English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59405
Category:Fedora Local Security Checks
Title:Fedora Core 5 FEDORA-2006-1214 (openssh)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to openssh
announced via advisory FEDORA-2006-1214.

SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features, as well as removing
all patented algorithms to separate libraries.

This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.

Update Information:

Low severity security update.
* Fri Nov 10 2006 Tomas Mraz - 4.3p2-4.11
- CVE-2006-5794 - properly detect failed key verify in monitor (#214641)
- kill all ssh sessions when stop is called in halt or reboot runlevel (#213008)
- remove -TERM option from killproc so we don't race on sshd restart (#213490)
* Mon Oct 2 2006 Tomas Mraz - 4.3p2-4.10
- improve gssapi-no-spnego patch (#208102)
- CVE-2006-4924 - prevent DoS on deattack detector (#207957)
- CVE-2006-5051 - don't call cleanups from signal handler (#208459)
* Wed Sep 13 2006 Tomas Mraz - 4.3p2-4.1
- sync with FC6 version
- build for FC5
* Wed Aug 23 2006 Tomas Mraz - 4.3p2-9
- don't report duplicate syslog messages, use correct local time (#189158)
- don't allow spnego as gssapi mechanism (from upstream)
- fixed memleaks found by Coverity (from upstream)
- allow ip options except source routing (#202856) (patch by HP)
* Tue Aug 8 2006 Tomas Mraz - 4.3p2-8
- drop the pam-session patch from the previous build (#201341)
- don't set IPV6_V6ONLY sock opt when listening on wildcard addr (#201594)
* Thu Jul 20 2006 Tomas Mraz - 4.3p2-7
- dropped old ssh obsoletes
- call the pam_session_open/close from the monitor when privsep is
enabled so it is always called as root (patch by Darren Tucker)
* Mon Jul 17 2006 Tomas Mraz - 4.3p2-6
- improve selinux patch (by Jan Kiszka)
- upstream patch for buffer append space error (#191940)
- fixed typo in configure.ac (#198986)
- added pam_keyinit to pam configuration (#198628)
- improved error message when askpass dialog cannot grab
keyboard input (#198332)
- buildrequires xauth instead of xorg-x11-xauth
- fixed a few rpmlint warnings
* Wed Jul 12 2006 Jesse Keating - 4.3p2-5.1
- rebuild
* Fri Apr 14 2006 Tomas Mraz - 4.3p2-5
- don't request pseudoterminal allocation if stdin is not tty (#188983)

Solution: Apply the appropriate updates.

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/


This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.


http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2006-1214

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-5794
BugTraq ID: 20956
http://www.securityfocus.com/bid/20956
Bugtraq: 20061109 rPSA-2006-0207-1 openssh openssh-client openssh-server (Google Search)
http://www.securityfocus.com/archive/1/451100/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDKSA-2006:204
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.032-openssh.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11840
RedHat Security Advisories: RHSA-2006:0738
http://rhn.redhat.com/errata/RHSA-2006-0738.html
http://securitytracker.com/id?1017183
http://secunia.com/advisories/22771
http://secunia.com/advisories/22772
http://secunia.com/advisories/22773
http://secunia.com/advisories/22778
http://secunia.com/advisories/22814
http://secunia.com/advisories/22872
http://secunia.com/advisories/22932
http://secunia.com/advisories/23513
http://secunia.com/advisories/23680
http://secunia.com/advisories/24055
SGI Security Advisory: 20061201-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc
SuSE Security Announcement: SUSE-SR:2006:026 (Google Search)
http://www.novell.com/linux/security/advisories/2006_26_sr.html
http://www.vupen.com/english/advisories/2006/4399
http://www.vupen.com/english/advisories/2006/4400
XForce ISS Database: openssh-separation-verificaton-weakness(30120)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30120
Common Vulnerability Exposure (CVE) ID: CVE-2006-4924
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
BugTraq ID: 20216
http://www.securityfocus.com/bid/20216
Bugtraq: 20060927 rPSA-2006-0174-1 gnome-ssh-askpass openssh openssh-client openssh-server (Google Search)
http://www.securityfocus.com/archive/1/447153/100/0/threaded
Cert/CC Advisory: TA07-072A
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
CERT/CC vulnerability note: VU#787448
http://www.kb.cert.org/vuls/id/787448
Debian Security Information: DSA-1189 (Google Search)
http://www.debian.org/security/2006/dsa-1189
Debian Security Information: DSA-1212 (Google Search)
http://www.debian.org/security/2006/dsa-1212
FreeBSD Security Advisory: FreeBSD-SA-06:22.openssh
http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc
http://security.gentoo.org/glsa/glsa-200609-17.xml
http://security.gentoo.org/glsa/glsa-200611-06.xml
HPdes Security Advisory: HPSBUX02178
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112
HPdes Security Advisory: SSRT061267
http://www.mandriva.com/security/advisories?name=MDKSA-2006:179
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955
http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2
http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html
OpenBSD Security Advisory: [2.9] 015: SECURITY FIX: October 12, 2006
http://www.openbsd.org/errata.html#ssh
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html
http://www.osvdb.org/29152
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10462
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1193
http://www.redhat.com/support/errata/RHSA-2006-0697.html
http://www.redhat.com/support/errata/RHSA-2006-0698.html
SCO Security Bulletin: SCOSA-2008.2
ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt
http://securitytracker.com/id?1016931
http://secunia.com/advisories/21923
http://secunia.com/advisories/22091
http://secunia.com/advisories/22116
http://secunia.com/advisories/22158
http://secunia.com/advisories/22164
http://secunia.com/advisories/22183
http://secunia.com/advisories/22196
http://secunia.com/advisories/22208
http://secunia.com/advisories/22236
http://secunia.com/advisories/22245
http://secunia.com/advisories/22270
http://secunia.com/advisories/22298
http://secunia.com/advisories/22352
http://secunia.com/advisories/22362
http://secunia.com/advisories/22487
http://secunia.com/advisories/22495
http://secunia.com/advisories/22823
http://secunia.com/advisories/22926
http://secunia.com/advisories/23038
http://secunia.com/advisories/23241
http://secunia.com/advisories/23340
http://secunia.com/advisories/24479
http://secunia.com/advisories/24799
http://secunia.com/advisories/24805
http://secunia.com/advisories/25608
http://secunia.com/advisories/29371
http://secunia.com/advisories/34274
SGI Security Advisory: 20061001-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102962-1
SuSE Security Announcement: SUSE-SA:2006:062 (Google Search)
http://www.novell.com/linux/security/advisories/2006_62_openssh.html
SuSE Security Announcement: SUSE-SR:2006:024 (Google Search)
http://www.novell.com/linux/security/advisories/2006_24_sr.html
http://www.trustix.org/errata/2006/0054
http://www.ubuntu.com/usn/usn-355-1
http://www.vupen.com/english/advisories/2006/3777
http://www.vupen.com/english/advisories/2006/4401
http://www.vupen.com/english/advisories/2006/4869
http://www.vupen.com/english/advisories/2007/0930
http://www.vupen.com/english/advisories/2007/1332
http://www.vupen.com/english/advisories/2007/2119
http://www.vupen.com/english/advisories/2009/0740
XForce ISS Database: openssh-block-dos(29158)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29158
Common Vulnerability Exposure (CVE) ID: CVE-2006-5051
BugTraq ID: 20241
http://www.securityfocus.com/bid/20241
CERT/CC vulnerability note: VU#851340
http://www.kb.cert.org/vuls/id/851340
http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html
http://www.osvdb.org/29264
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387
http://securitytracker.com/id?1016940
http://secunia.com/advisories/22173
http://www.vupen.com/english/advisories/2006/4018
http://www.vupen.com/english/advisories/2006/4329
XForce ISS Database: openssh-signal-handler-race-condition(29254)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29254
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.