Test ID:	1.3.6.1.4.1.25623.1.0.60905
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2008:098 (openssh)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to openssh announced via advisory MDVSA-2008:098. A vulnerability in OpenSSH 4.4 through 4.8 allowed local attackers to bypass intended security restrictions enabling them to execute commands other than those specified by the ForceCommand directive, provided they are able to modify to ~ /.ssh/rc (CVE-2008-1657). The updated packages have been patched to correct this issue. Affected: 2007.1, 2008.0, 2008.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:098 Risk factor : High CVSS Score: 6.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1657 http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html BugTraq ID: 28531 http://www.securityfocus.com/bid/28531 Bugtraq: 20080404 rPSA-2008-0139-1 gnome-ssh-askpass openssh openssh-client openssh-server (Google Search) http://www.securityfocus.com/archive/1/490488/100/0/threaded Cert/CC Advisory: TA08-260A http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:098 NETBSD Security Advisory: NetBSD-SA2008-005 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc OpenBSD Security Advisory: [4.3] 001: SECURITY FIX: March 30, 2008 http://www.openbsd.org/errata43.html#001_openssh http://www.securitytracker.com/id?1019733 http://secunia.com/advisories/29602 http://secunia.com/advisories/29609 http://secunia.com/advisories/29683 http://secunia.com/advisories/29693 http://secunia.com/advisories/29735 http://secunia.com/advisories/29939 http://secunia.com/advisories/30361 http://secunia.com/advisories/31531 http://secunia.com/advisories/31882 http://secunia.com/advisories/32080 http://secunia.com/advisories/32110 SuSE Security Announcement: SUSE-SR:2008:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html http://www.ubuntu.com/usn/usn-649-1 http://www.vupen.com/english/advisories/2008/1035/references http://www.vupen.com/english/advisories/2008/1624/references http://www.vupen.com/english/advisories/2008/2396 http://www.vupen.com/english/advisories/2008/2584 XForce ISS Database: openssh-forcecommand-command-execution(41549) https://exchange.xforce.ibmcloud.com/vulnerabilities/41549
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.