Búsqueda de    
Vulnerabilidad   
    Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.11031
Categoría:Gain root remotely
Título:OpenSSH <= 3.3
Resumen:NOSUMMARY
Descripción:Description:

You are running a version of OpenSSH which is older than 3.4

There is a flaw in this version that can be exploited remotely to
give an attacker a shell on this host.

Note that several distribution patched this hole without changing
the version number of OpenSSH. Since Nessus solely relied on the
banner of the remote SSH server to perform this check, this might
be a false positive.

If you are running a RedHat host, make sure that the command :
rpm -q openssh-server

Returns :
openssh-server-3.1p1-6


Solution : Upgrade to OpenSSH 3.4 or contact your vendor for a patch
Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: BugTraq ID: 5093
Common Vulnerability Exposure (CVE) ID: CVE-2002-0639
http://www.securityfocus.com/bid/5093
Bugtraq: 20020626 OpenSSH Security Advisory (adv.iss) (Google Search)
http://marc.info/?l=bugtraq&m=102514371522793&w=2
Bugtraq: 20020626 Revised OpenSSH Security Advisory (adv.iss) (Google Search)
http://marc.info/?l=bugtraq&m=102514631524575&w=2
Bugtraq: 20020626 [OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh) (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html
Bugtraq: 20020627 How to reproduce OpenSSH Overflow. (Google Search)
http://marc.info/?l=bugtraq&m=102521542826833&w=2
Caldera Security Advisory: CSSA-2002-030.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt
http://www.cert.org/advisories/CA-2002-18.html
CERT/CC vulnerability note: VU#369347
http://www.kb.cert.org/vuls/id/369347
Conectiva Linux advisory: CLA-2002:502
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502
Debian Security Information: DSA-134 (Google Search)
http://www.debian.org/security/2002/dsa-134
En Garde Linux Advisory: ESA-20020702-016
http://www.linuxsecurity.com/advisories/other_advisory-2177.html
HPdes Security Advisory: HPSBUX0206-195
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195
ISS Security Advisory: 20020626 OpenSSH Remote Challenge Vulnerability
https://web.archive.org/web/20080622172542/www.iss.net/threats/advise123.html
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040
https://twitter.com/RooneyMcNibNug/status/1152332585349111810
NETBSD Security Advisory: 2002-005
http://www.osvdb.org/6245
http://www.iss.net/security_center/static/9169.php
Common Vulnerability Exposure (CVE) ID: CVE-2002-0640
Bugtraq: 20020628 Sun statement on the OpenSSH Remote Challenge Vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=102532054613894&w=2
http://www.osvdb.org/839
http://www.redhat.com/support/errata/RHSA-2002-127.html
http://www.redhat.com/support/errata/RHSA-2002-131.html
SuSE Security Announcement: SuSE-SA:2002:024 (Google Search)
http://www.novell.com/linux/security/advisories/2002_024_openssh_txt.html
CopyrightThis script is Copyright (C) 2002 Renaud Deraison

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2025 E-Soft Inc. Todos los derechos reservados.