Test ID:	1.3.6.1.4.1.25623.1.0.55656
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-208-1 (openssh)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to openssh announced via advisory USN-208-1. A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: openssh-server An information disclosure vulnerability has been found in the SSH server. When the GSSAPIAuthentication option was enabled, the SSH server could send GSSAPI credentials even to users who attempted to log in with a method other than GSSAPI. This could inadvertently expose these credentials to an untrusted user. Please note that this does not affect the default configuration of the SSH server. Solution: The problem can be corrected by upgrading the affected package to version 1:3.8.1p1-11ubuntu3.2 (for Ubuntu 4.10), or 1:3.9p1-1ubuntu2.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-208-1 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	BugTraq ID: 14729 Common Vulnerability Exposure (CVE) ID: CVE-2005-2798 1014845 http://securitytracker.com/id?1014845 14729 http://www.securityfocus.com/bid/14729 16686 http://secunia.com/advisories/16686 17077 http://secunia.com/advisories/17077 17245 http://secunia.com/advisories/17245 18010 http://secunia.com/advisories/18010 18406 http://secunia.com/advisories/18406 18507 http://secunia.com/advisories/18507 18661 http://secunia.com/advisories/18661 18717 http://secunia.com/advisories/18717 19141 http://www.osvdb.org/19141 ADV-2006-0144 http://www.vupen.com/english/advisories/2006/0144 HPSBUX02090 http://www.securityfocus.com/archive/1/421411/100/0/threaded MDKSA-2005:172 http://www.mandriva.com/security/advisories?name=MDKSA-2005:172 RHSA-2005:527 http://www.redhat.com/support/errata/RHSA-2005-527.html SCOSA-2005.53 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt SSRT051058 SUSE-SR:2006:003 http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html USN-209-1 https://usn.ubuntu.com/209-1/ [openssh-unix-announce] 20050901 Announce: OpenSSH 4.2 released http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html hpux-secure-shell-dos(24064) https://exchange.xforce.ibmcloud.com/vulnerabilities/24064 http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm http://support.avaya.com/elmodocs2/security/ASA-2006-033.htm oval:org.mitre.oval:def:1345 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1345 oval:org.mitre.oval:def:1566 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1566 oval:org.mitre.oval:def:9717 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9717
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.