ID de Prueba:	1.3.6.1.4.1.25623.1.1.13.2016.358.02
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2016-358-02)
Resumen:	The remote host is missing an update for the 'openssh' package(s) announced via the SSA:2016-358-02 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openssh' package(s) announced via the SSA:2016-358-02 advisory. Vulnerability Insight: New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssh-7.4p1-i586-1_slack14.2.txz: Upgraded. This is primarily a bugfix release, and also addresses security issues. ssh-agent(1): Will now refuse to load PKCS#11 modules from paths outside a trusted whitelist. sshd(8): When privilege separation is disabled, forwarded Unix-domain sockets would be created by sshd(8) with the privileges of 'root'. sshd(8): Avoid theoretical leak of host private key material to privilege-separated child processes via realloc(). sshd(8): The shared memory manager used by pre-authentication compression support had a bounds checks that could be elided by some optimising compilers to potentially allow attacks against the privileged monitor. process from the sandboxed privilege-separation process. sshd(8): Validate address ranges for AllowUser and DenyUsers directives at configuration load time and refuse to accept invalid ones. It was previously possible to specify invalid CIDR address ranges (e.g. user@127.1.2.3/55) and these would always match, possibly resulting in granting access where it was not intended. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'openssh' package(s) on Slackware 13.0, Slackware 13.1, Slackware 13.37, Slackware 14.0, Slackware 14.1, Slackware 14.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-10009 BugTraq ID: 94968 http://www.securityfocus.com/bid/94968 https://www.exploit-db.com/exploits/40963/ FreeBSD Security Advisory: FreeBSD-SA-17:01 https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc http://seclists.org/fulldisclosure/2023/Jul/31 http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1009 https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html http://www.openwall.com/lists/oss-security/2016/12/19/2 http://www.openwall.com/lists/oss-security/2023/07/19/9 http://www.openwall.com/lists/oss-security/2023/07/20/1 RedHat Security Advisories: RHSA-2017:2029 https://access.redhat.com/errata/RHSA-2017:2029 http://www.securitytracker.com/id/1037490 https://usn.ubuntu.com/3538-1/ Common Vulnerability Exposure (CVE) ID: CVE-2016-10010 BugTraq ID: 94972 http://www.securityfocus.com/bid/94972 https://www.exploit-db.com/exploits/40962/ http://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1010 Common Vulnerability Exposure (CVE) ID: CVE-2016-10011 BugTraq ID: 94977 http://www.securityfocus.com/bid/94977 Common Vulnerability Exposure (CVE) ID: CVE-2016-10012 BugTraq ID: 94975 http://www.securityfocus.com/bid/94975
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.