Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.851158
Kategorie:SuSE Local Security Checks
Titel:openSUSE: Security Advisory for openssh (openSUSE-SU-2016:0145-1)
Zusammenfassung:The remote host is missing an update for the 'openssh'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'openssh'
package(s) announced via the referenced advisory.

Vulnerability Insight:
- CVE-2016-0777: A malicious or compromised server could cause the
OpenSSH client to expose part or all of the client's private key
through the roaming feature (bsc#961642)

- CVE-2016-0778: A malicious or compromised server could could trigger a
buffer overflow in the OpenSSH client through the roaming feature
(bsc#961645)

This update disables the undocumented feature supported by the OpenSSH
client and a commercial SSH server.

Affected Software/OS:
openssh on openSUSE 13.1

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:N/AC:H/Au:S/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-0777
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
BugTraq ID: 80695
http://www.securityfocus.com/bid/80695
Bugtraq: 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 (Google Search)
http://www.securityfocus.com/archive/1/537295/100/0/threaded
Debian Security Information: DSA-3446 (Google Search)
http://www.debian.org/security/2016/dsa-3446
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html
FreeBSD Security Advisory: FreeBSD-SA-16:07
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc
http://seclists.org/fulldisclosure/2016/Jan/44
https://security.gentoo.org/glsa/201601-01
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
http://www.openwall.com/lists/oss-security/2016/01/14/7
http://www.securitytracker.com/id/1034671
SuSE Security Announcement: SUSE-SU-2016:0117 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
SuSE Security Announcement: SUSE-SU-2016:0118 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
SuSE Security Announcement: SUSE-SU-2016:0119 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
SuSE Security Announcement: SUSE-SU-2016:0120 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
SuSE Security Announcement: openSUSE-SU-2016:0127 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
SuSE Security Announcement: openSUSE-SU-2016:0128 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
http://www.ubuntu.com/usn/USN-2869-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-0778
BugTraq ID: 80698
http://www.securityfocus.com/bid/80698
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.