ID de Prueba:	1.3.6.1.4.1.25623.1.0.122441
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2009-1287)
Resumen:	The remote host is missing an update for the 'openssh' package(s) announced via the ELSA-2009-1287 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openssh' package(s) announced via the ELSA-2009-1287 advisory. Vulnerability Insight: [4.3p2-36] - tiny change in chroot sftp capability into openssh-server solve ls speed problem (#440240) [4.3p2-35] - workaround to plaintext recovery attack against CBC ciphers CVE-2008-5161 (#502230) [4.3p2-34] - disable protocol 1 in the FIPS mode [4.3p2-33] - fix scp hangup on exit (#454812) - call integrity checks only on binaries which are part of the OpenSSH FIPS modules [4.3p2-32] - log if FIPS mode is initialized (#492363) - check the integrity of the binaries in the FIPS mode (#467268) [4.3p2-31] - fix ssh hangup on exit (#454812) [4.3p2-30] - add chroot sftp capability into openssh-server (#440240) Affected Software/OS: 'openssh' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5161 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html BugTraq ID: 32319 http://www.securityfocus.com/bid/32319 Bugtraq: 20081121 OpenSSH security advisory: cbc.adv (Google Search) http://www.securityfocus.com/archive/1/498558/100/0/threaded Bugtraq: 20081123 Revised: OpenSSH security advisory: cbc.adv (Google Search) http://www.securityfocus.com/archive/1/498579/100/0/threaded CERT/CC vulnerability note: VU#958563 http://www.kb.cert.org/vuls/id/958563 HPdes Security Advisory: HPSBMA02447 http://marc.info/?l=bugtraq&m=125017764422557&w=2 HPdes Security Advisory: SSRT090062 http://isc.sans.org/diary.html?storyid=5366 http://support.avaya.com/elmodocs2/security/ASA-2008-503.htm http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt http://osvdb.org/49872 http://osvdb.org/50035 http://osvdb.org/50036 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11279 RedHat Security Advisories: RHSA-2009:1287 http://rhn.redhat.com/errata/RHSA-2009-1287.html http://www.securitytracker.com/id?1021235 http://www.securitytracker.com/id?1021236 http://www.securitytracker.com/id?1021382 http://secunia.com/advisories/32740 http://secunia.com/advisories/32760 http://secunia.com/advisories/32833 http://secunia.com/advisories/33121 http://secunia.com/advisories/33308 http://secunia.com/advisories/34857 http://secunia.com/advisories/36558 http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1 http://www.vupen.com/english/advisories/2008/3172 http://www.vupen.com/english/advisories/2008/3173 http://www.vupen.com/english/advisories/2008/3409 http://www.vupen.com/english/advisories/2009/1135 http://www.vupen.com/english/advisories/2009/3184 XForce ISS Database: openssh-sshtectia-cbc-info-disclosure(46620) https://exchange.xforce.ibmcloud.com/vulnerabilities/46620
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.