Auditorías de Seguridad de Red / Evaluación de vulnerabilidades de SecuritySpace

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2009-15
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 25 May 2009
Last revised: 25 May 2009

Package: openssh

Summary: Multiple vulnerabilities have been discovered in openssh

More information:
    Ssh (Secure Shell) a program for logging into a remote machine and for
    executing commands in a remote machine.  It is intended to replace
    rlogin and rsh, and provide secure encrypted communications between
    two untrusted hosts over an insecure network.  X11 connections and
    arbitrary TCP/IP ports can also be forwarded over the secure channel.

    scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames
    that contain shell metacharacters or spaces, which are expanded twice. (CVE-2006-0225)

    Unspecified vulnerability in portable OpenSSH before 4.4, when running on
    some platforms, allows remote attackers to determine the validity of usernames via
    unknown vectors involving a GSSAPI "authentication abort." (CVE-2006-5052)

    ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie
    cannot be created and uses a trusted X11 cookie instead, which allows attackers
    to violate intended policy and gain privileges by causing an X client to be
    treated as trusted. (CVE-2007-4752)

Affected Products:
    - Turbolinux Appliance Server 2.0
    - Turbolinux FUJI
    - Turbolinux 10 Server x64 Edition
    - Turbolinux 10 Server

<Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   openssh-3.9p1-13.src.rpm
       934798 97758445506dd028202ab2b28e147c7d

   Binary Packages
   Size: MD5

   openssh-3.9p1-13.i586.rpm
       194869 97da83d2a805248fd79328549c6b9c22
   openssh-askpass-3.9p1-13.i586.rpm
        37055 fedf5b51003dfe9442487675cccb1443
   openssh-clients-3.9p1-13.i586.rpm
       216728 bd2ddecdc3ed3bb99572b62b07a8c0c5
   openssh-server-3.9p1-13.i586.rpm
       218782 78511285ca3aec678fa0cd5fbb112b61

<Turbolinux FUJI>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/openssh-4.1p1-9.src.rpm
       958625 6851db14e3877fe77a83e7586ea905a0

   Binary Packages
   Size: MD5

   openssh-4.1p1-9.i686.rpm
       234915 deb4f9651426c1d19e6f7591b6073e65
   openssh-askpass-4.1p1-9.i686.rpm
        37977 e550b9afa9775d327078c0b807610e57
   openssh-clients-4.1p1-9.i686.rpm
       254860 15e58c4585a7a661bb3f6f328103574b
   openssh-server-4.1p1-9.i686.rpm
       255925 40a32d81ab7841adaea80a006b07e547

<Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/openssh-3.9p1-13.src.rpm
       923335 5648407859de12282ca808e8aced4aa6

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssh-3.9p1-13.x86_64.rpm
       208743 c41d069ba76e2650f1b0794cbcb8bfc8
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssh-askpass-3.9p1-13.x86_64.rpm
        38927 1d524ff6a79d94398fca27cb3bfb736d
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssh-clients-3.9p1-13.x86_64.rpm
       238682 d082944043fbe36ce727a60479677c22
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/openssh-server-3.9p1-13.x86_64.rpm
       247467 ee314c37e64a5a8f30bcbd944f7f72f9

<Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/openssh-3.9p1-13.src.rpm
       934798 97758445506dd028202ab2b28e147c7d

   Binary Packages
   Size: MD5

   openssh-3.9p1-13.i586.rpm
       194869 97da83d2a805248fd79328549c6b9c22
   openssh-askpass-3.9p1-13.i586.rpm
        37055 fedf5b51003dfe9442487675cccb1443
   openssh-clients-3.9p1-13.i586.rpm
       216728 bd2ddecdc3ed3bb99572b62b07a8c0c5
   openssh-server-3.9p1-13.i586.rpm
       218782 78511285ca3aec678fa0cd5fbb112b61

References:

CVE
   [CVE-2006-0225]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225
   [CVE-2006-5052]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052
   [CVE-2007-4752]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752

--------------------------------------------------------------------------
Revision History
    25 May 2009 Initial release
--------------------------------------------------------------------------

Copyright(C) 2009 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)

iEYEARECAAYFAkoacdcACgkQK0LzjOqIJMzpoACgsHqOQp8dZv7QWWBiXol8Rwez
WGEAn0d+ueULkpfQ4Scmswx9CNeqa8ZN
=pWr0
-----END PGP SIGNATURE-----