Executive Summary

Summary
TitleNew openssh packages fix predictable randomness
Informations
NameDSA-1576First vendor Publication2008-05-14
VendorDebianLast vendor Modification2008-05-16
Severity (Vendor) N/ARevision2

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Cvss Base Score7.8Attack RangeNetwork
Cvss Impact Score6.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys with options (such as "no-port-forwarding" or forced commands) were ignored by the new ssh-vulnkey tool introduced in openssh 1:4.3p2-9etch1 (see DSA 1576-1). This could cause some compromised keys not to be listed in ssh-vulnkey's output.

This update also adds more information to ssh-vulnkey's manual page.

For the stable distribution (etch), this problem has been fixed in version 1:4.3p2-9etch2

We recommend that you upgrade your openssh (1:4.3p2-9etch2) package.

Original Source

Url : http://www.debian.org/security/2008/dsa-1576

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-59Session Credential Falsification through Prediction
CAPEC-112Brute Force
CAPEC-281Analytic Attacks

CWE : Common Weakness Enumeration

idName
CWE-330Use of Insufficiently Random Values
CWE-310Cryptographic Issues
CWE-264Permissions, Privileges, and Access Controls
CWE-20Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5599
 
Oval ID: oval:org.mitre.oval:def:5599
Title: HP-UX Running HP Secure Shell, Remotely Gain Extended Privileges
Description: ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4752
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10809
 
Oval ID: oval:org.mitre.oval:def:10809
Title: ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
Description: ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4752
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6085
 
Oval ID: oval:org.mitre.oval:def:6085
Title: Security Vulnerability in Solaris SSH May Allow Unauthorized Access to X11 Sessions
Description: OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.
Family: unix Class: vulnerability
Reference(s): CVE-2008-1483
Version: 1
Platform(s): Sun Solaris 9
Sun Solaris 10
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2
Application45

OpenVAS Exploits

DateDescription
2010-05-12Name : Mac OS X 10.5.5 Update / Security Update 2008-006
File : nvt/macosx_upd_10_5_5_secupd_2008-006.nasl
2010-04-19Name : OpenSSH X Connections Session Hijacking Vulnerability
File : nvt/gb_openssh_28444.nasl
2010-02-03Name : Solaris Update for Kernel 122300-48
File : nvt/gb_solaris_122300_48.nasl
2010-02-03Name : Solaris Update for Kernel 122301-48
File : nvt/gb_solaris_122301_48.nasl
2009-11-17Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-13Name : Solaris Update for /usr/bin/ssh 114356-19
File : nvt/gb_solaris_114356_19.nasl
2009-10-13Name : Solaris Update for /usr/bin/ssh 114357-18
File : nvt/gb_solaris_114357_18.nasl
2009-10-13Name : SLES10: Security update for OpenSSH
File : nvt/sles10_openssh0.nasl
2009-10-13Name : Solaris Update for Kernel 122300-44
File : nvt/gb_solaris_122300_44.nasl
2009-10-13Name : Solaris Update for Kernel 122301-44
File : nvt/gb_solaris_122301_44.nasl
2009-10-10Name : SLES9: Security update for OpenSSH
File : nvt/sles9p5023096.nasl
2009-10-10Name : SLES9: Security update for OpenSSH
File : nvt/sles9p5016761.nasl
2009-09-23Name : Solaris Update for Kernel 122301-42
File : nvt/gb_solaris_122301_42.nasl
2009-06-03Name : Solaris Update for kernel 137137-09
File : nvt/gb_solaris_137137_09.nasl
2009-06-03Name : Solaris Update for kernel 137138-09
File : nvt/gb_solaris_137138_09.nasl
2009-06-03Name : Solaris Update for /usr/bin/ssh 114356-18
File : nvt/gb_solaris_114356_18.nasl
2009-06-03Name : Solaris Update for /usr/bin/ssh 114357-17
File : nvt/gb_solaris_114357_17.nasl
2009-06-03Name : Solaris Update for Kernel 122300-40
File : nvt/gb_solaris_122300_40.nasl
2009-06-03Name : Solaris Update for Kernel 122301-40
File : nvt/gb_solaris_122301_40.nasl
2009-05-05Name : HP-UX Update for HP Secure Shell HPSBUX02287
File : nvt/gb_hp_ux_HPSBUX02287.nasl
2009-05-05Name : HP-UX Update for HP-UX Secure Shell HPSBUX02337
File : nvt/gb_hp_ux_HPSBUX02337.nasl
2009-04-09Name : Mandriva Update for openssh MDKSA-2007:236 (openssh)
File : nvt/gb_mandriva_MDKSA_2007_236.nasl
2009-04-09Name : Mandriva Update for openssh MDVSA-2008:078 (openssh)
File : nvt/gb_mandriva_MDVSA_2008_078.nasl
2009-03-23Name : Ubuntu Update for openssh vulnerability USN-566-1
File : nvt/gb_ubuntu_USN_566_1.nasl
2009-03-23Name : Ubuntu Update for openssh vulnerability USN-597-1
File : nvt/gb_ubuntu_USN_597_1.nasl
2009-03-23Name : Ubuntu Update for openssh vulnerability USN-612-2
File : nvt/gb_ubuntu_USN_612_2.nasl
2009-03-23Name : Ubuntu Update for openvpn vulnerability USN-612-3
File : nvt/gb_ubuntu_USN_612_3.nasl
2009-03-23Name : Ubuntu Update for ssl-cert vulnerability USN-612-4
File : nvt/gb_ubuntu_USN_612_4.nasl
2009-03-23Name : Ubuntu Update for openssh update USN-612-7
File : nvt/gb_ubuntu_USN_612_7.nasl
2009-03-06Name : RedHat Update for openssh RHSA-2008:0855-01
File : nvt/gb_RHSA-2008_0855-01_openssh.nasl
2009-02-27Name : Fedora Update for openssh FEDORA-2007-715
File : nvt/gb_fedora_2007_715_openssh_fc6.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200711-02 (openssh)
File : nvt/glsa_200711_02.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200804-03 (openssh)
File : nvt/glsa_200804_03.nasl
2008-09-04Name : FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
File : nvt/freebsdsa_openssh4.nasl
2008-09-04Name : USN-612-1 through USN-612-11: OpenSSL vulnerability (openssl)
File : nvt/ubuntu_usn-612.nasl
2008-05-27Name : Debian Security Advisory DSA 1571-1 (openssl)
File : nvt/deb_1571_1.nasl
2008-05-27Name : Debian Security Advisory DSA 1576-1 (openssh)
File : nvt/deb_1576_1.nasl
2008-05-27Name : Debian Security Advisory DSA 1576-2 (openssh)
File : nvt/deb_1576_2.nasl
0000-00-00Name : Slackware Advisory SSA:2007-255-01 openssh
File : nvt/esoft_slk_ssa_2007_255_01.nasl
0000-00-00Name : Slackware Advisory SSA:2008-095-01 openssh
File : nvt/esoft_slk_ssa_2008_095_01.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
45503Ubuntu Linux ssh-vulnkey authorized_keys Unspecified Options Key Guessing Wea...
45029OpenSSL on Debian/Ubuntu Linux Predictable Random Number Generator (RNG) Cryp...
43745OpenSSH X11 Forwarding Local Session Hijacking
43371OpenSSH Trusted X11 Cookie Connection Policy Bypass

Information Assurance Vulnerability Management (IAVM)

DateDescription
2008-08-28IAVM : 2008-T-0046 - Red Hat OpenSSH Vulnerability
Severity : Category II - VMSKEY : V0017144

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0855.nasl - Type : ACT_GATHER_INFO
2013-06-28Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2005-527.nasl - Type : ACT_GATHER_INFO
2013-03-09Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-612-1.nasl - Type : ACT_GATHER_INFO
2013-03-09Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-612-2.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080822_openssh_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-10-04Name : Remote attackers may be able to bypass authentication.
File : openssh_47.nasl - Type : ACT_GATHER_INFO
2011-08-29Name : The SSH service running on the remote host has an information disclosure vuln...
File : sunssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0855.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_11931.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12122.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-078.nasl - Type : ACT_GATHER_INFO
2008-09-16Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_5.nasl - Type : ACT_GATHER_INFO
2008-09-16Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-006.nasl - Type : ACT_GATHER_INFO
2008-08-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0855.nasl - Type : ACT_GATHER_INFO
2008-08-20Name : The remote SSH service is affected by multiple vulnerabilities.
File : attachmate_reflection_70_sp1.nasl - Type : ACT_GATHER_INFO
2008-05-22Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-612-7.nasl - Type : ACT_GATHER_INFO
2008-05-19Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1576.nasl - Type : ACT_GATHER_INFO
2008-05-16Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-612-3.nasl - Type : ACT_GATHER_INFO
2008-05-16Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-612-4.nasl - Type : ACT_GATHER_INFO
2008-05-16Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-612-5.nasl - Type : ACT_GATHER_INFO
2008-05-15Name : The remote SSH host is set up to accept authentication with weak Debian SSH k...
File : ssh_debian_find_weak_keys.nasl - Type : ACT_GATHER_INFO
2008-05-15Name : The remote SSL certificate uses a weak key.
File : ssl_debian_weak.nasl - Type : ACT_GATHER_INFO
2008-05-14Name : The remote SSH host keys are weak.
File : ssh_debian_weak.nasl - Type : ACT_GATHER_INFO
2008-05-13Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1571.nasl - Type : ACT_GATHER_INFO
2008-04-11Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-095-01.nasl - Type : ACT_GATHER_INFO
2008-04-11Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200804-03.nasl - Type : ACT_GATHER_INFO
2008-04-11Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openssh-5122.nasl - Type : ACT_GATHER_INFO
2008-04-11Name : The remote SuSE system is missing the security patch openssh-5148
File : suse_openssh-5148.nasl - Type : ACT_GATHER_INFO
2008-04-11Name : The remote SuSE system is missing the security patch openssh-5149
File : suse_openssh-5149.nasl - Type : ACT_GATHER_INFO
2008-04-04Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-597-1.nasl - Type : ACT_GATHER_INFO
2008-04-03Name : The remote SSH service is prone to an X11 session hijacking vulnerability.
File : openssh_50.nasl - Type : ACT_GATHER_INFO
2008-03-19Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO
2008-01-10Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-566-1.nasl - Type : ACT_GATHER_INFO
2007-12-13Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openssh-4580.nasl - Type : ACT_GATHER_INFO
2007-12-07Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-236.nasl - Type : ACT_GATHER_INFO
2007-11-02Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200711-02.nasl - Type : ACT_GATHER_INFO
2007-10-30Name : The remote SuSE system is missing the security patch openssh-4579
File : suse_openssh-4579.nasl - Type : ACT_GATHER_INFO
2007-10-16Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-715.nasl - Type : ACT_GATHER_INFO
2007-09-14Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2007-255-01.nasl - Type : ACT_GATHER_INFO
2005-10-11Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-527.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:27:38
  • Multiple Updates