 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.64992 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2009:1470 |
| Resumen: | The remote host is missing updates announced in;advisory RHSA-2009:1470.;;OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These;packages include the core files necessary for both the OpenSSH client and;server.;;A Red Hat specific patch used in the openssh packages as shipped in Red;Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership;requirements for directories used as arguments for the ChrootDirectory;configuration options. A malicious user that also has or previously had;non-chroot shell access to a system could possibly use this flaw to;escalate their privileges and run commands as any system user.;(CVE-2009-2904);;All OpenSSH users are advised to upgrade to these updated packages, which;contain a backported patch to resolve this issue. After installing this;update, the OpenSSH server daemon (sshd) will be restarted automatically. |
| Descripción: | Summary: The remote host is missing updates announced in advisory RHSA-2009:1470. OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A Red Hat specific patch used in the openssh packages as shipped in Red Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership requirements for directories used as arguments for the ChrootDirectory configuration options. A malicious user that also has or previously had non-chroot shell access to a system could possibly use this flaw to escalate their privileges and run commands as any system user. (CVE-2009-2904) All OpenSSH users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-2904 36552 http://www.securityfocus.com/bid/36552 38794 http://secunia.com/advisories/38794 38834 http://secunia.com/advisories/38834 39182 http://secunia.com/advisories/39182 58495 http://osvdb.org/58495 ADV-2010-0528 http://www.vupen.com/english/advisories/2010/0528 FEDORA-2010-5429 http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html RHSA-2009:1470 https://rhn.redhat.com/errata/RHSA-2009-1470.html [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates http://lists.vmware.com/pipermail/security-announce/2010/000082.html https://bugzilla.redhat.com/show_bug.cgi?id=522141 oval:org.mitre.oval:def:9862 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862 |
| Copyright | Copyright (C) 2009 E-Soft Inc. |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |