English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.57493
Categoría:Trustix Local Security Checks
Título:Trustix Security Advisory TSLSA-2006-0054 (openssh, openssl)
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing updates announced in
advisory TSLSA-2006-0054.

openssh < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New Upstream.
- SECURITY Fix: Tavis Ormandy of Google Security Team has reported a
vulnerability in OpenSSH, which can be exploited by malicious people
to cause a DoS. If ssh protocol 1 is enabled, this can be exploited
to cause a DoS due to CPU consumption by sending specially crafted
ssh packets.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2006-4924 to this issue.

openssl < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New Upstream.
- SECURITY Fix: Dr. S. N. Henson has discovered vulnerabilities in
OpenSSL which could be exploited by attackers to cause denial of
service.
- During the parsing of certain invalid ASN.1 structures an error
condition is mishandled. This can result in an infinite loop which
consumes system memory.
- Certain types of public key can take disproportionate amounts of
time to process. This could be used by an attacker in a denial of
service attack.
- Tavis Ormandy and Will Drewry of the Google Security Team has
discovered the following two vulnerabilities in OpenSSL :
- Fix buffer overflow in SSL_get_shared_ciphers() utility function
which could allow an attacker to send a list of ciphers to an
application that uses it and overrun a buffer.
- A flaw in the SSLv2 client code was discovered. When a client
application used OpenSSL to create an SSLv2 connection to a
malicious server, that server could cause the client to crash.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738
and CVE-2006-4343 to these issues.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0054

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-4924
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
BugTraq ID: 20216
http://www.securityfocus.com/bid/20216
Bugtraq: 20060927 rPSA-2006-0174-1 gnome-ssh-askpass openssh openssh-client openssh-server (Google Search)
http://www.securityfocus.com/archive/1/447153/100/0/threaded
Cert/CC Advisory: TA07-072A
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
CERT/CC vulnerability note: VU#787448
http://www.kb.cert.org/vuls/id/787448
Debian Security Information: DSA-1189 (Google Search)
http://www.debian.org/security/2006/dsa-1189
Debian Security Information: DSA-1212 (Google Search)
http://www.debian.org/security/2006/dsa-1212
FreeBSD Security Advisory: FreeBSD-SA-06:22.openssh
http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc
http://security.gentoo.org/glsa/glsa-200609-17.xml
http://security.gentoo.org/glsa/glsa-200611-06.xml
HPdes Security Advisory: HPSBUX02178
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112
HPdes Security Advisory: SSRT061267
http://www.mandriva.com/security/advisories?name=MDKSA-2006:179
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955
http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2
http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html
OpenBSD Security Advisory: [2.9] 015: SECURITY FIX: October 12, 2006
http://www.openbsd.org/errata.html#ssh
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html
http://www.osvdb.org/29152
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10462
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1193
http://www.redhat.com/support/errata/RHSA-2006-0697.html
http://www.redhat.com/support/errata/RHSA-2006-0698.html
SCO Security Bulletin: SCOSA-2008.2
ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt
http://securitytracker.com/id?1016931
http://secunia.com/advisories/21923
http://secunia.com/advisories/22091
http://secunia.com/advisories/22116
http://secunia.com/advisories/22158
http://secunia.com/advisories/22164
http://secunia.com/advisories/22183
http://secunia.com/advisories/22196
http://secunia.com/advisories/22208
http://secunia.com/advisories/22236
http://secunia.com/advisories/22245
http://secunia.com/advisories/22270
http://secunia.com/advisories/22298
http://secunia.com/advisories/22352
http://secunia.com/advisories/22362
http://secunia.com/advisories/22487
http://secunia.com/advisories/22495
http://secunia.com/advisories/22823
http://secunia.com/advisories/22926
http://secunia.com/advisories/23038
http://secunia.com/advisories/23241
http://secunia.com/advisories/23340
http://secunia.com/advisories/23680
http://secunia.com/advisories/24479
http://secunia.com/advisories/24799
http://secunia.com/advisories/24805
http://secunia.com/advisories/25608
http://secunia.com/advisories/29371
http://secunia.com/advisories/34274
SGI Security Advisory: 20061001-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102962-1
SuSE Security Announcement: SUSE-SA:2006:062 (Google Search)
http://www.novell.com/linux/security/advisories/2006_62_openssh.html
SuSE Security Announcement: SUSE-SR:2006:024 (Google Search)
http://www.novell.com/linux/security/advisories/2006_24_sr.html
http://www.trustix.org/errata/2006/0054
http://www.ubuntu.com/usn/usn-355-1
http://www.vupen.com/english/advisories/2006/3777
http://www.vupen.com/english/advisories/2006/4401
http://www.vupen.com/english/advisories/2006/4869
http://www.vupen.com/english/advisories/2007/0930
http://www.vupen.com/english/advisories/2007/1332
http://www.vupen.com/english/advisories/2007/2119
http://www.vupen.com/english/advisories/2009/0740
XForce ISS Database: openssh-block-dos(29158)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29158
Common Vulnerability Exposure (CVE) ID: CVE-2006-2937
1016943
http://securitytracker.com/id?1016943
102668
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1
102747
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1
200585
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1
2006-0054
20060928 [SECURITY] OpenSSL 0.9.8d and 0.9.7l released
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html
20060928 rPSA-2006-0175-1 openssl openssl-scripts
http://www.securityfocus.com/archive/1/447318/100/0/threaded
20060929 rPSA-2006-0175-2 openssl openssl-scripts
http://www.securityfocus.com/archive/1/447393/100/0/threaded
20061001-01-P
20061108 Multiple Vulnerabilities in OpenSSL Library
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html
20061108 Multiple Vulnerabilities in OpenSSL library
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml
20070110 VMware ESX server security updates
http://www.securityfocus.com/archive/1/456546/100/200/threaded
20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
http://www.securityfocus.com/archive/1/489739/100/0/threaded
201534
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1
20248
http://www.securityfocus.com/bid/20248
22094
http://secunia.com/advisories/22094
22116
22130
http://secunia.com/advisories/22130
22165
http://secunia.com/advisories/22165
22166
http://secunia.com/advisories/22166
22172
http://secunia.com/advisories/22172
22186
http://secunia.com/advisories/22186
22193
http://secunia.com/advisories/22193
22207
http://secunia.com/advisories/22207
22212
http://secunia.com/advisories/22212
22216
http://secunia.com/advisories/22216
22220
http://secunia.com/advisories/22220
22240
http://secunia.com/advisories/22240
22259
http://secunia.com/advisories/22259
22260
http://secunia.com/advisories/22260
22284
http://secunia.com/advisories/22284
22298
22330
http://secunia.com/advisories/22330
22385
http://secunia.com/advisories/22385
22460
http://secunia.com/advisories/22460
22487
22544
http://secunia.com/advisories/22544
22626
http://secunia.com/advisories/22626
22671
http://secunia.com/advisories/22671
22758
http://secunia.com/advisories/22758
22772
http://secunia.com/advisories/22772
22799
http://secunia.com/advisories/22799
23038
23131
http://secunia.com/advisories/23131
23155
http://secunia.com/advisories/23155
23280
http://secunia.com/advisories/23280
23309
http://secunia.com/advisories/23309
23340
23351
http://secunia.com/advisories/23351
23680
23915
http://secunia.com/advisories/23915
24930
http://secunia.com/advisories/24930
24950
http://secunia.com/advisories/24950
25889
http://secunia.com/advisories/25889
26329
http://secunia.com/advisories/26329
28276
http://www.securityfocus.com/bid/28276
29260
http://www.osvdb.org/29260
30124
http://secunia.com/advisories/30124
31492
http://secunia.com/advisories/31492
31531
http://secunia.com/advisories/31531
ADV-2006-3820
http://www.vupen.com/english/advisories/2006/3820
ADV-2006-3860
http://www.vupen.com/english/advisories/2006/3860
ADV-2006-3869
http://www.vupen.com/english/advisories/2006/3869
ADV-2006-3902
http://www.vupen.com/english/advisories/2006/3902
ADV-2006-3936
http://www.vupen.com/english/advisories/2006/3936
ADV-2006-4019
http://www.vupen.com/english/advisories/2006/4019
ADV-2006-4036
http://www.vupen.com/english/advisories/2006/4036
ADV-2006-4264
http://www.vupen.com/english/advisories/2006/4264
ADV-2006-4327
http://www.vupen.com/english/advisories/2006/4327
ADV-2006-4329
http://www.vupen.com/english/advisories/2006/4329
ADV-2006-4401
ADV-2006-4417
http://www.vupen.com/english/advisories/2006/4417
ADV-2006-4750
http://www.vupen.com/english/advisories/2006/4750
ADV-2006-4761
http://www.vupen.com/english/advisories/2006/4761
ADV-2006-4980
http://www.vupen.com/english/advisories/2006/4980
ADV-2007-0343
http://www.vupen.com/english/advisories/2007/0343
ADV-2007-1401
http://www.vupen.com/english/advisories/2007/1401
ADV-2007-2315
http://www.vupen.com/english/advisories/2007/2315
ADV-2007-2783
http://www.vupen.com/english/advisories/2007/2783
ADV-2008-0905
http://www.vupen.com/english/advisories/2008/0905/references
ADV-2008-2396
http://www.vupen.com/english/advisories/2008/2396
APPLE-SA-2006-11-28
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
DSA-1185
http://www.debian.org/security/2006/dsa-1185
FreeBSD-SA-06:23.openssl
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc
GLSA-200610-11
http://security.gentoo.org/glsa/glsa-200610-11.xml
GLSA-200612-11
http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml
HPSBMA02250
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771
HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPSBTU02207
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
HPSBUX02174
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
HPSBUX02186
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
MDKSA-2006:172
http://www.mandriva.com/security/advisories?name=MDKSA-2006:172
MDKSA-2006:177
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177
MDKSA-2006:178
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178
NetBSD-SA2008-007
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
OpenPKG-SA-2006.021
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html
RHSA-2006:0695
http://www.redhat.com/support/errata/RHSA-2006-0695.html
RHSA-2008:0629
http://www.redhat.com/support/errata/RHSA-2008-0629.html
SSA:2006-272-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946
SSRT061213
SSRT061239
SSRT061275
SSRT071299
SSRT071304
SSRT090208
SUSE-SA:2006:058
http://www.novell.com/linux/security/advisories/2006_58_openssl.html
SUSE-SR:2006:024
TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
USN-353-1
http://www.ubuntu.com/usn/usn-353-1
VU#247744
http://www.kb.cert.org/vuls/id/247744
[3.9] 20061007 013: SECURITY FIX: October 7, 2006
http://openbsd.org/errata.html#openssl2
[bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised]
http://marc.info/?l=bind-announce&m=116253119512445&w=2
[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
http://docs.info.apple.com/article.html?artnum=304829
http://issues.rpath.com/browse/RPL-613
http://kolab.org/security/kolab-vendor-notice-11.txt
http://openvpn.net/changelog.html
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227
http://support.attachmate.com/techdocs/2374.html
http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
http://www.arkoon.fr/upload/alertes/37AK-2006-06-FR-1.1_FAST360_OPENSSL_ASN1.pdf
http://www.arkoon.fr/upload/alertes/41AK-2006-08-FR-1.1_SSL360_OPENSSL_ASN1.pdf
http://www.f-secure.com/security/fsc-2006-6.shtml
http://www.openssl.org/news/secadv_20060928.txt
http://www.serv-u.com/releasenotes/
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf
openssl-asn1-error-dos(29228)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29228
oval:org.mitre.oval:def:10560
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10560
Common Vulnerability Exposure (CVE) ID: CVE-2006-2940
1017522
http://securitytracker.com/id?1017522
20247
http://www.securityfocus.com/bid/20247
22083
http://www.securityfocus.com/bid/22083
22500
http://secunia.com/advisories/22500
23794
http://secunia.com/advisories/23794
26893
http://secunia.com/advisories/26893
29261
http://www.osvdb.org/29261
DSA-1195
http://www.debian.org/security/2006/dsa-1195
USN-353-2
http://www.ubuntu.com/usn/usn-353-2
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en
https://issues.rpath.com/browse/RPL-1633
openssl-publickey-dos(29230)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29230
oval:org.mitre.oval:def:10311
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10311
Common Vulnerability Exposure (CVE) ID: CVE-2006-3738
102711
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1
20070602 Recent OpenSSL exploits
http://www.securityfocus.com/archive/1/470460/100/0/threaded
201531
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1
20249
http://www.securityfocus.com/bid/20249
22633
http://secunia.com/advisories/22633
22654
http://secunia.com/advisories/22654
22791
http://secunia.com/advisories/22791
29262
http://www.osvdb.org/29262
30161
http://secunia.com/advisories/30161
ADV-2006-4314
http://www.vupen.com/english/advisories/2006/4314
ADV-2006-4443
http://www.vupen.com/english/advisories/2006/4443
FreeBSD-SA-06:23
GLSA-200805-07
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
VU#547300
http://www.kb.cert.org/vuls/id/547300
http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=498093&RenditionID=&poid=8881
openssl-sslgetsharedciphers-bo(29237)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29237
oval:org.mitre.oval:def:4256
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4256
oval:org.mitre.oval:def:9370
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9370
Common Vulnerability Exposure (CVE) ID: CVE-2006-4343
20246
http://www.securityfocus.com/bid/20246
25420
http://secunia.com/advisories/25420
29263
http://www.osvdb.org/29263
4773
https://www.exploit-db.com/exploits/4773
ADV-2007-1973
http://www.vupen.com/english/advisories/2007/1973
VU#386964
http://www.kb.cert.org/vuls/id/386964
http://www.ingate.com/relnote-452.php
openssl-sslv2-client-dos(29240)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29240
oval:org.mitre.oval:def:10207
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10207
oval:org.mitre.oval:def:4356
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4356
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.