ID de Prueba:	1.3.6.1.4.1.25623.1.0.60905
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:098 (openssh)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to openssh announced via advisory MDVSA-2008:098. A vulnerability in OpenSSH 4.4 through 4.8 allowed local attackers to bypass intended security restrictions enabling them to execute commands other than those specified by the ForceCommand directive, provided they are able to modify to ~ /.ssh/rc (CVE-2008-1657). The updated packages have been patched to correct this issue. Affected: 2007.1, 2008.0, 2008.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:098 Risk factor : High CVSS Score: 6.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1657 http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html BugTraq ID: 28531 http://www.securityfocus.com/bid/28531 Bugtraq: 20080404 rPSA-2008-0139-1 gnome-ssh-askpass openssh openssh-client openssh-server (Google Search) http://www.securityfocus.com/archive/1/490488/100/0/threaded Cert/CC Advisory: TA08-260A http://www.us-cert.gov/cas/techalerts/TA08-260A.html http://www.gentoo.org/security/en/glsa/glsa-200804-03.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:098 NETBSD Security Advisory: NetBSD-SA2008-005 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-005.txt.asc OpenBSD Security Advisory: [4.3] 001: SECURITY FIX: March 30, 2008 http://www.openbsd.org/errata43.html#001_openssh http://www.securitytracker.com/id?1019733 http://secunia.com/advisories/29602 http://secunia.com/advisories/29609 http://secunia.com/advisories/29683 http://secunia.com/advisories/29693 http://secunia.com/advisories/29735 http://secunia.com/advisories/29939 http://secunia.com/advisories/30361 http://secunia.com/advisories/31531 http://secunia.com/advisories/31882 http://secunia.com/advisories/32080 http://secunia.com/advisories/32110 SuSE Security Announcement: SUSE-SR:2008:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html http://www.ubuntu.com/usn/usn-649-1 http://www.vupen.com/english/advisories/2008/1035/references http://www.vupen.com/english/advisories/2008/1624/references http://www.vupen.com/english/advisories/2008/2396 http://www.vupen.com/english/advisories/2008/2584 XForce ISS Database: openssh-forcecommand-command-execution(41549) https://exchange.xforce.ibmcloud.com/vulnerabilities/41549
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.