 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.61055 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu USN-612-7 () |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to announced via advisory USN-612-7. A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Details follow: USN-612-2 introduced protections for OpenSSH, related to the OpenSSL vulnerabilities addressed by USN-612-1. This update provides the corresponding updates for OpenSSH in Ubuntu 6.06 LTS. While the OpenSSL in Ubuntu 6.06 is not vulnerable, this update will block weak keys generated on systems that may have been affected themselves. Original advisory details: A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: openssh-server 1:4.2p1-7ubuntu3.4 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-612-7 Risk factor : High CVSS Score: 7.8 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-0166 BugTraq ID: 29179 http://www.securityfocus.com/bid/29179 Bugtraq: 20080515 Debian generated SSH-Keys working exploit (Google Search) http://www.securityfocus.com/archive/1/492112/100/0/threaded Cert/CC Advisory: TA08-137A http://www.us-cert.gov/cas/techalerts/TA08-137A.html CERT/CC vulnerability note: VU#925211 http://www.kb.cert.org/vuls/id/925211 Debian Security Information: DSA-1571 (Google Search) http://www.debian.org/security/2008/dsa-1571 Debian Security Information: DSA-1576 (Google Search) http://www.debian.org/security/2008/dsa-1576 https://www.exploit-db.com/exploits/5622 https://www.exploit-db.com/exploits/5632 https://www.exploit-db.com/exploits/5720 http://metasploit.com/users/hdm/tools/debian-openssl/ https://16years.secvuln.info https://news.ycombinator.com/item?id=40333169 http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-devel http://www.securitytracker.com/id?1020017 http://secunia.com/advisories/30136 http://secunia.com/advisories/30220 http://secunia.com/advisories/30221 http://secunia.com/advisories/30231 http://secunia.com/advisories/30239 http://secunia.com/advisories/30249 http://www.ubuntu.com/usn/usn-612-1 http://www.ubuntu.com/usn/usn-612-2 http://www.ubuntu.com/usn/usn-612-3 http://www.ubuntu.com/usn/usn-612-4 http://www.ubuntu.com/usn/usn-612-7 XForce ISS Database: openssl-rng-weak-security(42375) https://exchange.xforce.ibmcloud.com/vulnerabilities/42375 |
| Copyright | Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |