ID de Prueba:	1.3.6.1.4.1.25623.1.0.57637
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:204 (openssh)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to openssh announced via advisory MDKSA-2006:204. A vulnerability in the privilege separation functionality in OpenSSH was discovered, caused by an incorrect checking for bad signatures in sshd's privsep monitor. As a result, the monitor and the unprivileged process can get out sync. The OpenSSH team indicated that this bug is not known to be exploitable in the abence of additional vulnerabilities. Updated packages have been patched to correct this issue, and Mandriva Linux 2007 has received the latest version of OpenSSH. Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:204 http://www.openssh.com/txt/release-4.5 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5794 BugTraq ID: 20956 http://www.securityfocus.com/bid/20956 Bugtraq: 20061109 rPSA-2006-0207-1 openssh openssh-client openssh-server (Google Search) http://www.securityfocus.com/archive/1/451100/100/0/threaded http://www.mandriva.com/security/advisories?name=MDKSA-2006:204 http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.032-openssh.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11840 RedHat Security Advisories: RHSA-2006:0738 http://rhn.redhat.com/errata/RHSA-2006-0738.html http://securitytracker.com/id?1017183 http://secunia.com/advisories/22771 http://secunia.com/advisories/22772 http://secunia.com/advisories/22773 http://secunia.com/advisories/22778 http://secunia.com/advisories/22814 http://secunia.com/advisories/22872 http://secunia.com/advisories/22932 http://secunia.com/advisories/23513 http://secunia.com/advisories/23680 http://secunia.com/advisories/24055 SGI Security Advisory: 20061201-01-P ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc SuSE Security Announcement: SUSE-SR:2006:026 (Google Search) http://www.novell.com/linux/security/advisories/2006_26_sr.html http://www.vupen.com/english/advisories/2006/4399 http://www.vupen.com/english/advisories/2006/4400 XForce ISS Database: openssh-separation-verificaton-weakness(30120) https://exchange.xforce.ibmcloud.com/vulnerabilities/30120
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.