Gentoo Local Security Checks : Gentoo Security Advisory GLSA 201405-06

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.121181

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 201405-06

Resumen: Gentoo Linux Local Security Checks GLSA 201405-06

Descripción: Summary:
Gentoo Linux Local Security Checks GLSA 201405-06

Vulnerability Insight:
Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details.

Solution:
Update the affected packages to the latest available version.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-5161
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
BugTraq ID: 32319
http://www.securityfocus.com/bid/32319
Bugtraq: 20081121 OpenSSH security advisory: cbc.adv (Google Search)
http://www.securityfocus.com/archive/1/498558/100/0/threaded
Bugtraq: 20081123 Revised: OpenSSH security advisory: cbc.adv (Google Search)
http://www.securityfocus.com/archive/1/498579/100/0/threaded
CERT/CC vulnerability note: VU#958563
http://www.kb.cert.org/vuls/id/958563
HPdes Security Advisory: HPSBMA02447
http://marc.info/?l=bugtraq&m=125017764422557&w=2
HPdes Security Advisory: SSRT090062
http://isc.sans.org/diary.html?storyid=5366
http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
http://osvdb.org/49872
http://osvdb.org/50035
http://osvdb.org/50036
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279
RedHat Security Advisories: RHSA-2009:1287
http://rhn.redhat.com/errata/RHSA-2009-1287.html
http://www.securitytracker.com/id?1021235
http://www.securitytracker.com/id?1021236
http://www.securitytracker.com/id?1021382
http://secunia.com/advisories/32740
http://secunia.com/advisories/32760
http://secunia.com/advisories/32833
http://secunia.com/advisories/33121
http://secunia.com/advisories/33308
http://secunia.com/advisories/34857
http://secunia.com/advisories/36558
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1
http://www.vupen.com/english/advisories/2008/3172
http://www.vupen.com/english/advisories/2008/3173
http://www.vupen.com/english/advisories/2008/3409
http://www.vupen.com/english/advisories/2009/1135
http://www.vupen.com/english/advisories/2009/3184
XForce ISS Database: openssh-sshtectia-cbc-info-disclosure(46620)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46620
Common Vulnerability Exposure (CVE) ID: CVE-2010-4478
http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf
https://github.com/seb-m/jpake
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338
Common Vulnerability Exposure (CVE) ID: CVE-2010-4755
http://cxib.net/stuff/glob-0day.c
http://securityreason.com/exploitalert/9223
NETBSD Security Advisory: NetBSD-SA2010-008
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc
http://securityreason.com/securityalert/8116
http://securityreason.com/achievement_securityalert/89
Common Vulnerability Exposure (CVE) ID: CVE-2010-5107
BugTraq ID: 58162
http://www.securityfocus.com/bid/58162
HPdes Security Advisory: HPSBMU03409
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://www.openwall.com/lists/oss-security/2013/02/07/3
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19515
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19595
RedHat Security Advisories: RHSA-2013:1591
http://rhn.redhat.com/errata/RHSA-2013-1591.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-5000
http://seclists.org/fulldisclosure/2011/Aug/2
http://site.pi3.com.pl/adv/ssh_1.txt
RedHat Security Advisories: RHSA-2012:0884
http://rhn.redhat.com/errata/RHSA-2012-0884.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-0814
51702
http://www.securityfocus.com/bid/51702
78706
http://osvdb.org/78706
[oss-security] 20120126 CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients
http://openwall.com/lists/oss-security/2012/01/26/15
[oss-security] 20120126 Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients
http://openwall.com/lists/oss-security/2012/01/26/16
http://openwall.com/lists/oss-security/2012/01/27/1
[oss-security] 20120127 Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients
http://openwall.com/lists/oss-security/2012/01/27/4
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53%3Br2=1.54
opensshserver-commands-info-disc(72756)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72756
Common Vulnerability Exposure (CVE) ID: CVE-2014-2532
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
BugTraq ID: 66355
http://www.securityfocus.com/bid/66355
Debian Security Information: DSA-2894 (Google Search)
http://www.debian.org/security/2014/dsa-2894
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html
HPdes Security Advisory: HPSBUX03188
http://marc.info/?l=bugtraq&m=141576985122836&w=2
HPdes Security Advisory: SSRT101487
http://www.mandriva.com/security/advisories?name=MDVSA-2014:068
http://www.mandriva.com/security/advisories?name=MDVSA-2015:095
http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2
RedHat Security Advisories: RHSA-2014:1552
http://rhn.redhat.com/errata/RHSA-2014-1552.html
http://www.securitytracker.com/id/1029925
http://secunia.com/advisories/57488
http://secunia.com/advisories/57574
http://secunia.com/advisories/59313
http://secunia.com/advisories/59855
http://www.ubuntu.com/usn/USN-2155-1
XForce ISS Database: openssh-cve20142532-sec-bypass(91986)
https://exchange.xforce.ibmcloud.com/vulnerabilities/91986

Copyright Copyright (C) 2015 Eero Volotinen

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.121181
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 201405-06
Resumen:	Gentoo Linux Local Security Checks GLSA 201405-06
Descripción:	Summary: Gentoo Linux Local Security Checks GLSA 201405-06 Vulnerability Insight: Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. Solution: Update the affected packages to the latest available version. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5161 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html BugTraq ID: 32319 http://www.securityfocus.com/bid/32319 Bugtraq: 20081121 OpenSSH security advisory: cbc.adv (Google Search) http://www.securityfocus.com/archive/1/498558/100/0/threaded Bugtraq: 20081123 Revised: OpenSSH security advisory: cbc.adv (Google Search) http://www.securityfocus.com/archive/1/498579/100/0/threaded CERT/CC vulnerability note: VU#958563 http://www.kb.cert.org/vuls/id/958563 HPdes Security Advisory: HPSBMA02447 http://marc.info/?l=bugtraq&m=125017764422557&w=2 HPdes Security Advisory: SSRT090062 http://isc.sans.org/diary.html?storyid=5366 http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt http://osvdb.org/49872 http://osvdb.org/50035 http://osvdb.org/50036 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279 RedHat Security Advisories: RHSA-2009:1287 http://rhn.redhat.com/errata/RHSA-2009-1287.html http://www.securitytracker.com/id?1021235 http://www.securitytracker.com/id?1021236 http://www.securitytracker.com/id?1021382 http://secunia.com/advisories/32740 http://secunia.com/advisories/32760 http://secunia.com/advisories/32833 http://secunia.com/advisories/33121 http://secunia.com/advisories/33308 http://secunia.com/advisories/34857 http://secunia.com/advisories/36558 http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1 http://www.vupen.com/english/advisories/2008/3172 http://www.vupen.com/english/advisories/2008/3173 http://www.vupen.com/english/advisories/2008/3409 http://www.vupen.com/english/advisories/2009/1135 http://www.vupen.com/english/advisories/2009/3184 XForce ISS Database: openssh-sshtectia-cbc-info-disclosure(46620) https://exchange.xforce.ibmcloud.com/vulnerabilities/46620 Common Vulnerability Exposure (CVE) ID: CVE-2010-4478 http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf https://github.com/seb-m/jpake https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338 Common Vulnerability Exposure (CVE) ID: CVE-2010-4755 http://cxib.net/stuff/glob-0day.c http://securityreason.com/exploitalert/9223 NETBSD Security Advisory: NetBSD-SA2010-008 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc http://securityreason.com/securityalert/8116 http://securityreason.com/achievement_securityalert/89 Common Vulnerability Exposure (CVE) ID: CVE-2010-5107 BugTraq ID: 58162 http://www.securityfocus.com/bid/58162 HPdes Security Advisory: HPSBMU03409 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://www.openwall.com/lists/oss-security/2013/02/07/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19515 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19595 RedHat Security Advisories: RHSA-2013:1591 http://rhn.redhat.com/errata/RHSA-2013-1591.html Common Vulnerability Exposure (CVE) ID: CVE-2011-5000 http://seclists.org/fulldisclosure/2011/Aug/2 http://site.pi3.com.pl/adv/ssh_1.txt RedHat Security Advisories: RHSA-2012:0884 http://rhn.redhat.com/errata/RHSA-2012-0884.html Common Vulnerability Exposure (CVE) ID: CVE-2012-0814 51702 http://www.securityfocus.com/bid/51702 78706 http://osvdb.org/78706 [oss-security] 20120126 CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients http://openwall.com/lists/oss-security/2012/01/26/15 [oss-security] 20120126 Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients http://openwall.com/lists/oss-security/2012/01/26/16 http://openwall.com/lists/oss-security/2012/01/27/1 [oss-security] 20120127 Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients http://openwall.com/lists/oss-security/2012/01/27/4 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53%3Br2=1.54 opensshserver-commands-info-disc(72756) https://exchange.xforce.ibmcloud.com/vulnerabilities/72756 Common Vulnerability Exposure (CVE) ID: CVE-2014-2532 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html BugTraq ID: 66355 http://www.securityfocus.com/bid/66355 Debian Security Information: DSA-2894 (Google Search) http://www.debian.org/security/2014/dsa-2894 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html HPdes Security Advisory: HPSBUX03188 http://marc.info/?l=bugtraq&m=141576985122836&w=2 HPdes Security Advisory: SSRT101487 http://www.mandriva.com/security/advisories?name=MDVSA-2014:068 http://www.mandriva.com/security/advisories?name=MDVSA-2015:095 http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2 RedHat Security Advisories: RHSA-2014:1552 http://rhn.redhat.com/errata/RHSA-2014-1552.html http://www.securitytracker.com/id/1029925 http://secunia.com/advisories/57488 http://secunia.com/advisories/57574 http://secunia.com/advisories/59313 http://secunia.com/advisories/59855 http://www.ubuntu.com/usn/USN-2155-1 XForce ISS Database: openssh-cve20142532-sec-bypass(91986) https://exchange.xforce.ibmcloud.com/vulnerabilities/91986
Copyright	Copyright (C) 2015 Eero Volotinen