Red Hat Local Security Checks : RedHat Security Advisory RHSA-2009:1470

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.64992

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2009:1470

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2009:1470.

OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These
packages include the core files necessary for both the OpenSSH client and
server.

A Red Hat specific patch used in the openssh packages as shipped in Red
Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership
requirements for directories used as arguments for the ChrootDirectory
configuration options. A malicious user that also has or previously had
non-chroot shell access to a system could possibly use this flaw to
escalate their privileges and run commands as any system user.
(CVE-2009-2904)

All OpenSSH users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing this
update, the OpenSSH server daemon (sshd) will be restarted automatically.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2009-1470.html
http://www.redhat.com/security/updates/classification/#moderate

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-2904
BugTraq ID: 36552
http://www.securityfocus.com/bid/36552
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
http://osvdb.org/58495
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862
RedHat Security Advisories: RHSA-2009:1470
https://rhn.redhat.com/errata/RHSA-2009-1470.html
http://secunia.com/advisories/38794
http://secunia.com/advisories/38834
http://secunia.com/advisories/39182
http://www.vupen.com/english/advisories/2010/0528

Copyright Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.64992
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:1470
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2009:1470. OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A Red Hat specific patch used in the openssh packages as shipped in Red Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership requirements for directories used as arguments for the ChrootDirectory configuration options. A malicious user that also has or previously had non-chroot shell access to a system could possibly use this flaw to escalate their privileges and run commands as any system user. (CVE-2009-2904) All OpenSSH users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2009-1470.html http://www.redhat.com/security/updates/classification/#moderate CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2904 BugTraq ID: 36552 http://www.securityfocus.com/bid/36552 http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038214.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://osvdb.org/58495 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9862 RedHat Security Advisories: RHSA-2009:1470 https://rhn.redhat.com/errata/RHSA-2009-1470.html http://secunia.com/advisories/38794 http://secunia.com/advisories/38834 http://secunia.com/advisories/39182 http://www.vupen.com/english/advisories/2010/0528
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com