ID de Prueba:	1.3.6.1.4.1.25623.1.0.120628
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2016-638)
Resumen:	The remote host is missing an update for the 'openssh' package(s) announced via the ALAS-2016-638 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openssh' package(s) announced via the ALAS-2016-638 advisory. Vulnerability Insight: An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client. A buffer overflow flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to execute arbitrary code on a successfully authenticated OpenSSH client if that client used certain non-default configuration options. Affected Software/OS: 'openssh' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-0777 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html BugTraq ID: 80695 http://www.securityfocus.com/bid/80695 Bugtraq: 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 (Google Search) http://www.securityfocus.com/archive/1/537295/100/0/threaded Debian Security Information: DSA-3446 (Google Search) http://www.debian.org/security/2016/dsa-3446 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html FreeBSD Security Advisory: FreeBSD-SA-16:07 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc http://seclists.org/fulldisclosure/2016/Jan/44 https://security.gentoo.org/glsa/201601-01 http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html http://www.openwall.com/lists/oss-security/2016/01/14/7 http://www.securitytracker.com/id/1034671 SuSE Security Announcement: SUSE-SU-2016:0117 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html SuSE Security Announcement: SUSE-SU-2016:0118 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html SuSE Security Announcement: SUSE-SU-2016:0119 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html SuSE Security Announcement: SUSE-SU-2016:0120 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html SuSE Security Announcement: openSUSE-SU-2016:0127 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html SuSE Security Announcement: openSUSE-SU-2016:0128 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html http://www.ubuntu.com/usn/USN-2869-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-0778 BugTraq ID: 80698 http://www.securityfocus.com/bid/80698
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.