Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in openssh
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in openssh
ID: TLSA-2009-15
Distribution: TurboLinux
Plattformen: Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0
Datum: Di, 26. Mai 2009, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
Applikationen: Portable OpenSSH

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2009-15
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 25 May 2009
Last revised: 25 May 2009

Package: openssh

Summary: Multiple vulnerabilities have been discovered in openssh

More information:
Ssh (Secure Shell) a program for logging into a remote machine and for
executing commands in a remote machine. It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via
filenames
that contain shell metacharacters or spaces, which are expanded twice.
(CVE-2006-0225)

Unspecified vulnerability in portable OpenSSH before 4.4, when running on
some platforms, allows remote attackers to determine the validity of
usernames via
unknown vectors involving a GSSAPI "authentication abort."
(CVE-2006-5052)

ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie
cannot be created and uses a trusted X11 cookie instead, which allows
attackers
to violate intended policy and gain privileges by causing an X client to be
treated as trusted. (CVE-2007-4752)

Affected Products:
- Turbolinux Appliance Server 2.0
- Turbolinux FUJI
- Turbolinux 10 Server x64 Edition
- Turbolinux 10 Server


<Turbolinux Appliance Server 2.0>

Source Packages
Size: MD5

openssh-3.9p1-13.src.rpm
934798 97758445506dd028202ab2b28e147c7d

Binary Packages
Size: MD5

openssh-3.9p1-13.i586.rpm
194869 97da83d2a805248fd79328549c6b9c22
openssh-askpass-3.9p1-13.i586.rpm
37055 fedf5b51003dfe9442487675cccb1443
openssh-clients-3.9p1-13.i586.rpm
216728 bd2ddecdc3ed3bb99572b62b07a8c0c5
openssh-server-3.9p1-13.i586.rpm
218782 78511285ca3aec678fa0cd5fbb112b61

<Turbolinux FUJI>

Source Packages
Size: MD5

openssh-4.1p1-9.src.rpm
958625 6851db14e3877fe77a83e7586ea905a0

Binary Packages
Size: MD5

openssh-4.1p1-9.i686.rpm
234915 deb4f9651426c1d19e6f7591b6073e65
openssh-askpass-4.1p1-9.i686.rpm
37977 e550b9afa9775d327078c0b807610e57
openssh-clients-4.1p1-9.i686.rpm
254860 15e58c4585a7a661bb3f6f328103574b
openssh-server-4.1p1-9.i686.rpm
255925 40a32d81ab7841adaea80a006b07e547

<Turbolinux 10 Server x64 Edition>

Source Packages
Size: MD5

openssh-3.9p1-13.src.rpm
923335 5648407859de12282ca808e8aced4aa6

Binary Packages
Size: MD5

openssh-3.9p1-13.x86_64.rpm
208743 c41d069ba76e2650f1b0794cbcb8bfc8
openssh-askpass-3.9p1-13.x86_64.rpm
38927 1d524ff6a79d94398fca27cb3bfb736d
openssh-clients-3.9p1-13.x86_64.rpm
238682 d082944043fbe36ce727a60479677c22
openssh-server-3.9p1-13.x86_64.rpm
247467 ee314c37e64a5a8f30bcbd944f7f72f9

<Turbolinux 10 Server>

Source Packages
Size: MD5

openssh-3.9p1-13.src.rpm
934798 97758445506dd028202ab2b28e147c7d

Binary Packages
Size: MD5

openssh-3.9p1-13.i586.rpm
194869 97da83d2a805248fd79328549c6b9c22
openssh-askpass-3.9p1-13.i586.rpm
37055 fedf5b51003dfe9442487675cccb1443
openssh-clients-3.9p1-13.i586.rpm
216728 bd2ddecdc3ed3bb99572b62b07a8c0c5
openssh-server-3.9p1-13.i586.rpm
218782 78511285ca3aec678fa0cd5fbb112b61


References:

CVE
[CVE-2006-0225]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225
[CVE-2006-5052]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052
[CVE-2007-4752]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752

--------------------------------------------------------------------------
Revision History
25 May 2009 Initial release
--------------------------------------------------------------------------

Copyright(C) 2009 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)

iEYEARECAAYFAkoacdcACgkQK0LzjOqIJMzpoACgsHqOQp8dZv7QWWBiXol8Rwez
WGEAn0d+ueULkpfQ4Scmswx9CNeqa8ZN
=pWr0
-----END PGP SIGNATURE-----
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung