drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Unautorisierte Verwendung von X-Weiterleitungen in OpenSSH in openssh
Name: |
Unautorisierte Verwendung von X-Weiterleitungen in OpenSSH in openssh |
|
ID: |
TLSA-2008-21 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux 11 Server x64 Edition, Turbolinux 11 Server, Turbolinux Appliance Server 3.0, Turbolinux Appliance Server 3.0 x64 Edition |
|
Datum: |
Di, 17. Juni 2008, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1657 |
|
Applikationen: |
Portable OpenSSH |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2008-21 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 16 Jun 2008 Last revised: 16 Jun 2008
Package: openssh
Summary: Bypass ForceCommand
More information: Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH 4.4 and other versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file. (CVE-2008-1657)
Affected Products: - Turbolinux Appliance Server 3.0 x64 Edition - Turbolinux Appliance Server 3.0 - Turbolinux 11 Server x64 Edition - Turbolinux 11 Server
<Turbolinux Appliance Server 3.0 x64 Edition>
Source Packages Size: MD5
openssh-4.7p1-6.src.rpm 1045452 a8f33fef3ac2ac6020e839419ee1c624
Binary Packages Size: MD5
openssh-4.7p1-6.x86_64.rpm 281979 c8c717758c0f1bc807f9aea0382db0ad openssh-clients-4.7p1-6.x86_64.rpm 304782 b11edc758e96a903646ed0b9d56654af openssh-server-4.7p1-6.x86_64.rpm 310827 a185a21e40a5d7bc4bdba703af7c7bed
<Turbolinux Appliance Server 3.0>
Source Packages Size: MD5
openssh-4.7p1-6.src.rpm 1045452 a8f33fef3ac2ac6020e839419ee1c624
Binary Packages Size: MD5
openssh-4.7p1-6.i686.rpm 264173 fb65ba213ab1ee28f22f0ef759828252 openssh-clients-4.7p1-6.i686.rpm 277712 c1f5d743a779a21cfd963f2ffa7c508c openssh-server-4.7p1-6.i686.rpm 279880 6ce075e5886fc5860c5c75b543212819
<Turbolinux 11 Server x64 Edition>
Source Packages Size: MD5
openssh-4.7p1-6.src.rpm 1045452 a8f33fef3ac2ac6020e839419ee1c624
Binary Packages Size: MD5
openssh-4.7p1-6.x86_64.rpm 281979 c8c717758c0f1bc807f9aea0382db0ad openssh-askpass-4.7p1-6.x86_64.rpm 40038 07980a89f1871af0da980efe09b86477 openssh-clients-4.7p1-6.x86_64.rpm 304782 b11edc758e96a903646ed0b9d56654af openssh-server-4.7p1-6.x86_64.rpm 310827 a185a21e40a5d7bc4bdba703af7c7bed
<Turbolinux 11 Server>
Source Packages Size: MD5
openssh-4.7p1-6.src.rpm 1045452 a8f33fef3ac2ac6020e839419ee1c624
Binary Packages Size: MD5
openssh-4.7p1-6.i686.rpm 264173 fb65ba213ab1ee28f22f0ef759828252 openssh-askpass-4.7p1-6.i686.rpm 37735 ef292400c6aec3e43988fe516c730c22 openssh-clients-4.7p1-6.i686.rpm 277712 c1f5d743a779a21cfd963f2ffa7c508c openssh-server-4.7p1-6.i686.rpm 279880 6ce075e5886fc5860c5c75b543212819
References:
CVE [CVE-2008-1657] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1657
-------------------------------------------------------------------------- Revision History 16 Jun 2008 Initial release --------------------------------------------------------------------------
Copyright(C) 2008 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkhV5p0ACgkQK0LzjOqIJMyiOgCdEBPPPi7NLO2ig6FAVh3lV2Au PjwAnjj83xK0/e0i5YgejMM+KdSLk7ot =/few -----END PGP SIGNATURE-----
|
|
|
|