Test ID:	1.3.6.1.4.1.25623.1.0.55656
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-208-1 (openssh)
Summary:	Ubuntu USN-208-1 (openssh)
Description:	The remote host is missing an update to openssh announced via advisory USN-208-1. A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: openssh-server An information disclosure vulnerability has been found in the SSH server. When the GSSAPIAuthentication option was enabled, the SSH server could send GSSAPI credentials even to users who attempted to log in with a method other than GSSAPI. This could inadvertently expose these credentials to an untrusted user. Please note that this does not affect the default configuration of the SSH server. Solution: The problem can be corrected by upgrading the affected package to version 1:3.8.1p1-11ubuntu3.2 (for Ubuntu 4.10), or 1:3.9p1-1ubuntu2.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-208-1 Risk factor : Medium
Cross-Ref:	BugTraq ID: 14729 Common Vulnerability Exposure (CVE) ID: CVE-2005-2798 http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html HPdes Security Advisory: HPSBUX02090 http://www.securityfocus.com/archive/1/archive/1/421411/100/0/threaded HPdes Security Advisory: SSRT051058 http://www.mandriva.com/security/advisories?name=MDKSA-2005:172 http://www.redhat.com/support/errata/RHSA-2005-527.html SCO Security Bulletin: SCOSA-2005.53 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt SuSE Security Announcement: SUSE-SR:2006:003 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html http://www.ubuntulinux.org/support/documentation/usn/usn-209-1 http://www.securityfocus.com/bid/14729 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9717 http://www.vupen.com/english/advisories/2006/0144 http://www.osvdb.org/19141 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1345 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1566 http://securitytracker.com/id?1014845 http://secunia.com/advisories/16686 http://secunia.com/advisories/18010 http://secunia.com/advisories/18406 http://secunia.com/advisories/17077 http://secunia.com/advisories/17245 http://secunia.com/advisories/18717 http://secunia.com/advisories/18507 http://support.avaya.com/elmodocs2/security/ASA-2006-033.htm XForce ISS Database: hpux-secure-shell-dos(24064) http://xforce.iss.net/xforce/xfdb/24064
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: