CentOS Local Security Checks : CentOS Update for openssh CESA-2013:0519 centos6

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.881646

Category: CentOS Local Security Checks

Title: CentOS Update for openssh CESA-2013:0519 centos6

Summary: The remote host is missing an update for the 'openssh'; package(s) announced via the referenced advisory.

Description: Summary:
The remote host is missing an update for the 'openssh'
package(s) announced via the referenced advisory.

Vulnerability Insight:
OpenSSH is OpenBSD's Secure Shell (SSH) protocol implementation. These
packages include the core files necessary for the OpenSSH client and
server.

Due to the way the pam_ssh_agent_auth PAM module was built in Red Hat
Enterprise Linux 6, the glibc's error() function was called rather than the
intended error() function in pam_ssh_agent_auth to report errors. As these
two functions expect different arguments, it was possible for an attacker
to cause an application using pam_ssh_agent_auth to crash, disclose
portions of its memory or, potentially, execute arbitrary code.
(CVE-2012-5536)

Note that the pam_ssh_agent_auth module is not used in Red Hat Enterprise
Linux 6 by default.

This update also fixes the following bugs:

* All possible options for the new RequiredAuthentications directive were
not documented in the sshd_config man page. This update improves the man
page to document all the possible options. (BZ#821641)

* When stopping one instance of the SSH daemon (sshd), the sshd init script
(/etc/rc.d/init.d/sshd) stopped all sshd processes regardless of the PID of
the processes. This update improves the init script so that it only kills
processes with the relevant PID. As a result, the init script now works
more reliably in a multi-instance environment. (BZ#826720)

* Due to a regression, the ssh-copy-id command returned an exit status code
of zero even if there was an error in copying the key to a remote host.
With this update, a patch has been applied and ssh-copy-id now returns a
non-zero exit code if there is an error in copying the SSH certificate to a
remote host. (BZ#836650)

* When SELinux was disabled on the system, no on-disk policy was installed,
a user account was used for a connection, and no '~
/.ssh' configuration was
present in that user's home directory, the SSH client terminated
unexpectedly with a segmentation fault when attempting to connect to
another system. A patch has been provided to address this issue and the
crashes no longer occur in the described scenario. (BZ#836655)

* The 'HOWTO' document /usr/share/doc/openssh-ldap-5.3p1/HOWTO.ldap-keys
incorrectly documented the use of the AuthorizedKeysCommand directive.
This update corrects the document. (BZ#857760)

This update also adds the following enhancements:

* When attempting to enable SSH for use with a Common Access Card (CAC),
the ssh-agent utility read all the certificates in the card even though
only the ID certificate was needed. Consequently, if a user entered their
PIN incorrectly, then t ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
openssh on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
6.2

CVSS Vector:
AV:L/AC:H/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-5536
RHSA-2013:0519
http://rhn.redhat.com/errata/RHSA-2013-0519.html
http://pkgs.fedoraproject.org/cgit/openssh.git/commit/?id=4f4687ce8045418f678c323bb22c837f35d7b9fa
https://bugzilla.redhat.com/show_bug.cgi?id=834618

Copyright Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.881646
Category:	CentOS Local Security Checks
Title:	CentOS Update for openssh CESA-2013:0519 centos6
Summary:	The remote host is missing an update for the 'openssh'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'openssh' package(s) announced via the referenced advisory. Vulnerability Insight: OpenSSH is OpenBSD's Secure Shell (SSH) protocol implementation. These packages include the core files necessary for the OpenSSH client and server. Due to the way the pam_ssh_agent_auth PAM module was built in Red Hat Enterprise Linux 6, the glibc's error() function was called rather than the intended error() function in pam_ssh_agent_auth to report errors. As these two functions expect different arguments, it was possible for an attacker to cause an application using pam_ssh_agent_auth to crash, disclose portions of its memory or, potentially, execute arbitrary code. (CVE-2012-5536) Note that the pam_ssh_agent_auth module is not used in Red Hat Enterprise Linux 6 by default. This update also fixes the following bugs: * All possible options for the new RequiredAuthentications directive were not documented in the sshd_config man page. This update improves the man page to document all the possible options. (BZ#821641) * When stopping one instance of the SSH daemon (sshd), the sshd init script (/etc/rc.d/init.d/sshd) stopped all sshd processes regardless of the PID of the processes. This update improves the init script so that it only kills processes with the relevant PID. As a result, the init script now works more reliably in a multi-instance environment. (BZ#826720) * Due to a regression, the ssh-copy-id command returned an exit status code of zero even if there was an error in copying the key to a remote host. With this update, a patch has been applied and ssh-copy-id now returns a non-zero exit code if there is an error in copying the SSH certificate to a remote host. (BZ#836650) * When SELinux was disabled on the system, no on-disk policy was installed, a user account was used for a connection, and no '~ /.ssh' configuration was present in that user's home directory, the SSH client terminated unexpectedly with a segmentation fault when attempting to connect to another system. A patch has been provided to address this issue and the crashes no longer occur in the described scenario. (BZ#836655) * The 'HOWTO' document /usr/share/doc/openssh-ldap-5.3p1/HOWTO.ldap-keys incorrectly documented the use of the AuthorizedKeysCommand directive. This update corrects the document. (BZ#857760) This update also adds the following enhancements: * When attempting to enable SSH for use with a Common Access Card (CAC), the ssh-agent utility read all the certificates in the card even though only the ID certificate was needed. Consequently, if a user entered their PIN incorrectly, then t ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: openssh on CentOS 6 Solution: Please install the updated packages. CVSS Score: 6.2 CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5536 RHSA-2013:0519 http://rhn.redhat.com/errata/RHSA-2013-0519.html http://pkgs.fedoraproject.org/cgit/openssh.git/commit/?id=4f4687ce8045418f678c323bb22c837f35d7b9fa https://bugzilla.redhat.com/show_bug.cgi?id=834618
Copyright	Copyright (C) 2013 Greenbone AG