CentOS Local Security Checks : CentOS Update for openssh CESA-2012:0884 centos6

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.881183

Categoría: CentOS Local Security Checks

Título: CentOS Update for openssh CESA-2012:0884 centos6

Resumen: The remote host is missing an update for the 'openssh'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'openssh'
package(s) announced via the referenced advisory.

Vulnerability Insight:
OpenSSH is OpenBSD's Secure Shell (SSH) protocol implementation. These
packages include the core files necessary for the OpenSSH client and
server.

A denial of service flaw was found in the OpenSSH GSSAPI authentication
implementation. A remote, authenticated user could use this flaw to make
the OpenSSH server daemon (sshd) use an excessive amount of memory, leading
to a denial of service. GSSAPI authentication is enabled by default
('GSSAPIAuthentication yes' in '/etc/ssh/sshd_config'). (CVE-2011-5000)

These updated openssh packages also provide fixes for the following bugs:

* SSH X11 forwarding failed if IPv6 was enabled and the parameter
X11UseLocalhost was set to 'no'. Consequently, users could not set X
forwarding. This update fixes sshd and ssh to correctly bind the port for
the IPv6 protocol. As a result, X11 forwarding now works as expected with
IPv6. (BZ#732955)

* The sshd daemon was killed by the OOM killer when running a stress test.
Consequently, a user could not log in. With this update, the sshd daemon
sets its oom_adj value to -17. As a result, sshd is not chosen by OOM
killer and users are able to log in to solve problems with memory.
(BZ#744236)

* If the SSH server is configured with a banner that contains a backslash
character, then the client will escape it with another '\' character, so it
prints double backslashes. An upstream patch has been applied to correct
the problem and the SSH banner is now correctly displayed. (BZ#809619)

In addition, these updated openssh packages provide the following
enhancements:

* Previously, SSH allowed multiple ways of authentication of which only one
was required for a successful login. SSH can now be set up to require
multiple ways of authentication. For example, logging in to an SSH-enabled
machine requires both a passphrase and a public key to be entered. The
RequiredAuthentications1 and RequiredAuthentications2 options can be
configured in the /etc/ssh/sshd_config file to specify authentications that
are required for a successful login. For example, to set key and password
authentication for SSH version 2, type:

echo 'RequiredAuthentications2 publickey, password' >> /etc/ssh/sshd_config

For more information on the aforementioned /etc/ssh/sshd_config options,
refer to the sshd_config man page. (BZ#657378)

* Previously, OpenSSH could use the Advanced Encryption Standard New
Instructions (AES-NI) instruction set only with the AES Cipher-block
chaining (CBC) cipher. This update adds ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
openssh on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
3.5

CVSS Vector:
AV:N/AC:M/Au:S/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-5000
http://seclists.org/fulldisclosure/2011/Aug/2
http://site.pi3.com.pl/adv/ssh_1.txt
RedHat Security Advisories: RHSA-2012:0884
http://rhn.redhat.com/errata/RHSA-2012-0884.html

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.881183
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for openssh CESA-2012:0884 centos6
Resumen:	The remote host is missing an update for the 'openssh'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'openssh' package(s) announced via the referenced advisory. Vulnerability Insight: OpenSSH is OpenBSD's Secure Shell (SSH) protocol implementation. These packages include the core files necessary for the OpenSSH client and server. A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the OpenSSH server daemon (sshd) use an excessive amount of memory, leading to a denial of service. GSSAPI authentication is enabled by default ('GSSAPIAuthentication yes' in '/etc/ssh/sshd_config'). (CVE-2011-5000) These updated openssh packages also provide fixes for the following bugs: * SSH X11 forwarding failed if IPv6 was enabled and the parameter X11UseLocalhost was set to 'no'. Consequently, users could not set X forwarding. This update fixes sshd and ssh to correctly bind the port for the IPv6 protocol. As a result, X11 forwarding now works as expected with IPv6. (BZ#732955) * The sshd daemon was killed by the OOM killer when running a stress test. Consequently, a user could not log in. With this update, the sshd daemon sets its oom_adj value to -17. As a result, sshd is not chosen by OOM killer and users are able to log in to solve problems with memory. (BZ#744236) * If the SSH server is configured with a banner that contains a backslash character, then the client will escape it with another '\' character, so it prints double backslashes. An upstream patch has been applied to correct the problem and the SSH banner is now correctly displayed. (BZ#809619) In addition, these updated openssh packages provide the following enhancements: * Previously, SSH allowed multiple ways of authentication of which only one was required for a successful login. SSH can now be set up to require multiple ways of authentication. For example, logging in to an SSH-enabled machine requires both a passphrase and a public key to be entered. The RequiredAuthentications1 and RequiredAuthentications2 options can be configured in the /etc/ssh/sshd_config file to specify authentications that are required for a successful login. For example, to set key and password authentication for SSH version 2, type: echo 'RequiredAuthentications2 publickey, password' >> /etc/ssh/sshd_config For more information on the aforementioned /etc/ssh/sshd_config options, refer to the sshd_config man page. (BZ#657378) * Previously, OpenSSH could use the Advanced Encryption Standard New Instructions (AES-NI) instruction set only with the AES Cipher-block chaining (CBC) cipher. This update adds ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: openssh on CentOS 6 Solution: Please install the updated packages. CVSS Score: 3.5 CVSS Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-5000 http://seclists.org/fulldisclosure/2011/Aug/2 http://site.pi3.com.pl/adv/ssh_1.txt RedHat Security Advisories: RHSA-2012:0884 http://rhn.redhat.com/errata/RHSA-2012-0884.html
Copyright	Copyright (C) 2012 Greenbone AG