Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.10883
Kategorie:Gain a shell remotely
Titel:OpenSSH Channel Code Off by 1
Zusammenfassung:You are running a version of OpenSSH which is older than 3.1.
Beschreibung:Summary:
You are running a version of OpenSSH which is older than 3.1.

Vulnerability Insight:
Versions prior than 3.1 are vulnerable to an off by one error
that allows local users to gain root access, and it may be possible for remote users to similarly
compromise the daemon for remote access.

In addition, a vulnerable SSH client may be compromised by connecting to a malicious SSH daemon that
exploits this vulnerability in the client code, thus compromising the client system.

Solution:
Upgrade to OpenSSH 3.1 or apply the patch for
prior versions.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 4241
Common Vulnerability Exposure (CVE) ID: CVE-2002-0083
http://www.securityfocus.com/bid/4241
Bugtraq: 20020307 OpenSSH Security Advisory (adv.channelalloc) (Google Search)
http://marc.info/?l=bugtraq&m=101553908201861&w=2
Bugtraq: 20020307 [PINE-CERT-20020301] OpenSSH off-by-one (Google Search)
http://marc.info/?l=bugtraq&m=101552065005254&w=2
Bugtraq: 20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh) (Google Search)
http://marc.info/?l=bugtraq&m=101561384821761&w=2
Bugtraq: 20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix (Google Search)
http://marc.info/?l=bugtraq&m=101586991827622&w=2
Bugtraq: 20020311 TSLSA-2002-0039 - openssh (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html
Bugtraq: 20020328 OpenSSH channel_lookup() off by one exploit (Google Search)
http://online.securityfocus.com/archive/1/264657
Caldera Security Advisory: CSSA-2002-012.0
http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt
Caldera Security Advisory: CSSA-2002-SCO.10
ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt
Caldera Security Advisory: CSSA-2002-SCO.11
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt
Conectiva Linux advisory: CLA-2002:467
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467
Debian Security Information: DSA-119 (Google Search)
http://www.debian.org/security/2002/dsa-119
En Garde Linux Advisory: ESA-20020307-007
http://www.linuxsecurity.com/advisories/other_advisory-1937.html
FreeBSD Security Advisory: FreeBSD-SA-02:13
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc
HPdes Security Advisory: HPSBTL0203-029
http://online.securityfocus.com/advisories/3960
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php
NETBSD Security Advisory: NetBSD-SA2002-004
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc
http://www.osvdb.org/730
http://www.redhat.com/support/errata/RHSA-2002-043.html
SuSE Security Announcement: SuSE-SA:2002:009 (Google Search)
http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html
http://www.iss.net/security_center/static/8383.php
CopyrightThis script is Copyright (c) 2002 Thomas Reinke

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.