ID CVE-2006-0225
Summary scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
References
Vulnerable Configurations
  • OpenBSD OpenSSH 3.0
    cpe:2.3:a:openbsd:openssh:3.0
  • OpenBSD OpenSSH 3.0.1
    cpe:2.3:a:openbsd:openssh:3.0.1
  • OpenBSD OpenSSH 3.0.1 p1
    cpe:2.3:a:openbsd:openssh:3.0.1p1
  • OpenBSD OpenSSH 3.0.2
    cpe:2.3:a:openbsd:openssh:3.0.2
  • OpenBSD OpenSSH 3.0.2p1
    cpe:2.3:a:openbsd:openssh:3.0.2p1
  • OpenBSD OpenSSH 3.0 p1
    cpe:2.3:a:openbsd:openssh:3.0p1
  • OpenBSD OpenSSH 3.1
    cpe:2.3:a:openbsd:openssh:3.1
  • OpenBSD OpenSSH 3.1 p1
    cpe:2.3:a:openbsd:openssh:3.1p1
  • OpenBSD OpenSSH 3.2
    cpe:2.3:a:openbsd:openssh:3.2
  • OpenBSD OpenSSH 3.2.2 p1
    cpe:2.3:a:openbsd:openssh:3.2.2p1
  • OpenBSD OpenSSH 3.2.3 p1
    cpe:2.3:a:openbsd:openssh:3.2.3p1
  • OpenBSD OpenSSH 3.3
    cpe:2.3:a:openbsd:openssh:3.3
  • OpenBSD OpenSSH 3.3 p1
    cpe:2.3:a:openbsd:openssh:3.3p1
  • OpenBSD OpenSSH 3.4
    cpe:2.3:a:openbsd:openssh:3.4
  • OpenBSD OpenSSH 3.4 p1
    cpe:2.3:a:openbsd:openssh:3.4p1
  • OpenBSD OpenSSH 3.5
    cpe:2.3:a:openbsd:openssh:3.5
  • OpenBSD OpenSSH 3.5 p1
    cpe:2.3:a:openbsd:openssh:3.5p1
  • OpenBSD OpenSSH 3.6
    cpe:2.3:a:openbsd:openssh:3.6
  • OpenBSD OpenSSH 3.6.1
    cpe:2.3:a:openbsd:openssh:3.6.1
  • OpenBSD OpenSSH 3.6.1 p1
    cpe:2.3:a:openbsd:openssh:3.6.1p1
  • OpenBSD OpenSSH 3.6.1 p2
    cpe:2.3:a:openbsd:openssh:3.6.1p2
  • OpenBSD OpenSSH 3.7
    cpe:2.3:a:openbsd:openssh:3.7
  • OpenBSD OpenSSH 3.7.1
    cpe:2.3:a:openbsd:openssh:3.7.1
  • OpenBSD OpenSSH 3.7.1 p2
    cpe:2.3:a:openbsd:openssh:3.7.1p2
  • OpenBSD OpenSSH 3.8
    cpe:2.3:a:openbsd:openssh:3.8
  • OpenBSD OpenSSH 3.8.1
    cpe:2.3:a:openbsd:openssh:3.8.1
  • OpenBSD OpenSSH 3.8.1 p1
    cpe:2.3:a:openbsd:openssh:3.8.1p1
  • OpenBSD OpenSSH 3.9
    cpe:2.3:a:openbsd:openssh:3.9
  • OpenBSD OpenSSH 3.9.1
    cpe:2.3:a:openbsd:openssh:3.9.1
  • OpenBSD OpenSSH 3.9.1 p1
    cpe:2.3:a:openbsd:openssh:3.9.1p1
  • OpenBSD OpenSSH Portable 4.0.p1
    cpe:2.3:a:openbsd:openssh:4.0p1
  • OpenBSD OpenSSH Portable 4.1.p1
    cpe:2.3:a:openbsd:openssh:4.1p1
  • OpenBSD OpenSSH Portable 4.2.p1
    cpe:2.3:a:openbsd:openssh:4.2p1
CVSS
Base: 4.6 (as of 25-01-2006 - 07:57)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0298.NASL
    description Updated openssh packages that fix bugs in sshd are now available for Red Hat Enterprise Linux 3. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server. An arbitrary command execution flaw was discovered in the way scp copies files locally. It is possible for a local attacker to create a file with a carefully crafted name that could execute arbitrary commands as the user running scp to copy files locally. (CVE-2006-0225) The SSH daemon, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass 'from=' and 'user@host' address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address. (CVE-2003-0386) The following issues have also been fixed in this update : * If the sshd service was stopped using the sshd init script while the main sshd daemon was not running, the init script would kill other sshd processes, such as the running sessions. For example, this could happen when the 'service sshd stop' command was issued twice. * When privilege separation was enabled, the last login message was printed only for the root user. * The sshd daemon was sending messages to the system log from a signal handler when debug logging was enabled. This could cause a deadlock of the user's connection. All users of openssh should upgrade to these updated packages, which resolve these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 22084
    published 2006-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22084
    title RHEL 3 : openssh (RHSA-2006:0298)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_114357.NASL
    description SunOS 5.9_x86: /usr/bin/ssh patch. Date this patch was last updated by Sun : Sep/16/09
    last seen 2016-09-26
    modified 2011-09-18
    plugin id 25654
    published 2007-07-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25654
    title Solaris 9 (x86) : 114357-18
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_123324.NASL
    description SunOS 5.10: sshd patch. Date this patch was last updated by Sun : Jun/20/07
    last seen 2018-09-01
    modified 2018-08-13
    plugin id 25642
    published 2007-07-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25642
    title Solaris 10 (sparc) : 123324-03
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2006-045-06.NASL
    description New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 20917
    published 2006-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20917
    title Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : openssh (SSA:2006-045-06)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0044.NASL
    description Updated openssh packages that fix bugs in sshd and add auditing of user logins are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server. An arbitrary command execution flaw was discovered in the way scp copies files locally. It is possible for a local attacker to create a file with a carefully crafted name that could execute arbitrary commands as the user running scp to copy files locally. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-0225 to this issue. The following issue has also been fixed in this update : * If the sshd service was stopped using the sshd init script while the main sshd daemon was not running, the init script would kill other sshd processes, such as the running sessions. For example, this could happen when the 'service sshd stop' command was issued twice. Additionally, this update implements auditing of user logins through the system audit service. All users of openssh should upgrade to these updated packages, which resolve these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 21030
    published 2006-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21030
    title RHEL 4 : openssh (RHSA-2006:0044)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_4_9.NASL
    description The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.9 or a version of Mac OS X 10.3 which does not have Security Update 2007-003 applied. This update contains several security fixes for the following programs : - ColorSync - CoreGraphics - Crash Reporter - CUPS - Disk Images - DS Plugins - Flash Player - GNU Tar - HFS - HID Family - ImageIO - Kernel - MySQL server - Networking - OpenSSH - Printing - QuickDraw Manager - servermgrd - SMB File Server - Software Update - sudo - WebLog
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 24811
    published 2007-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24811
    title Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-255-1.NASL
    description Tomas Mraz discovered a shell code injection flaw in scp. When doing local-to-local or remote-to-remote copying, scp expanded shell escape characters. By tricking an user into using scp on a specially crafted file name (which could also be caught by using an innocuous wild card like '*'), an attacker could exploit this to execute arbitrary shell commands with the privilege of that user. Please be aware that scp is not designed to operate securely on untrusted file names, since it needs to stay compatible with rcp. Please use sftp for automated systems and potentially untrusted file names. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-03
    plugin id 21063
    published 2006-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21063
    title Ubuntu 4.10 / 5.04 / 5.10 : openssh vulnerability (USN-255-1)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_114356.NASL
    description SunOS 5.9: /usr/bin/ssh patch. Date this patch was last updated by Sun : Sep/16/09
    last seen 2016-09-26
    modified 2011-09-18
    plugin id 25653
    published 2007-07-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25653
    title Solaris 9 (sparc) : 114356-19
  • NASL family Misc.
    NASL id JUNIPER_NSM_2012_1.NASL
    description According to the version of one or more Juniper NSM servers running on the remote host, it is potentially vulnerable to multiple vulnerabilities, the worst of which may allow an authenticated user to trigger a denial of service condition or execute arbitrary code.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 69872
    published 2013-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69872
    title Juniper NSM Servers < 2012.1 Multiple Vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200602-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-200602-11 (OpenSSH, Dropbear: Insecure use of system() call) To copy from a local filesystem to another local filesystem, scp constructs a command line using 'cp' which is then executed via system(). Josh Bressers discovered that special characters are not escaped by scp, but are simply passed to the shell. Impact : By tricking other users or applications to use scp on maliciously crafted filenames, a local attacker user can execute arbitrary commands with the rights of the user running scp. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 20953
    published 2006-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20953
    title GLSA-200602-11 : OpenSSH, Dropbear: Insecure use of system() call
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_123325-03.NASL
    description SunOS 5.10_x86: sshd patch. Date this patch was last updated by Sun : Jun/21/07
    last seen 2019-01-19
    modified 2019-01-18
    plugin id 107891
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107891
    title Solaris 10 (x86) : 123325-03
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_123324-03.NASL
    description SunOS 5.10: sshd patch. Date this patch was last updated by Sun : Jun/20/07
    last seen 2019-01-19
    modified 2019-01-18
    plugin id 107389
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107389
    title Solaris 10 (sparc) : 123324-03
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0298.NASL
    description Updated openssh packages that fix bugs in sshd are now available for Red Hat Enterprise Linux 3. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server. An arbitrary command execution flaw was discovered in the way scp copies files locally. It is possible for a local attacker to create a file with a carefully crafted name that could execute arbitrary commands as the user running scp to copy files locally. (CVE-2006-0225) The SSH daemon, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass 'from=' and 'user@host' address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address. (CVE-2003-0386) The following issues have also been fixed in this update : * If the sshd service was stopped using the sshd init script while the main sshd daemon was not running, the init script would kill other sshd processes, such as the running sessions. For example, this could happen when the 'service sshd stop' command was issued twice. * When privilege separation was enabled, the last login message was printed only for the root user. * The sshd daemon was sending messages to the system log from a signal handler when debug logging was enabled. This could cause a deadlock of the user's connection. All users of openssh should upgrade to these updated packages, which resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22134
    published 2006-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22134
    title CentOS 3 : openssh (CESA-2006:0298)
  • NASL family Misc.
    NASL id OPENSSH_43.NASL
    description According to its banner, the version of OpenSSH running on the remote host is potentially affected by an arbitrary command execution vulnerability. The scp utility does not properly sanitize user-supplied input prior to using a system() function call. A local attacker could exploit this by creating filenames with shell metacharacters, which could cause arbitrary code to be executed if copied by a user running scp.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 44076
    published 2011-10-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44076
    title OpenSSH < 4.3 scp Command Line Filename Processing Command Injection
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_123325.NASL
    description SunOS 5.10_x86: sshd patch. Date this patch was last updated by Sun : Jun/21/07
    last seen 2018-09-01
    modified 2018-08-13
    plugin id 25645
    published 2007-07-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25645
    title Solaris 10 (x86) : 123325-03
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2006-056.NASL
    description This is a minor security update which fixes double shell expansion in local to local and remote to remote copy with scp. It also fixes a few other minor non-security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20802
    published 2006-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20802
    title Fedora Core 4 : openssh-4.2p1-fc4.10 (2006-056)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0044.NASL
    description Updated openssh packages that fix bugs in sshd and add auditing of user logins are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server. An arbitrary command execution flaw was discovered in the way scp copies files locally. It is possible for a local attacker to create a file with a carefully crafted name that could execute arbitrary commands as the user running scp to copy files locally. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-0225 to this issue. The following issue has also been fixed in this update : * If the sshd service was stopped using the sshd init script while the main sshd daemon was not running, the init script would kill other sshd processes, such as the running sessions. For example, this could happen when the 'service sshd stop' command was issued twice. Additionally, this update implements auditing of user logins through the system audit service. All users of openssh should upgrade to these updated packages, which resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21975
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21975
    title CentOS 4 : openssh (CESA-2006:0044)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-034.NASL
    description A flaw was discovered in the scp local-to-local copy implementation where filenames that contain shell metacharacters or spaces are expanded twice, which could lead to the execution of arbitrary commands if a local user could be tricked into a scp'ing a specially crafted filename. The provided updates bump the OpenSSH version to the latest release version of 4.3p1. A number of differences exist, primarily dealing with PAM authentication over the version included in Corporate 3.0 and MNF2. In particular, the default sshd_config now only accepts protocol 2 connections and UsePAM is now disabled by default. On systems using alternate authentication methods (ie. LDAP) that use the PAM stack for authentication, you will need to enable UsePAM. Note that the default /etc/pam.d/sshd file has also been modified to use the pam_listfile.so module which will deny access to any users listed in /etc/ssh/denyusers (by default, this is only the root user). This is required to preserve the expected behaviour when using 'PermitRootLogin without-password'; otherwise it would still be possible to obtain a login prompt and login without using keys. Mandriva Linux 10.1 and newer already have these changes in their shipped versions. There are new features in OpenSSH and users are encouraged to review the new sshd_config and ssh_config files when upgrading.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20875
    published 2006-02-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20875
    title Mandrake Linux Security Advisory : openssh (MDKSA-2006:034)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0698.NASL
    description Updated openssh packages that fix several security issues in sshd are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server. Mark Dowd discovered a signal handler race condition in the OpenSSH sshd server. A remote attacker could possibly leverage this flaw to cause a denial of service (crash). (CVE-2006-5051) The OpenSSH project believes the likelihood of successful exploitation leading to arbitrary code execution appears remote. However, the Red Hat Security Response Team have not yet been able to verify this claim due to lack of upstream vulnerability information. We are therefore including a fix for this flaw and have rated it important security severity in the event our continued investigation finds this issue to be exploitable. Tavis Ormandy of the Google Security Team discovered a denial of service bug in the OpenSSH sshd server. A remote attacker can send a specially crafted SSH-1 request to the server causing sshd to consume a large quantity of CPU resources. (CVE-2006-4924) An arbitrary command execution flaw was discovered in the way scp copies files locally. It is possible for a local attacker to create a file with a carefully crafted name that could execute arbitrary commands as the user running scp to copy files locally. (CVE-2006-0225) The SSH daemon, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass 'from=' and 'user@host' address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address. (CVE-2003-0386) All users of openssh should upgrade to these updated packages, which contain backported patches that resolve these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 22474
    published 2006-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22474
    title RHEL 2.1 : openssh (RHSA-2006:0698)
  • NASL family Misc.
    NASL id SUNSSH_PLAINTEXT_RECOVERY.NASL
    description The version of SunSSH running on the remote host has an information disclosure vulnerability. A design flaw in the SSH specification could allow a man-in-the-middle attacker to recover up to 32 bits of plaintext from an SSH-protected connection in the standard configuration. An attacker could exploit this to gain access to sensitive information. Note that this version of SunSSH is also prone to several additional issues but Nessus did not test for them.
    last seen 2019-02-21
    modified 2018-07-31
    plugin id 55992
    published 2011-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55992
    title SunSSH < 1.1.1 / 1.3 CBC Plaintext Disclosure
oval via4
  • accepted 2014-06-09T04:00:06.911-04:00
    class vulnerability
    contributors
    • name Yuzheng Zhou
      organization Opsware, Inc.
    • name Jerome Athias
      organization McAfee, Inc.
    definition_extensions
    • comment Solaris 9 (SPARC) is installed
      oval oval:org.mitre.oval:def:1457
    • comment Solaris 9 (x86) is installed
      oval oval:org.mitre.oval:def:1683
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
    family unix
    id oval:org.mitre.oval:def:1138
    status accepted
    submitted 2007-06-28T09:00:00.000-04:00
    title Security Vulnerability Relating to scp(1) Command May Allow Attackers to Execute Arbitrary Commands
    version 34
  • accepted 2013-04-29T04:23:40.838-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
    family unix
    id oval:org.mitre.oval:def:9962
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
    version 23
redhat via4
advisories
  • bugzilla
    id 170568
    title add audit message to sshd
    oval
    AND
    comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhsa:tst:20060016001
    rhsa
    id RHSA-2006:0044
    released 2006-03-07
    severity Low
    title RHSA-2006:0044: openssh security update (Low)
  • bugzilla
    id 172564
    title message after logged via ssh
    oval
    AND
    comment Red Hat Enterprise Linux 3 is installed
    oval oval:com.redhat.rhsa:tst:20060015001
    rhsa
    id RHSA-2006:0298
    released 2006-07-20
    severity Low
    title RHSA-2006:0298: openssh security update (Low)
  • rhsa
    id RHSA-2006:0698
refmap via4
apple APPLE-SA-2007-03-13
bid 16369
cert TA07-072A
confirm
fedora
  • FEDORA-2006-056
  • FLSA-2006:168935
gentoo GLSA-200602-11
hp
  • HPSBUX02178
  • SSRT061267
mandriva MDKSA-2006:034
openbsd 20060212 [3.8] 005: SECURITY FIX: February 12, 2006
openpkg OpenPKG-SA-2006.003
osvdb 22692
sectrack 1015540
secunia
  • 18579
  • 18595
  • 18650
  • 18736
  • 18798
  • 18850
  • 18910
  • 18964
  • 18969
  • 18970
  • 19159
  • 20723
  • 21129
  • 21262
  • 21492
  • 21724
  • 22196
  • 23241
  • 23340
  • 23680
  • 24479
  • 25607
  • 25936
sgi 20060703-01-P
slackware SSA:2006-045-06
sreason 462
sunalert 102961
suse SUSE-SA:2006:008
trustix 2006-0004
ubuntu USN-255-1
vupen
  • ADV-2006-0306
  • ADV-2006-2490
  • ADV-2006-4869
  • ADV-2007-0930
  • ADV-2007-2120
xf openssh-scp-command-execution(24305)
statements via4
contributor Joshua Bressers
lastmodified 2009-09-09
organization Red Hat
statement This issue was addressed in Red Hat Enterprise Linux 2.1, 3 and 4: https://rhn.redhat.com/errata/CVE-2006-0225.html https://www.redhat.com/security/data/cve/CVE-2006-0225.html Issue was fixed upstream in version 4.3. The openssh packages in Red Hat Enterprise Linux 5 are based on the fixed upstream version and were not affected by this flaw.
Last major update 18-11-2016 - 21:59
Published 25-01-2006 - 06:03
Last modified 19-10-2018 - 11:43
Back to Top