Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2009-1287)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.122441
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2009-1287)
Summary:	The remote host is missing an update for the 'openssh' package(s) announced via the ELSA-2009-1287 advisory.
Description:	Summary: The remote host is missing an update for the 'openssh' package(s) announced via the ELSA-2009-1287 advisory. Vulnerability Insight: [4.3p2-36] - tiny change in chroot sftp capability into openssh-server solve ls speed problem (#440240) [4.3p2-35] - workaround to plaintext recovery attack against CBC ciphers CVE-2008-5161 (#502230) [4.3p2-34] - disable protocol 1 in the FIPS mode [4.3p2-33] - fix scp hangup on exit (#454812) - call integrity checks only on binaries which are part of the OpenSSH FIPS modules [4.3p2-32] - log if FIPS mode is initialized (#492363) - check the integrity of the binaries in the FIPS mode (#467268) [4.3p2-31] - fix ssh hangup on exit (#454812) [4.3p2-30] - add chroot sftp capability into openssh-server (#440240) Affected Software/OS: 'openssh' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5161 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html BugTraq ID: 32319 http://www.securityfocus.com/bid/32319 Bugtraq: 20081121 OpenSSH security advisory: cbc.adv (Google Search) http://www.securityfocus.com/archive/1/498558/100/0/threaded Bugtraq: 20081123 Revised: OpenSSH security advisory: cbc.adv (Google Search) http://www.securityfocus.com/archive/1/498579/100/0/threaded CERT/CC vulnerability note: VU#958563 http://www.kb.cert.org/vuls/id/958563 HPdes Security Advisory: HPSBMA02447 http://marc.info/?l=bugtraq&m=125017764422557&w=2 HPdes Security Advisory: SSRT090062 http://isc.sans.org/diary.html?storyid=5366 http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt http://osvdb.org/49872 http://osvdb.org/50035 http://osvdb.org/50036 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279 RedHat Security Advisories: RHSA-2009:1287 http://rhn.redhat.com/errata/RHSA-2009-1287.html http://www.securitytracker.com/id?1021235 http://www.securitytracker.com/id?1021236 http://www.securitytracker.com/id?1021382 http://secunia.com/advisories/32740 http://secunia.com/advisories/32760 http://secunia.com/advisories/32833 http://secunia.com/advisories/33121 http://secunia.com/advisories/33308 http://secunia.com/advisories/34857 http://secunia.com/advisories/36558 http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1 http://www.vupen.com/english/advisories/2008/3172 http://www.vupen.com/english/advisories/2008/3173 http://www.vupen.com/english/advisories/2008/3409 http://www.vupen.com/english/advisories/2009/1135 http://www.vupen.com/english/advisories/2009/3184 XForce ISS Database: openssh-sshtectia-cbc-info-disclosure(46620) https://exchange.xforce.ibmcloud.com/vulnerabilities/46620
Copyright	Copyright (C) 2015 Greenbone AG