Gain root remotely : SSH1 CRC-32 compensation attack

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.10607

Categoría: Gain root remotely

Título: SSH1 CRC-32 compensation attack

Resumen: NOSUMMARY

Descripción: Description:

You are running a version of SSH which is
older than version 1.2.32,
or a version of OpenSSH which is older than
2.3.0.

This version is vulnerable to a flaw which allows
an attacker to gain a root shell on this host.

Solution :
Upgrade to version 1.2.32 of SSH which solves this problem,
or to version 2.3.0 of OpenSSH

More information:
http://www.core-sdi.com/advisories/ssh1_deattack.htm

Risk factor : High

Referencia Cruzada: BugTraq ID: 2347
Common Vulnerability Exposure (CVE) ID: CVE-2001-0144
http://www.securityfocus.com/bid/2347
BindView Security Advisory: 20010208 Remote vulnerability in SSH daemon crc32 compensation attack detector
http://razor.bindview.com/publish/advisories/adv_ssh1crc.html
Bugtraq: 20010208 [CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector (Google Search)
http://marc.info/?l=bugtraq&m=98168366406903&w=2
Bugtraq: 20011122 Secure Computing SafeWord uses vulnerable ssh server (Google Search)
http://www.cert.org/advisories/CA-2001-35.html
http://www.osvdb.org/503
http://www.osvdb.org/795
XForce ISS Database: ssh-deattack-overwrite-memory(6083)
https://exchange.xforce.ibmcloud.com/vulnerabilities/6083

Copyright This script is Copyright (C) 2001 Renaud Deraison

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.10607
Categoría:	Gain root remotely
Título:	SSH1 CRC-32 compensation attack
Resumen:	NOSUMMARY
Descripción:	Description: You are running a version of SSH which is older than version 1.2.32, or a version of OpenSSH which is older than 2.3.0. This version is vulnerable to a flaw which allows an attacker to gain a root shell on this host. Solution : Upgrade to version 1.2.32 of SSH which solves this problem, or to version 2.3.0 of OpenSSH More information: http://www.core-sdi.com/advisories/ssh1_deattack.htm Risk factor : High
Referencia Cruzada:	BugTraq ID: 2347 Common Vulnerability Exposure (CVE) ID: CVE-2001-0144 http://www.securityfocus.com/bid/2347 BindView Security Advisory: 20010208 Remote vulnerability in SSH daemon crc32 compensation attack detector http://razor.bindview.com/publish/advisories/adv_ssh1crc.html Bugtraq: 20010208 [CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector (Google Search) http://marc.info/?l=bugtraq&m=98168366406903&w=2 Bugtraq: 20011122 Secure Computing SafeWord uses vulnerable ssh server (Google Search) http://www.cert.org/advisories/CA-2001-35.html http://www.osvdb.org/503 http://www.osvdb.org/795 XForce ISS Database: ssh-deattack-overwrite-memory(6083) https://exchange.xforce.ibmcloud.com/vulnerabilities/6083
Copyright	This script is Copyright (C) 2001 Renaud Deraison