Test ID:	1.3.6.1.4.1.25623.1.0.60146
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-566-1 (openssh)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to openssh announced via advisory USN-566-1. A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Jan Pechanec discovered that ssh would forward trusted X11 cookies when untrusted cookie generation failed. This could lead to unintended privileges being forwarded to a remote host. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: openssh-client 1:4.2p1-7ubuntu3.2 Ubuntu 6.10: openssh-client 1:4.3p2-5ubuntu1.1 Ubuntu 7.04: openssh-client 1:4.3p2-8ubuntu1.1 Ubuntu 7.10: openssh-client 1:4.6p1-5ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-566-1 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4752 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BugTraq ID: 25628 http://www.securityfocus.com/bid/25628 Bugtraq: 20070917 FLEA-2007-0055-1 openssh openssh-client openssh-server gnome-ssh-askpass (Google Search) http://www.securityfocus.com/archive/1/479760/100/0/threaded Bugtraq: 20071115 Re: HPSBUX02287 SSRT071485 rev.1 - HP-UX Running HP Secure Shell, Remotely Gain Extended Privileges (Google Search) http://www.securityfocus.com/archive/1/483748/100/200/threaded Debian Security Information: DSA-1576 (Google Search) http://www.debian.org/security/2008/dsa-1576 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html http://security.gentoo.org/glsa/glsa-200711-02.xml HPdes Security Advisory: HPSBUX02287 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01271085 HPdes Security Advisory: SSRT071485 http://www.mandriva.com/security/advisories?name=MDKSA-2007:236 https://bugzilla.redhat.com/show_bug.cgi?id=280471 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10809 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5599 http://www.redhat.com/support/errata/RHSA-2008-0855.html http://secunia.com/advisories/27399 http://secunia.com/advisories/29420 http://secunia.com/advisories/30249 http://secunia.com/advisories/31575 http://secunia.com/advisories/32241 http://securityreason.com/securityalert/3126 SuSE Security Announcement: SUSE-SR:2007:022 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html http://www.ubuntu.com/usn/usn-566-1 http://www.vupen.com/english/advisories/2007/3156 http://www.vupen.com/english/advisories/2008/0924/references http://www.vupen.com/english/advisories/2008/2821 XForce ISS Database: openssh-x11cookie-privilege-escalation(36637) https://exchange.xforce.ibmcloud.com/vulnerabilities/36637
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.