|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Red Hat Local Security Checks >> RHSA-2006-0298: openssh Vulnerability Assessment Details
|
RHSA-2006-0298: openssh |
||
Check for the version of the openssh packages Detailed Explanation for this Vulnerability Assessment Updated openssh packages that fix bugs in sshd are now available for Red Hat Enterprise Linux 3. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server. An arbitrary command execution flaw was discovered in the way scp copies files locally. It is possible for a local attacker to create a file with a carefully crafted name that could execute arbitrary commands as the user running scp to copy files locally. (CVE-2006-0225) The SSH daemon, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, permits remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address. (CVE-2003-0386) The following issues have also been fixed in this update: * If the sshd service was stopped using the sshd init script while the main sshd daemon was not running, the init script would kill other sshd processes, such as the running sessions. For example, this could happen when the 'service sshd stop' command was issued twice. * When privilege separation was enabled, the last login message was printed only for the root user. * The sshd daemon was sending messages to the system log from a signal handler when debug logging was enabled. This could cause a deadlock of the user's connection. All users of openssh should upgrade to these updated packages, which resolve these issues. Solution : http://rhn.redhat.com/errata/RHSA-2006-0298.html Network Security Threat Level: High Networks Security ID: Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security |
||
Cables, Connectors |
SUN Blade X6250 Server 8GB RAM DUAL PROCESSORS 594-4531-01
$109.99
Dell PowerEdge FX2 FX2S Enclosure - 4x PowerEdge FC640 w/ 8x Gold 6132 112C 1TB
$2699.99
Dell PowerEdge FX2 FX2S Enclosure - 4x PowerEdge FC640 w/ 8x Gold 6134 64C 1TB
$3299.99
SuperMicro X8DTT-HF+ WITH ONE XEON X5650 +24GB RAM FOR CSE-827HD-R1400B
$124.99
DELL M630 BLADE SERVER x2 XEON E5-2660V3 @ 2.6GH H730 PERC HDD CADDIES 16GB FC
$50.00
2 x HP ProLiant BL460c (447707-B21) Blade Servers No RAM No HDD
$30.00
Dell PowerEdge M620 0F9HJC Blade Server 2*E5-2670 2.60GHz 192GB RAM 2*300GB SAS
$103.99
Dell PowerEdge M630 Blade Server 1x Xeon E5-2630 v4 CPU / Motherboard P/N 0R10KG
$69.99
Dell PowerEdge M640 Dual Bay 2.5" SFF Blade Server Barebone No Processors No RAM
$250.00
Dell PowerEdge M620 Blade Server
$39.99
|
||
No Discussions have been posted on this vulnerability. |