Conectiva Local Security Checks : Conectiva Security Advisory CLA-2001:431

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51588

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2001:431

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2001:431.

OpenSSH is a tool to access remote machines via a cryptographic
connection.

Three vulnerabilities are being addressed by this advisory:

1) Markus Friedl reported [1] a vulnerability [2] in OpenSSH that
could allow users to circumvent system policy and login from
disallowed source IP addresses.
This only affects sites using the from= key file option in
combination with both RSA and DSA keys in the ~
/.ssh/authorized_keys2
file. If the key with the from= option is immediattely followed by
a key of a different type then the options for this second key are
applied to both keys. If this second key doesn't have the from=
option, for example, this would effectively remove this option from
the first key.

2) Peter W. reported [5] that the sftp subsystem in openssh 2.5 and
2.9 is not subject to command= restrictions in the
~
/.ssh/authorized_keys2 file. Users could bypass these restrictions
if they used sftp, which was enabled by default on our releases of
this package. New installs will have this subsystem disabled by
default (upgrades won't touch this setting).

3) For Conectiva Linux <= 6.0 this update also fixes the older cookie
removal [3] vulnerability, announced [4] by zen-parse, where an user
could trick ssh into removing any file called cookies. This only
affects systems with X11 forwarding enabled, which is not the default
in our packages.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

https://secure1.securityspace.com/smysecure/catid.html?in=CLA-2001:431
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002001

Risk factor : High

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51588
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2001:431
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2001:431. OpenSSH is a tool to access remote machines via a cryptographic connection. Three vulnerabilities are being addressed by this advisory: 1) Markus Friedl reported [1] a vulnerability [2] in OpenSSH that could allow users to circumvent system policy and login from disallowed source IP addresses. This only affects sites using the from= key file option in combination with both RSA and DSA keys in the ~ /.ssh/authorized_keys2 file. If the key with the from= option is immediattely followed by a key of a different type then the options for this second key are applied to both keys. If this second key doesn't have the from= option, for example, this would effectively remove this option from the first key. 2) Peter W. reported [5] that the sftp subsystem in openssh 2.5 and 2.9 is not subject to command= restrictions in the ~ /.ssh/authorized_keys2 file. Users could bypass these restrictions if they used sftp, which was enabled by default on our releases of this package. New installs will have this subsystem disabled by default (upgrades won't touch this setting). 3) For Conectiva Linux <= 6.0 this update also fixes the older cookie removal [3] vulnerability, announced [4] by zen-parse, where an user could trick ssh into removing any file called cookies. This only affects systems with X11 forwarding enabled, which is not the default in our packages. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' https://secure1.securityspace.com/smysecure/catid.html?in=CLA-2001:431 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002001 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com