FreeBSD Local Security Checks : FreeBSD Ports: ssh2, ssh2-nox11

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56349

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: ssh2, ssh2-nox11

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

ssh2
ssh2-nox11

CVE-2006-0705
Format string vulnerability in a logging function as used by various
SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT
UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows
Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before
5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5)
SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell
Server 3.2.9 and earlier, allows remote authenticated users to execute
arbitrary commands via unspecified vectors, involving crafted
filenames and the stat command.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-0705
BugTraq ID: 16625
http://www.securityfocus.com/bid/16625
BugTraq ID: 16640
http://www.securityfocus.com/bid/16640
CERT/CC vulnerability note: VU#419241
http://www.kb.cert.org/vuls/id/419241
http://security.gentoo.org/glsa/glsa-200703-13.xml
HPdes Security Advisory: HPSBTU02322
http://marc.info/?l=bugtraq&m=120654385125315&w=2
HPdes Security Advisory: SSRT080011
http://securitytracker.com/id?1015619
http://secunia.com/advisories/18828
http://secunia.com/advisories/18843
http://secunia.com/advisories/24516
http://secunia.com/advisories/29552
http://www.vupen.com/english/advisories/2006/0554
http://www.vupen.com/english/advisories/2006/0555
http://www.vupen.com/english/advisories/2008/1008/references
XForce ISS Database: sftp-logging-format-string(24651)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24651

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56349
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: ssh2, ssh2-nox11
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: ssh2 ssh2-nox11 CVE-2006-0705 Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-0705 BugTraq ID: 16625 http://www.securityfocus.com/bid/16625 BugTraq ID: 16640 http://www.securityfocus.com/bid/16640 CERT/CC vulnerability note: VU#419241 http://www.kb.cert.org/vuls/id/419241 http://security.gentoo.org/glsa/glsa-200703-13.xml HPdes Security Advisory: HPSBTU02322 http://marc.info/?l=bugtraq&m=120654385125315&w=2 HPdes Security Advisory: SSRT080011 http://securitytracker.com/id?1015619 http://secunia.com/advisories/18828 http://secunia.com/advisories/18843 http://secunia.com/advisories/24516 http://secunia.com/advisories/29552 http://www.vupen.com/english/advisories/2006/0554 http://www.vupen.com/english/advisories/2006/0555 http://www.vupen.com/english/advisories/2008/1008/references XForce ISS Database: sftp-logging-format-string(24651) https://exchange.xforce.ibmcloud.com/vulnerabilities/24651
Copyright	Copyright (C) 2008 E-Soft Inc.