Test ID:	1.3.6.1.4.1.25623.1.0.56336
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-255-1 (openssh)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to openssh announced via advisory USN-255-1. A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: openssh-client Tomas Mraz discovered a shell code injection flaw in scp. When doing local-to-local or remote-to-remote copying, scp expanded shell escape characters. By tricking an user into using scp on a specially crafted file name (which could also be caught by using an innocuous wild card like '*'), an attacker could exploit this to execute arbitrary shell commands with the privilege of that user. Please be aware that scp is not designed to operate securely on untrusted file names, since it needs to stay compatible with rcp. Please use sftp for automated systems and potentially untrusted file names. Solution: The problem can be corrected by upgrading the affected package to version 1:3.8.1p1-11ubuntu3.3 (for Ubuntu 4.10), 1:3.9p1-1ubuntu2.2 (for Ubuntu 5.04), or 1:4.1p1-7ubuntu4.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-255-1 Risk factor : Medium CVSS Score: 4.6
Cross-Ref:	BugTraq ID: 16369 Common Vulnerability Exposure (CVE) ID: CVE-2006-0225 1015540 http://securitytracker.com/id?1015540 102961 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1 16369 http://www.securityfocus.com/bid/16369 18579 http://secunia.com/advisories/18579 18595 http://secunia.com/advisories/18595 18650 http://secunia.com/advisories/18650 18736 http://secunia.com/advisories/18736 18798 http://secunia.com/advisories/18798 18850 http://secunia.com/advisories/18850 18910 http://secunia.com/advisories/18910 18964 http://secunia.com/advisories/18964 18969 http://secunia.com/advisories/18969 18970 http://secunia.com/advisories/18970 19159 http://secunia.com/advisories/19159 2006-0004 http://www.trustix.org/errata/2006/0004 20060212 [3.8] 005: SECURITY FIX: February 12, 2006 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch 20060703-01-P ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc 20723 http://secunia.com/advisories/20723 21129 http://secunia.com/advisories/21129 21262 http://secunia.com/advisories/21262 21492 http://secunia.com/advisories/21492 21724 http://secunia.com/advisories/21724 22196 http://secunia.com/advisories/22196 22692 http://www.osvdb.org/22692 23241 http://secunia.com/advisories/23241 23340 http://secunia.com/advisories/23340 23680 http://secunia.com/advisories/23680 24479 http://secunia.com/advisories/24479 25607 http://secunia.com/advisories/25607 25936 http://secunia.com/advisories/25936 462 http://securityreason.com/securityalert/462 ADV-2006-0306 http://www.vupen.com/english/advisories/2006/0306 ADV-2006-2490 http://www.vupen.com/english/advisories/2006/2490 ADV-2006-4869 http://www.vupen.com/english/advisories/2006/4869 ADV-2007-0930 http://www.vupen.com/english/advisories/2007/0930 ADV-2007-2120 http://www.vupen.com/english/advisories/2007/2120 APPLE-SA-2007-03-13 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html FEDORA-2006-056 http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00062.html FLSA-2006:168935 http://www.securityfocus.com/archive/1/425397/100/0/threaded GLSA-200602-11 http://www.gentoo.org/security/en/glsa/glsa-200602-11.xml HPSBUX02178 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112 MDKSA-2006:034 http://www.mandriva.com/security/advisories?name=MDKSA-2006:034 OpenPKG-SA-2006.003 http://www.openpkg.org/security/OpenPKG-SA-2006.003-openssh.html RHSA-2006:0044 http://www.redhat.com/support/errata/RHSA-2006-0044.html RHSA-2006:0298 http://www.redhat.com/support/errata/RHSA-2006-0298.html RHSA-2006:0698 http://www.redhat.com/support/errata/RHSA-2006-0698.html SSA:2006-045-06 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.425802 SSRT061267 SUSE-SA:2006:008 http://www.novell.com/linux/security/advisories/2006_08_openssh.html TA07-072A http://www.us-cert.gov/cas/techalerts/TA07-072A.html USN-255-1 http://www.ubuntu.com/usn/usn-255-1 http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability http://docs.info.apple.com/article.html?artnum=305214 http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026 openssh-scp-command-execution(24305) https://exchange.xforce.ibmcloud.com/vulnerabilities/24305 oval:org.mitre.oval:def:1138 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1138 oval:org.mitre.oval:def:9962 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9962
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.