Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.11343
Kategorie:Gain a shell remotely
Titel:OpenSSH Client Unauthorized Remote Forwarding
Zusammenfassung:The remote host is running OpenSSH SSH client before 2.3.0.
Beschreibung:Summary:
The remote host is running OpenSSH SSH client before 2.3.0.

Vulnerability Insight:
This version does not properly disable X11 or agent forwarding,
which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events,
or gain access to the ssh-agent.

Solution:
Patch and new version are available from OpenSSH.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: BugTraq ID: 1949
Common Vulnerability Exposure (CVE) ID: CVE-2000-1169
http://www.securityfocus.com/bid/1949
Bugtraq: 20001115 Trustix Security Advisory - bind and openssh (and modutils) (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html
Bugtraq: 20001123 OpenSSH Security Advisory (adv.fwd) (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2000-11/0195.html
Conectiva Linux advisory: CLSA-2000:345
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000345
Debian Security Information: 20001118 openssh: possible remote exploit (Google Search)
http://www.debian.org/security/2000/20001118
http://www.linux-mandrake.com/en/security/MDKSA-2000-068.php3
http://www.osvdb.org/2114
http://www.osvdb.org/6248
http://www.redhat.com/support/errata/RHSA-2000-111.html
SuSE Security Announcement: SuSE-SA:2000:47 (Google Search)
http://lists.suse.com/archives/suse-security-announce/2000-Nov/0004.html
XForce ISS Database: openssh-unauthorized-access(5517)
https://exchange.xforce.ibmcloud.com/vulnerabilities/5517
CopyrightThis script is Copyright (C) 2003 Xue Yong Zhi

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.