ID de Prueba:	1.3.6.1.4.1.25623.1.0.56370
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2006:0044
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2006:0044. OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server. An arbitrary command execution flaw was discovered in the way scp copies files locally. It is possible for a local attacker to create a file with a carefully crafted name that could execute arbitrary commands as the user running scp to copy files locally. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-0225 to this issue. The following issue has also been fixed in this update: * If the sshd service was stopped using the sshd init script while the main sshd daemon was not running, the init script would kill other sshd processes, such as the running sessions. For example, this could happen when the 'service sshd stop' command was issued twice. Additionally, this update implements auditing of user logins through the system audit service. All users of openssh should upgrade to these updated packages, which resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0044.html Risk factor : Medium CVSS Score: 4.6
Referencia Cruzada:	BugTraq ID: 16369 Common Vulnerability Exposure (CVE) ID: CVE-2006-0225 1015540 http://securitytracker.com/id?1015540 102961 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1 16369 http://www.securityfocus.com/bid/16369 18579 http://secunia.com/advisories/18579 18595 http://secunia.com/advisories/18595 18650 http://secunia.com/advisories/18650 18736 http://secunia.com/advisories/18736 18798 http://secunia.com/advisories/18798 18850 http://secunia.com/advisories/18850 18910 http://secunia.com/advisories/18910 18964 http://secunia.com/advisories/18964 18969 http://secunia.com/advisories/18969 18970 http://secunia.com/advisories/18970 19159 http://secunia.com/advisories/19159 2006-0004 http://www.trustix.org/errata/2006/0004 20060212 [3.8] 005: SECURITY FIX: February 12, 2006 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch 20060703-01-P ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc 20723 http://secunia.com/advisories/20723 21129 http://secunia.com/advisories/21129 21262 http://secunia.com/advisories/21262 21492 http://secunia.com/advisories/21492 21724 http://secunia.com/advisories/21724 22196 http://secunia.com/advisories/22196 22692 http://www.osvdb.org/22692 23241 http://secunia.com/advisories/23241 23340 http://secunia.com/advisories/23340 23680 http://secunia.com/advisories/23680 24479 http://secunia.com/advisories/24479 25607 http://secunia.com/advisories/25607 25936 http://secunia.com/advisories/25936 462 http://securityreason.com/securityalert/462 ADV-2006-0306 http://www.vupen.com/english/advisories/2006/0306 ADV-2006-2490 http://www.vupen.com/english/advisories/2006/2490 ADV-2006-4869 http://www.vupen.com/english/advisories/2006/4869 ADV-2007-0930 http://www.vupen.com/english/advisories/2007/0930 ADV-2007-2120 http://www.vupen.com/english/advisories/2007/2120 APPLE-SA-2007-03-13 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html FEDORA-2006-056 http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00062.html FLSA-2006:168935 http://www.securityfocus.com/archive/1/425397/100/0/threaded GLSA-200602-11 http://www.gentoo.org/security/en/glsa/glsa-200602-11.xml HPSBUX02178 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112 MDKSA-2006:034 http://www.mandriva.com/security/advisories?name=MDKSA-2006:034 OpenPKG-SA-2006.003 http://www.openpkg.org/security/OpenPKG-SA-2006.003-openssh.html RHSA-2006:0044 http://www.redhat.com/support/errata/RHSA-2006-0044.html RHSA-2006:0298 http://www.redhat.com/support/errata/RHSA-2006-0298.html RHSA-2006:0698 http://www.redhat.com/support/errata/RHSA-2006-0698.html SSA:2006-045-06 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.425802 SSRT061267 SUSE-SA:2006:008 http://www.novell.com/linux/security/advisories/2006_08_openssh.html TA07-072A http://www.us-cert.gov/cas/techalerts/TA07-072A.html USN-255-1 http://www.ubuntu.com/usn/usn-255-1 http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability http://docs.info.apple.com/article.html?artnum=305214 http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026 openssh-scp-command-execution(24305) https://exchange.xforce.ibmcloud.com/vulnerabilities/24305 oval:org.mitre.oval:def:1138 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1138 oval:org.mitre.oval:def:9962 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9962
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.