 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.57572 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2006:0738 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory RHSA-2006:0738. OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server. An authentication flaw was found in OpenSSH's privilege separation monitor. If it ever becomes possible to alter the behavior of the unprivileged process when OpenSSH is using privilege separation, an attacker may then be able to login without possessing proper credentials. (CVE-2006-5794) Please note that this flaw by itself poses no direct threat to OpenSSH users. Without another security flaw that could allow an attacker to alter the behavior of OpenSSH's unprivileged process, this flaw cannot be exploited. There are currently no known flaws to exploit this behavior. However, we have decided to issue this erratum to fix this flaw to reduce the security impact if an unprivileged process flaw is ever found. Users of openssh should upgrade to these updated packages, which contain a backported patch to resolve this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0738.html http://www.redhat.com/security/updates/classification/#low Risk factor : High CVSS Score: 7.5 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2006-5794 BugTraq ID: 20956 http://www.securityfocus.com/bid/20956 Bugtraq: 20061109 rPSA-2006-0207-1 openssh openssh-client openssh-server (Google Search) http://www.securityfocus.com/archive/1/451100/100/0/threaded http://www.mandriva.com/security/advisories?name=MDKSA-2006:204 http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.032-openssh.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11840 RedHat Security Advisories: RHSA-2006:0738 http://rhn.redhat.com/errata/RHSA-2006-0738.html http://securitytracker.com/id?1017183 http://secunia.com/advisories/22771 http://secunia.com/advisories/22772 http://secunia.com/advisories/22773 http://secunia.com/advisories/22778 http://secunia.com/advisories/22814 http://secunia.com/advisories/22872 http://secunia.com/advisories/22932 http://secunia.com/advisories/23513 http://secunia.com/advisories/23680 http://secunia.com/advisories/24055 SGI Security Advisory: 20061201-01-P ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc SuSE Security Announcement: SUSE-SR:2006:026 (Google Search) http://www.novell.com/linux/security/advisories/2006_26_sr.html http://www.vupen.com/english/advisories/2006/4399 http://www.vupen.com/english/advisories/2006/4400 XForce ISS Database: openssh-separation-verificaton-weakness(30120) https://exchange.xforce.ibmcloud.com/vulnerabilities/30120 |
| Copyright | Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |