Network Security Audits / Vulnerability Assessments by SecuritySpace

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2008-21
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 16 Jun 2008
Last revised: 16 Jun 2008

Package: openssh

Summary: Bypass ForceCommand

More information:
    Ssh (Secure Shell) a program for logging into a remote machine and for
    executing commands in a remote machine.  It is intended to replace
    rlogin and rsh, and provide secure encrypted communications between
    two untrusted hosts over an insecure network.  X11 connections and
    arbitrary TCP/IP ports can also be forwarded over the secure channel.

    OpenSSH 4.4 and other versions before 4.9 allows remote authenticated
    users to bypass the sshd_config ForceCommand directive by modifying
    the .ssh/rc session file. (CVE-2008-1657)

Affected Products:
    - Turbolinux Appliance Server 3.0 x64 Edition
    - Turbolinux Appliance Server 3.0
    - Turbolinux 11 Server x64 Edition
    - Turbolinux 11 Server

<Turbolinux Appliance Server 3.0 x64 Edition>

   Source Packages
   Size: MD5

   openssh-4.7p1-6.src.rpm
      1045452 a8f33fef3ac2ac6020e839419ee1c624

   Binary Packages
   Size: MD5

   openssh-4.7p1-6.x86_64.rpm
       281979 c8c717758c0f1bc807f9aea0382db0ad
   openssh-clients-4.7p1-6.x86_64.rpm
       304782 b11edc758e96a903646ed0b9d56654af
   openssh-server-4.7p1-6.x86_64.rpm
       310827 a185a21e40a5d7bc4bdba703af7c7bed

<Turbolinux Appliance Server 3.0>

   Source Packages
   Size: MD5

   openssh-4.7p1-6.src.rpm
      1045452 a8f33fef3ac2ac6020e839419ee1c624

   Binary Packages
   Size: MD5

   openssh-4.7p1-6.i686.rpm
       264173 fb65ba213ab1ee28f22f0ef759828252
   openssh-clients-4.7p1-6.i686.rpm
       277712 c1f5d743a779a21cfd963f2ffa7c508c
   openssh-server-4.7p1-6.i686.rpm
       279880 6ce075e5886fc5860c5c75b543212819

<Turbolinux 11 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/openssh-4.7p1-6.src.rpm
      1045452 a8f33fef3ac2ac6020e839419ee1c624

   Binary Packages
   Size: MD5

   openssh-4.7p1-6.x86_64.rpm
       281979 c8c717758c0f1bc807f9aea0382db0ad
   openssh-askpass-4.7p1-6.x86_64.rpm
        40038 07980a89f1871af0da980efe09b86477
   openssh-clients-4.7p1-6.x86_64.rpm
       304782 b11edc758e96a903646ed0b9d56654af
   openssh-server-4.7p1-6.x86_64.rpm
       310827 a185a21e40a5d7bc4bdba703af7c7bed

<Turbolinux 11 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/openssh-4.7p1-6.src.rpm
      1045452 a8f33fef3ac2ac6020e839419ee1c624

   Binary Packages
   Size: MD5

   openssh-4.7p1-6.i686.rpm
       264173 fb65ba213ab1ee28f22f0ef759828252
   openssh-askpass-4.7p1-6.i686.rpm
        37735 ef292400c6aec3e43988fe516c730c22
   openssh-clients-4.7p1-6.i686.rpm
       277712 c1f5d743a779a21cfd963f2ffa7c508c
   openssh-server-4.7p1-6.i686.rpm
       279880 6ce075e5886fc5860c5c75b543212819

References:

CVE
   [CVE-2008-1657]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1657

--------------------------------------------------------------------------
Revision History
    16 Jun 2008 Initial release
--------------------------------------------------------------------------

Copyright(C) 2008 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkhV5p0ACgkQK0LzjOqIJMyiOgCdEBPPPi7NLO2ig6FAVh3lV2Au
PjwAnjj83xK0/e0i5YgejMM+KdSLk7ot
=/few
-----END PGP SIGNATURE-----