English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75516 CVE descriptions
and 39786 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60840
Category:FreeBSD Local Security Checks
Title:FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
Summary:FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
Description:The remote host is missing an update to the system
as announced in the referenced advisory FreeBSD-SA-08:05.openssh.asc

OpenSSH is an implementation of the SSH protocol suite, providing an
encrypted and authenticated transport for a variety of services,
including remote shell access. The OpenSSH server daemon (sshd)
provides support for the X11 protocol by binding to a port on the
server and forwarding any connections which are made to that port.

When logging in via SSH with X11-forwarding enabled, sshd(8) fails to
correctly handle the case where it fails to bind to an IPv4 port but
successfully binds to an IPv6 port. In this case, applications which
use X11 will connect to the IPv4 port, even though it had not been
bound by sshd(8) and is therefore not being securely forwarded.

Solution:
Upgrade your system to the appropriate stable release
or security branch dated after the correction date

http://www.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-08:05.openssh.asc
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-1483
Bugtraq: 20080325 rPSA-2008-0120-1 gnome-ssh-askpass openssh openssh-client openssh-server (Google Search)
http://www.securityfocus.com/archive/1/archive/1/490054/100/0/threaded
http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html
http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
Cisco Security Advisory: 20130220 OpenSSH Forwarded X Connection Session Hijack Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2008-1483
Debian Security Information: DSA-1576 (Google Search)
http://www.debian.org/security/2008/dsa-1576
FreeBSD Security Advisory: FreeBSD-SA-08:05
http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc
http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml
HPdes Security Advisory: HPSBUX02337
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01462841
HPdes Security Advisory: SSRT080072
http://www.mandriva.com/security/advisories?name=MDVSA-2008:078
NETBSD Security Advisory: NetBSD-SA2008-005
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.540188
http://sunsolve.sun.com/search/document.do?assetkey=1-26-237444-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019235.1-1
SuSE Security Announcement: SUSE-SR:2008:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html
http://www.ubuntulinux.org/support/documentation/usn/usn-597-1
Cert/CC Advisory: TA08-260A
http://www.us-cert.gov/cas/techalerts/TA08-260A.html
BugTraq ID: 28444
http://www.securityfocus.com/bid/28444
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6085
http://secunia.com/advisories/30347
http://www.vupen.com/english/advisories/2008/0994/references
http://www.vupen.com/english/advisories/2008/1124/references
http://www.vupen.com/english/advisories/2008/1123/references
http://www.vupen.com/english/advisories/2008/1526/references
http://www.vupen.com/english/advisories/2008/1624/references
http://www.vupen.com/english/advisories/2008/2584
http://www.vupen.com/english/advisories/2008/2396
http://www.vupen.com/english/advisories/2008/1448/references
http://www.securitytracker.com/id?1019707
http://secunia.com/advisories/29522
http://secunia.com/advisories/29537
http://secunia.com/advisories/29554
http://secunia.com/advisories/29626
http://secunia.com/advisories/29676
http://secunia.com/advisories/29683
http://secunia.com/advisories/29686
http://secunia.com/advisories/29735
http://secunia.com/advisories/29721
http://secunia.com/advisories/29939
http://secunia.com/advisories/29873
http://secunia.com/advisories/30249
http://secunia.com/advisories/30361
http://secunia.com/advisories/30230
http://secunia.com/advisories/31531
http://secunia.com/advisories/31882
http://secunia.com/advisories/30086
http://www.vupen.com/english/advisories/2008/1630/references
XForce ISS Database: openssh-sshd-session-hijacking(41438)
http://xforce.iss.net/xforce/xfdb/41438
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 39786 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.