Test ID:	1.3.6.1.4.1.25623.1.0.840300
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-612-5)
Summary:	The remote host is missing an update for the 'openssh' package(s) announced via the USN-612-5 advisory.
Description:	Summary: The remote host is missing an update for the 'openssh' package(s) announced via the USN-612-5 advisory. Vulnerability Insight: Matt Zimmerman discovered that entries in ~ /.ssh/authorized_keys with options (such as 'no-port-forwarding' or forced commands) were ignored by the new ssh-vulnkey tool introduced in OpenSSH (see USN-612-2). This could cause some compromised keys not to be listed in ssh-vulnkey's output. This update also adds more information to ssh-vulnkey's manual page. Original advisory details: A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. Affected Software/OS: 'openssh' package(s) on Ubuntu 7.04, Ubuntu 7.10, Ubuntu 8.04. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2285 http://www.ubuntu.com/usn/usn-612-5 XForce ISS Database: sshvulnkey-authorizedkeys-weak-security(42568) https://exchange.xforce.ibmcloud.com/vulnerabilities/42568
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.