-2015:0425 http://rhn.redhat.com/errata/RHSA-2015-0425.html http://secunia.com/advisories/59855 http://www.ubuntu.com/usn/USN-2164-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-9278 71420 http://www.securityfocus.com/bid/71420 RHSA-2015:0425 [oss-security] 20141202 CVE request: OpenSSH ~/.k5users patch (Fedora and downstreams) http://www.openwall.com/lists/oss-security/2014/12/02/3 [oss-security] 20141204 Re: CVE request: OpenSSH ~/.k5users patch (Fedora and downstreams) http://www.openwall.com/lists/oss-security/2014/12/04/17 http://thread.gmane.org/gmane.comp.encryption.kerberos.general/15855 https://bugzilla.mindrot.org/show_bug.cgi?id=1867 https://bugzilla.redhat.com/show_bug.cgi?id=1169843 openssh-gssservkrb5-sec-bypass(99090) https://exchange.xforce.ibmcloud.com/vulnerabilities/99090 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |