English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.10.2024.0010
Kategorie:Mageia Linux Local Security Checks
Titel:Mageia: Security Advisory (MGASA-2024-0010)
Zusammenfassung:The remote host is missing an update for the 'openssh' package(s) announced via the MGASA-2024-0010 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'openssh' package(s) announced via the MGASA-2024-0010 advisory.

Vulnerability Insight:
The updated packages fix security vulnerabilities:
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an
insufficiently trustworthy search path, leading to remote code execution
if an agent is forwarded to an attacker-controlled system.
(CVE-2023-38408)
Prefix Truncation Attacks in SSH Specification (Terrapin Attack).
(CVE-2023-48795)
In ssh-agent in OpenSSH before 9.6, certain destination constraints can
be incompletely applied. When destination constraints are specified
during addition of PKCS#11-hosted private keys, these constraints are
only applied to the first key, even if a PKCS#11 token returns multiple
keys. (CVE-2023-51384)
In ssh in OpenSSH before 9.6, OS command injection might occur if a user
name or host name has shell metacharacters, and this name is referenced
by an expansion token in certain situations. For example, an untrusted
Git repository can have a submodule with shell metacharacters in a user
name or host name. (CVE-2023-51385)

Affected Software/OS:
'openssh' package(s) on Mageia 9.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2023-38408
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/
https://security.gentoo.org/glsa/202307-01
http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html
https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent
https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8
https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d
https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca
https://news.ycombinator.com/item?id=36790196
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408
https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html
http://www.openwall.com/lists/oss-security/2023/07/20/1
http://www.openwall.com/lists/oss-security/2023/07/20/2
http://www.openwall.com/lists/oss-security/2023/09/22/11
http://www.openwall.com/lists/oss-security/2023/09/22/9
Common Vulnerability Exposure (CVE) ID: CVE-2023-48795
Debian Security Information: DSA-5586 (Google Search)
https://www.debian.org/security/2023/dsa-5586
Debian Security Information: DSA-5588 (Google Search)
https://www.debian.org/security/2023/dsa-5588
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
http://seclists.org/fulldisclosure/2024/Mar/21
https://security.gentoo.org/glsa/202312-16
https://security.gentoo.org/glsa/202312-17
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
https://access.redhat.com/security/cve/cve-2023-48795
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
https://bugs.gentoo.org/920280
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
https://bugzilla.suse.com/show_bug.cgi?id=1217950
https://crates.io/crates/thrussh/versions
https://filezilla-project.org/versions.php
https://forum.netgate.com/topic/184941/terrapin-ssh-attack
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
https://github.com/NixOS/nixpkgs/pull/275249
https://github.com/PowerShell/Win32-OpenSSH/issues/2189
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1
https://github.com/advisories/GHSA-45x7-px36-x8w8
https://github.com/apache/mina-sshd/issues/445
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22
https://github.com/cyd01/KiTTY/issues/520
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42
https://github.com/erlang/otp/releases/tag/OTP-26.2.1
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
https://github.com/hierynomus/sshj/issues/916
https://github.com/janmojzis/tinyssh/issues/81
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
https://github.com/libssh2/libssh2/pull/1291
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15
https://github.com/mwiede/jsch/issues/457
https://github.com/mwiede/jsch/pull/461
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
https://github.com/openssh/openssh-portable/commits/master
https://github.com/paramiko/paramiko/issues/2337
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
https://github.com/proftpd/proftpd/issues/456
https://github.com/rapier1/hpn-ssh/releases
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
https://github.com/ronf/asyncssh/tags
https://github.com/ssh-mitm/ssh-mitm/issues/165
https://github.com/warp-tech/russh/releases/tag/v0.40.2
https://gitlab.com/libssh/libssh-mirror/-/tags
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
https://help.panic.com/releasenotes/transmit5/
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/
https://matt.ucc.asn.au/dropbear/CHANGES
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
https://news.ycombinator.com/item?id=38684904
https://news.ycombinator.com/item?id=38685286
https://news.ycombinator.com/item?id=38732005
https://nova.app/releases/#v11.8
https://oryx-embedded.com/download/#changelog
https://roumenpetrov.info/secsh/#news20231220
https://security-tracker.debian.org/tracker/CVE-2023-48795
https://security-tracker.debian.org/tracker/source-package/libssh2
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2
https://thorntech.com/cve-2023-48795-and-sftp-gateway/
https://twitter.com/TrueSkrillor/status/1736774389725565005
https://ubuntu.com/security/CVE-2023-48795
https://winscp.net/eng/docs/history#6.2.2
https://www.bitvise.com/ssh-client-version-history#933
https://www.bitvise.com/ssh-server-version-history
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508
https://www.netsarang.com/en/xshell-update-history/
https://www.openssh.com/openbsd.html
https://www.openssh.com/txt/release-9.6
https://www.openwall.com/lists/oss-security/2023/12/18/2
https://www.openwall.com/lists/oss-security/2023/12/20/3
https://www.paramiko.org/changelog.html
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/
https://www.terrapin-attack.com
https://www.theregister.com/2023/12/20/terrapin_attack_ssh
https://www.vandyke.com/products/securecrt/history.txt
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html
http://www.openwall.com/lists/oss-security/2023/12/18/3
http://www.openwall.com/lists/oss-security/2023/12/19/5
http://www.openwall.com/lists/oss-security/2023/12/20/3
http://www.openwall.com/lists/oss-security/2024/03/06/3
http://www.openwall.com/lists/oss-security/2024/04/17/8
Common Vulnerability Exposure (CVE) ID: CVE-2023-51384
https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b
Common Vulnerability Exposure (CVE) ID: CVE-2023-51385
https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a
https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html
http://www.openwall.com/lists/oss-security/2023/12/26/4
CopyrightCopyright (C) 2024 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.