Test ID:	1.3.6.1.4.1.25623.1.0.122637
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2007-0540)
Summary:	The remote host is missing an update for the 'openssh' package(s) announced via the ELSA-2007-0540 advisory.
Description:	Summary: The remote host is missing an update for the 'openssh' package(s) announced via the ELSA-2007-0540 advisory. Vulnerability Insight: [4.3p2-24] - fixed audit log injection problem (CVE-2007-3102) (#248059) [4.3p2-23] - document where the nss certificate and token dbs are looked for [4.3p2-22] - experimental support for PKCS#11 tokens through libnss3 (#183423) [4.3p2-21] - fix an information leak in Kerberos password authentication (CVE-2006-5052) (#234638) - correctly setup context when empty level requested (#234951) [4.3p2-20] - and always request default level as returned by getseuserbyname (#231695) [4.3p2-19] - check requested level context against a context with the same role (#231695) [4.3p2-18] - reject connection if requested mls range is not obtained (#229278) [4.3p2-17] - allow selecting non-default roles and audit role changes (#227733) Affected Software/OS: 'openssh' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5052 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html BugTraq ID: 20245 http://www.securityfocus.com/bid/20245 Bugtraq: 20061005 rPSA-2006-0185-1 gnome-ssh-askpass openssh openssh-client openssh-server (Google Search) http://www.securityfocus.com/archive/1/447861/100/200/threaded Cert/CC Advisory: TA07-072A http://www.us-cert.gov/cas/techalerts/TA07-072A.html http://security.gentoo.org/glsa/glsa-200611-06.xml http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2 http://www.osvdb.org/29266 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10178 RedHat Security Advisories: RHSA-2006:0697 http://rhn.redhat.com/errata/RHSA-2006-0697.html http://www.redhat.com/support/errata/RHSA-2007-0540.html http://www.redhat.com/support/errata/RHSA-2007-0703.html http://securitytracker.com/id?1016939 http://secunia.com/advisories/22158 http://secunia.com/advisories/22173 http://secunia.com/advisories/22495 http://secunia.com/advisories/22823 http://secunia.com/advisories/24479 http://secunia.com/advisories/27588 http://secunia.com/advisories/28320 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566 SuSE Security Announcement: SUSE-SA:2006:062 (Google Search) http://www.novell.com/linux/security/advisories/2006_62_openssh.html http://www.vupen.com/english/advisories/2007/0930 XForce ISS Database: openssh-gssapi-user-enumeration(29255) https://exchange.xforce.ibmcloud.com/vulnerabilities/29255 Common Vulnerability Exposure (CVE) ID: CVE-2007-3102 BugTraq ID: 26097 http://www.securityfocus.com/bid/26097 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html https://bugzilla.redhat.com/show_bug.cgi?id=248059 http://osvdb.org/39214 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11124 http://www.redhat.com/support/errata/RHSA-2007-0555.html http://www.redhat.com/support/errata/RHSA-2007-0737.html http://secunia.com/advisories/27235 http://secunia.com/advisories/27590 http://secunia.com/advisories/28319
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.