English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.55548
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDKSA-2005:172 (openssh)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to openssh
announced via advisory MDKSA-2005:172.

Sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled,
allows GSSAPI credentials to be delegated to clients who log in using
non-GSSAPI methods, which could cause those credentials to be exposed
to untrusted users or hosts.

GSSAPI is only enabled in versions of openssh shipped in LE2005 and
greater.

The updated packages have been patched to correct this issue.

Affected versions: 10.2

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2798

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: BugTraq ID: 14729
Common Vulnerability Exposure (CVE) ID: CVE-2005-2798
1014845
http://securitytracker.com/id?1014845
14729
http://www.securityfocus.com/bid/14729
16686
http://secunia.com/advisories/16686
17077
http://secunia.com/advisories/17077
17245
http://secunia.com/advisories/17245
18010
http://secunia.com/advisories/18010
18406
http://secunia.com/advisories/18406
18507
http://secunia.com/advisories/18507
18661
http://secunia.com/advisories/18661
18717
http://secunia.com/advisories/18717
19141
http://www.osvdb.org/19141
ADV-2006-0144
http://www.vupen.com/english/advisories/2006/0144
HPSBUX02090
http://www.securityfocus.com/archive/1/421411/100/0/threaded
MDKSA-2005:172
http://www.mandriva.com/security/advisories?name=MDKSA-2005:172
RHSA-2005:527
http://www.redhat.com/support/errata/RHSA-2005-527.html
SCOSA-2005.53
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt
SSRT051058
SUSE-SR:2006:003
http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html
USN-209-1
https://usn.ubuntu.com/209-1/
[openssh-unix-announce] 20050901 Announce: OpenSSH 4.2 released
http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html
hpux-secure-shell-dos(24064)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24064
http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-033.htm
oval:org.mitre.oval:def:1345
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1345
oval:org.mitre.oval:def:1566
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1566
oval:org.mitre.oval:def:9717
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9717
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.