- Home
- CVEs with nessus.description==Updated+openssh+packages+that+fix+several+security+issues+in+sshd+are+now+available+for+Red+Hat+Enterprise+Linux+2.1.%0A%0AThis+update+has+been+rated+as+having+important+security+impact+by+the+Red+Hat+Security+Response+Team.%0A%0AOpenSSH+is+OpenBSD%27s+SSH+%28Secure+SHell%29+protocol+implementation.+This+package+includes+the+core+files+necessary+for+both+the+OpenSSH+client+and+server.%0A%0AMark+Dowd+discovered+a+signal+handler+race+condition+in+the+OpenSSH+sshd+server.+A+remote+attacker+could+possibly+leverage+this+flaw+to+cause+a+denial+of+service+%28crash%29.+%28CVE-2006-5051%29+The+OpenSSH+project+believes+the+likelihood+of+successful+exploitation+leading+to+arbitrary+code+execution+appears+remote.+However%2C+the+Red+Hat+Security+Response+Team+have+not+yet+been+able+to+verify+this+claim+due+to+lack+of+upstream+vulnerability+information.+We+are+therefore+including+a+fix+for+this+flaw+and+have+rated+it+important+security+severity+in+the+event+our+continued+investigation+finds+this+issue+to+be+exploitable.%0A%0ATavis+Ormandy+of+the+Google+Security+Team+discovered+a+denial+of+service+bug+in+the+OpenSSH+sshd+server.+A+remote+attacker+can+send+a+specially+crafted+SSH-1+request+to+the+server+causing+sshd+to+consume+a+large+quantity+of+CPU+resources.+%28CVE-2006-4924%29%0A%0AAn+arbitrary+command+execution+flaw+was+discovered+in+the+way+scp+copies+files+locally.+It+is+possible+for+a+local+attacker+to+create+a+file+with+a+carefully+crafted+name+that+could+execute+arbitrary+commands+as+the+user+running+scp+to+copy+files+locally.%0A%28CVE-2006-0225%29%0A%0AThe+SSH+daemon%2C+when+restricting+host+access+by+numeric+IP+addresses+and+with+VerifyReverseMapping+disabled%2C+allows+remote+attackers+to+bypass+%27from%3D%27+and+%27user%40host%27+address+restrictions+by+connecting+to+a+host+from+a+system+whose+reverse+DNS+hostname+contains+the+numeric+IP+address.+%28CVE-2003-0386%29%0A%0AAll+users+of+openssh+should+upgrade+to+these+updated+packages%2C+which+contain+backported+patches+that+resolve+these+issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top