ID de Prueba:	1.3.6.1.4.1.25623.1.0.55455
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:550
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:550. A bug was found in the way the OpenSSH server handled the MaxStartups and LoginGraceTime configuration variables. A malicious user could connect to the SSH daemon in such a way that it would prevent additional logins from occuring until the malicious connections are closed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-2069 to this issue. Additionally, the following issues are resolved with this update: - - The -q option of the ssh client did not suppress the banner message sent by the server, which caused errors when used in scripts. - - The sshd daemon failed to close the client connection if multiple X clients were forwarded over the connection and the client session exited. - - The sftp client leaked memory if used for extended periods. - - The sshd daemon called the PAM functions incorrectly if the user was unknown on the system. All users of openssh should upgrade to these updated packages, which contain backported patches and resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-550.html Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	BugTraq ID: 14963 Common Vulnerability Exposure (CVE) ID: CVE-2004-2069 14963 http://www.securityfocus.com/bid/14963 16567 http://www.osvdb.org/16567 17000 http://secunia.com/advisories/17000 17135 http://secunia.com/advisories/17135 17252 http://secunia.com/advisories/17252 20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 http://www.securityfocus.com/archive/1/451404/100/0/threaded 20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2 http://www.securityfocus.com/archive/1/451417/100/200/threaded 20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2 http://www.securityfocus.com/archive/1/451426/100/200/threaded 22875 http://secunia.com/advisories/22875 23680 http://secunia.com/advisories/23680 ADV-2006-4502 http://www.vupen.com/english/advisories/2006/4502 FLSA-2006:168935 http://www.securityfocus.com/archive/1/425397/100/0/threaded RHSA-2005:550 http://rhn.redhat.com/errata/RHSA-2005-550.html [openssh-unix-dev] 20040127 OpenSSH - Connection problem when LoginGraceTime exceeds time http://marc.info/?l=openssh-unix-dev&m=107520317020444&w=2 [openssh-unix-dev] 20040128 Re: OpenSSH - Connection problem when LoginGraceTime exceeds time http://marc.info/?l=openssh-unix-dev&m=107529205602320&w=2 http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf http://www.vmware.com/download/esx/esx-202-200610-patch.html http://www.vmware.com/download/esx/esx-213-200610-patch.html http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html openssh-sshdc-logingracetime-dos(20930) https://exchange.xforce.ibmcloud.com/vulnerabilities/20930 oval:org.mitre.oval:def:11541 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11541
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.