ID de Prueba:	1.3.6.1.4.1.25623.1.0.52938
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2003-31 (openssh)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to openssh announced via advisory TLSA-2003-31. The opessh immediately returns an error message if the user does not exist on openssh server. As a result, it is possible to check user's validity by measuring response time. The remote attackers may be able to identify valid users on OpenSSH server. Solution: Please use the turbopkg (zabom) tool to apply the update. https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2003-31 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	BugTraq ID: 7482 BugTraq ID: 7342 Common Vulnerability Exposure (CVE) ID: CVE-2003-0190 BugTraq ID: 7467 http://www.securityfocus.com/bid/7467 Bugtraq: 20030430 OpenSSH/PAM timing attack allows remote users identification (Google Search) http://marc.info/?l=bugtraq&m=105172058404810&w=2 Bugtraq: 20030806 [OpenPKG-SA-2003.035] OpenPKG Security Advisory (openssh) (Google Search) http://marc.info/?l=bugtraq&m=106018677302607&w=2 http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html http://lab.mediaservice.net/advisory/2003-01-openssh.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A445 http://www.redhat.com/support/errata/RHSA-2003-222.html http://www.redhat.com/support/errata/RHSA-2003-224.html TurboLinux Advisory: TLSA-2003-31 http://www.turbolinux.com/security/TLSA-2003-31.txt
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.