 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.57572 |
| Category: | Red Hat Local Security Checks |
| Title: | RedHat Security Advisory RHSA-2006:0738 |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing updates announced in advisory RHSA-2006:0738. OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server. An authentication flaw was found in OpenSSH's privilege separation monitor. If it ever becomes possible to alter the behavior of the unprivileged process when OpenSSH is using privilege separation, an attacker may then be able to login without possessing proper credentials. (CVE-2006-5794) Please note that this flaw by itself poses no direct threat to OpenSSH users. Without another security flaw that could allow an attacker to alter the behavior of OpenSSH's unprivileged process, this flaw cannot be exploited. There are currently no known flaws to exploit this behavior. However, we have decided to issue this erratum to fix this flaw to reduce the security impact if an unprivileged process flaw is ever found. Users of openssh should upgrade to these updated packages, which contain a backported patch to resolve this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0738.html http://www.redhat.com/security/updates/classification/#low Risk factor : High CVSS Score: 7.5 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2006-5794 BugTraq ID: 20956 http://www.securityfocus.com/bid/20956 Bugtraq: 20061109 rPSA-2006-0207-1 openssh openssh-client openssh-server (Google Search) http://www.securityfocus.com/archive/1/451100/100/0/threaded http://www.mandriva.com/security/advisories?name=MDKSA-2006:204 http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.032-openssh.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11840 RedHat Security Advisories: RHSA-2006:0738 http://rhn.redhat.com/errata/RHSA-2006-0738.html http://securitytracker.com/id?1017183 http://secunia.com/advisories/22771 http://secunia.com/advisories/22772 http://secunia.com/advisories/22773 http://secunia.com/advisories/22778 http://secunia.com/advisories/22814 http://secunia.com/advisories/22872 http://secunia.com/advisories/22932 http://secunia.com/advisories/23513 http://secunia.com/advisories/23680 http://secunia.com/advisories/24055 SGI Security Advisory: 20061201-01-P ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc SuSE Security Announcement: SUSE-SR:2006:026 (Google Search) http://www.novell.com/linux/security/advisories/2006_26_sr.html http://www.vupen.com/english/advisories/2006/4399 http://www.vupen.com/english/advisories/2006/4400 XForce ISS Database: openssh-separation-verificaton-weakness(30120) https://exchange.xforce.ibmcloud.com/vulnerabilities/30120 |
| Copyright | Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |