drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in openssh
Name: |
Mehrere Probleme in openssh |
|
ID: |
TLSA-2009-15 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0 |
|
Datum: |
Di, 26. Mai 2009, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752 |
|
Applikationen: |
Portable OpenSSH |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2009-15 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 25 May 2009 Last revised: 25 May 2009
Package: openssh
Summary: Multiple vulnerabilities have been discovered in openssh
More information: Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel.
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. (CVE-2006-0225)
Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort." (CVE-2006-5052)
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted. (CVE-2007-4752)
Affected Products: - Turbolinux Appliance Server 2.0 - Turbolinux FUJI - Turbolinux 10 Server x64 Edition - Turbolinux 10 Server
<Turbolinux Appliance Server 2.0>
Source Packages Size: MD5
openssh-3.9p1-13.src.rpm 934798 97758445506dd028202ab2b28e147c7d
Binary Packages Size: MD5
openssh-3.9p1-13.i586.rpm 194869 97da83d2a805248fd79328549c6b9c22 openssh-askpass-3.9p1-13.i586.rpm 37055 fedf5b51003dfe9442487675cccb1443 openssh-clients-3.9p1-13.i586.rpm 216728 bd2ddecdc3ed3bb99572b62b07a8c0c5 openssh-server-3.9p1-13.i586.rpm 218782 78511285ca3aec678fa0cd5fbb112b61
<Turbolinux FUJI>
Source Packages Size: MD5
openssh-4.1p1-9.src.rpm 958625 6851db14e3877fe77a83e7586ea905a0
Binary Packages Size: MD5
openssh-4.1p1-9.i686.rpm 234915 deb4f9651426c1d19e6f7591b6073e65 openssh-askpass-4.1p1-9.i686.rpm 37977 e550b9afa9775d327078c0b807610e57 openssh-clients-4.1p1-9.i686.rpm 254860 15e58c4585a7a661bb3f6f328103574b openssh-server-4.1p1-9.i686.rpm 255925 40a32d81ab7841adaea80a006b07e547
<Turbolinux 10 Server x64 Edition>
Source Packages Size: MD5
openssh-3.9p1-13.src.rpm 923335 5648407859de12282ca808e8aced4aa6
Binary Packages Size: MD5
openssh-3.9p1-13.x86_64.rpm 208743 c41d069ba76e2650f1b0794cbcb8bfc8 openssh-askpass-3.9p1-13.x86_64.rpm 38927 1d524ff6a79d94398fca27cb3bfb736d openssh-clients-3.9p1-13.x86_64.rpm 238682 d082944043fbe36ce727a60479677c22 openssh-server-3.9p1-13.x86_64.rpm 247467 ee314c37e64a5a8f30bcbd944f7f72f9
<Turbolinux 10 Server>
Source Packages Size: MD5
openssh-3.9p1-13.src.rpm 934798 97758445506dd028202ab2b28e147c7d
Binary Packages Size: MD5
openssh-3.9p1-13.i586.rpm 194869 97da83d2a805248fd79328549c6b9c22 openssh-askpass-3.9p1-13.i586.rpm 37055 fedf5b51003dfe9442487675cccb1443 openssh-clients-3.9p1-13.i586.rpm 216728 bd2ddecdc3ed3bb99572b62b07a8c0c5 openssh-server-3.9p1-13.i586.rpm 218782 78511285ca3aec678fa0cd5fbb112b61
References:
CVE [CVE-2006-0225] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225 [CVE-2006-5052] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052 [CVE-2007-4752] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
-------------------------------------------------------------------------- Revision History 25 May 2009 Initial release --------------------------------------------------------------------------
Copyright(C) 2009 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux)
iEYEARECAAYFAkoacdcACgkQK0LzjOqIJMzpoACgsHqOQp8dZv7QWWBiXol8Rwez WGEAn0d+ueULkpfQ4Scmswx9CNeqa8ZN =pWr0 -----END PGP SIGNATURE-----
|
|
|
|