Login
Newsletter
Werbung

Sicherheit: Unautorisierte Verwendung von X-Weiterleitungen in OpenSSH in openssh
Aktuelle Meldungen Distributionen
Name: Unautorisierte Verwendung von X-Weiterleitungen in OpenSSH in openssh
ID: TLSA-2008-21
Distribution: TurboLinux
Plattformen: Turbolinux 11 Server x64 Edition, Turbolinux 11 Server, Turbolinux Appliance Server 3.0, Turbolinux Appliance Server 3.0 x64 Edition
Datum: Di, 17. Juni 2008, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1657
Applikationen: Portable OpenSSH

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2008-21
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 16 Jun 2008
Last revised: 16 Jun 2008

Package: openssh

Summary: Bypass ForceCommand

More information:
Ssh (Secure Shell) a program for logging into a remote machine and for
executing commands in a remote machine. It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH 4.4 and other versions before 4.9 allows remote authenticated
users to bypass the sshd_config ForceCommand directive by modifying
the .ssh/rc session file. (CVE-2008-1657)

Affected Products:
- Turbolinux Appliance Server 3.0 x64 Edition
- Turbolinux Appliance Server 3.0
- Turbolinux 11 Server x64 Edition
- Turbolinux 11 Server


<Turbolinux Appliance Server 3.0 x64 Edition>

Source Packages
Size: MD5

openssh-4.7p1-6.src.rpm
1045452 a8f33fef3ac2ac6020e839419ee1c624

Binary Packages
Size: MD5

openssh-4.7p1-6.x86_64.rpm
281979 c8c717758c0f1bc807f9aea0382db0ad
openssh-clients-4.7p1-6.x86_64.rpm
304782 b11edc758e96a903646ed0b9d56654af
openssh-server-4.7p1-6.x86_64.rpm
310827 a185a21e40a5d7bc4bdba703af7c7bed

<Turbolinux Appliance Server 3.0>

Source Packages
Size: MD5

openssh-4.7p1-6.src.rpm
1045452 a8f33fef3ac2ac6020e839419ee1c624

Binary Packages
Size: MD5

openssh-4.7p1-6.i686.rpm
264173 fb65ba213ab1ee28f22f0ef759828252
openssh-clients-4.7p1-6.i686.rpm
277712 c1f5d743a779a21cfd963f2ffa7c508c
openssh-server-4.7p1-6.i686.rpm
279880 6ce075e5886fc5860c5c75b543212819

<Turbolinux 11 Server x64 Edition>

Source Packages
Size: MD5

openssh-4.7p1-6.src.rpm
1045452 a8f33fef3ac2ac6020e839419ee1c624

Binary Packages
Size: MD5

openssh-4.7p1-6.x86_64.rpm
281979 c8c717758c0f1bc807f9aea0382db0ad
openssh-askpass-4.7p1-6.x86_64.rpm
40038 07980a89f1871af0da980efe09b86477
openssh-clients-4.7p1-6.x86_64.rpm
304782 b11edc758e96a903646ed0b9d56654af
openssh-server-4.7p1-6.x86_64.rpm
310827 a185a21e40a5d7bc4bdba703af7c7bed

<Turbolinux 11 Server>

Source Packages
Size: MD5

openssh-4.7p1-6.src.rpm
1045452 a8f33fef3ac2ac6020e839419ee1c624

Binary Packages
Size: MD5

openssh-4.7p1-6.i686.rpm
264173 fb65ba213ab1ee28f22f0ef759828252
openssh-askpass-4.7p1-6.i686.rpm
37735 ef292400c6aec3e43988fe516c730c22
openssh-clients-4.7p1-6.i686.rpm
277712 c1f5d743a779a21cfd963f2ffa7c508c
openssh-server-4.7p1-6.i686.rpm
279880 6ce075e5886fc5860c5c75b543212819


References:

CVE
[CVE-2008-1657]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1657

--------------------------------------------------------------------------
Revision History
16 Jun 2008 Initial release
--------------------------------------------------------------------------

Copyright(C) 2008 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkhV5p0ACgkQK0LzjOqIJMyiOgCdEBPPPi7NLO2ig6FAVh3lV2Au
PjwAnjj83xK0/e0i5YgejMM+KdSLk7ot
=/few
-----END PGP SIGNATURE-----
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung