Executive Summary
Summary | |
---|---|
Title | OpenSSH: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201405-06 | First vendor Publication | 2014-05-11 |
Vendor | Gentoo | Last vendor Modification | 2014-05-11 |
Severity (Vendor) | High | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities have been found in OpenSSH, the worst of which may allow remote attackers to execute arbitrary code. Background Description Impact Workaround Resolution NOTE: One or more of the issues described in this advisory have been fixed in previous updates. They are included in this advisory for the sake of completeness. It is likely that your system is already no longer affected by them. References Availability http://security.gentoo.org/glsa/glsa-201405-06.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201405-06.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
17 % | CWE-399 | Resource Management Errors |
17 % | CWE-287 | Improper Authentication |
17 % | CWE-264 | Permissions, Privileges, and Access Controls |
17 % | CWE-255 | Credentials Management |
17 % | CWE-200 | Information Exposure |
17 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11279 | |||
Oval ID: | oval:org.mitre.oval:def:11279 | ||
Title: | Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors. | ||
Description: | Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5161 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12338 | |||
Oval ID: | oval:org.mitre.oval:def:12338 | ||
Title: | Security bypass vulnerability in OpenSSH version 5.6 or lower | ||
Description: | OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4478 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | OpenSSH |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19515 | |||
Oval ID: | oval:org.mitre.oval:def:19515 | ||
Title: | AIX OpenSSH Vulnerability | ||
Description: | The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-5107 | Version: | 5 |
Platform(s): | IBM AIX 5.3 IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19595 | |||
Oval ID: | oval:org.mitre.oval:def:19595 | ||
Title: | HP-UX Running HP Secure Shell, Remote Denial of Service (DoS) | ||
Description: | The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-5107 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21581 | |||
Oval ID: | oval:org.mitre.oval:def:21581 | ||
Title: | RHSA-2012:0884: openssh security, bug fix, and enhancement update (Low) | ||
Description: | The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0884-04 CESA-2012:0884 CVE-2011-5000 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | openssh |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22951 | |||
Oval ID: | oval:org.mitre.oval:def:22951 | ||
Title: | ELSA-2009:1287: openssh security, bug fix, and enhancement update (Low) | ||
Description: | Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1287-02 CVE-2008-5161 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | openssh |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23663 | |||
Oval ID: | oval:org.mitre.oval:def:23663 | ||
Title: | ELSA-2012:0884: openssh security, bug fix, and enhancement update (Low) | ||
Description: | The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0884-04 CVE-2011-5000 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | openssh |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24391 | |||
Oval ID: | oval:org.mitre.oval:def:24391 | ||
Title: | USN-2155-1 -- openssh vulnerability | ||
Description: | OpenSSH incorrectly handled environment restrictions with wildcards. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2155-1 CVE-2014-2532 | Version: | 5 |
Platform(s): | Ubuntu 13.10 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | openssh |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24888 | |||
Oval ID: | oval:org.mitre.oval:def:24888 | ||
Title: | AIX OpenSSH Vulnerability | ||
Description: | sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-2532 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25710 | |||
Oval ID: | oval:org.mitre.oval:def:25710 | ||
Title: | SUSE-SU-2013:1345-1 -- Security update for OpenSSH | ||
Description: | This update for OpenSSH provides the following fixes: * Implement remote denial of service hardening. (bnc#802639, CVE-2010-5107) * Use only FIPS 140-2 approved algorithms when FIPS mode is detected. (bnc#755505, bnc#821039) * Do not link OpenSSH binaries with LDAP libraries. (bnc#826906) Security Issue reference: * CVE-2010-5107 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107 > | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:1345-1 CVE-2010-5107 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | OpenSSH |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26218 | |||
Oval ID: | oval:org.mitre.oval:def:26218 | ||
Title: | RHSA-2012:0884: openssh security, bug fix, and enhancement update (Low) | ||
Description: | The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:1591-02 CESA-2013:1591 CVE-2010-5107 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | openssh |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27087 | |||
Oval ID: | oval:org.mitre.oval:def:27087 | ||
Title: | DEPRECATED: RHSA-2013:1591 -- openssh security, bug fix, and enhancement update (Low) | ||
Description: | OpenSSH is OpenBSD's Secure Shell (SSH) protocol implementation. These packages include the core files necessary for the OpenSSH client and server. The default OpenSSH configuration made it easy for remote attackers to exhaust unauthorized connection slots and prevent other users from being able to log in to a system. This flaw has been addressed by enabling random early connection drops by setting MaxStartups to 10:30:100 by default. For more information, refer to the sshd_config(5) man page. (CVE-2010-5107) These updated openssh packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:1591 CESA-2013:1591 CVE-2010-5107 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | openssh |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27211 | |||
Oval ID: | oval:org.mitre.oval:def:27211 | ||
Title: | ELSA-2013-1591 -- openssh security, bug fix, and enhancement update (low) | ||
Description: | [5.3p1-94] - use dracut-fips package to determine if a FIPS module is installed (#1001565) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-1591 CVE-2010-5107 | Version: | 3 |
Platform(s): | Oracle Linux 6 | Product(s): | openssh |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27843 | |||
Oval ID: | oval:org.mitre.oval:def:27843 | ||
Title: | DEPRECATED: ELSA-2012-0884 -- openssh security, bug fix, and enhancement update (low) | ||
Description: | [5.3p1-81] - fixes in openssh-5.3p1-required-authentications.patch (#657378) [5.3p1-79] - fix forward on non-localhost ports with IPv6 (#732955) [5.3p1-78] - clear SELinux exec context before exec passwd (#814691) [5.3p1-77] - prevent post-auth resource exhaustion (#809938) [5.3p1-76] - don't escape backslah in a banner (#809619) [5.3p1-75] - fix various issues in openssh-5.3p1-required-authentications.patch (#805901) [5.3p1-74] - fix out-of-memory killer patch (#744236) [5.3p1-73] - remove openssh-4.3p2-no-v6only.patch (#732955) - adjust Linux out-of-memory killer (#744236) - fix sshd init script - check existence of crypto (#797384) - add RequiredAuthentications[12] (#657378) - run privsep slave process as the users SELinux context (#798241) [5.3p1-72] - drop CAVS test driver (#782091) [5.3p1-71] - enable aes-ctr ciphers use the EVP engines from OpenSSL such as the AES-NI (#756929) - add CAVS test driver for the aes-ctr ciphers (#782091) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0884 CVE-2011-5000 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | openssh |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28386 | |||
Oval ID: | oval:org.mitre.oval:def:28386 | ||
Title: | HP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other Vulnerabilities | ||
Description: | sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-2532 | Version: | 8 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29350 | |||
Oval ID: | oval:org.mitre.oval:def:29350 | ||
Title: | RHSA-2009:1287 -- openssh security, bug fix, and enhancement update (Low) | ||
Description: | Updated openssh packages that fix a security issue, a bug, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1287 CESA-2009:1287-CentOS 5 CVE-2008-5161 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | openssh |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for openssh CESA-2012:0884 centos6 File : nvt/gb_CESA-2012_0884_openssh_centos6.nasl |
2012-06-28 | Name : openssh-server Forced Command Handling Information Disclosure Vulnerability File : nvt/gb_openssh_51702.nasl |
2012-06-22 | Name : RedHat Update for openssh RHSA-2012:0884-04 File : nvt/gb_RHSA-2012_0884-04_openssh.nasl |
2011-08-09 | Name : CentOS Update for openssh CESA-2009:1287 centos5 i386 File : nvt/gb_CESA-2009_1287_openssh_centos5_i386.nasl |
2010-05-12 | Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006 File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl |
2009-09-21 | Name : CentOS Security Advisory CESA-2009:1287 (openssh) File : nvt/ovcesa2009_1287.nasl |
2009-09-09 | Name : RedHat Security Advisory RHSA-2009:1287 File : nvt/RHSA_2009_1287.nasl |
2009-04-23 | Name : OpenSSH CBC Mode Information Disclosure Vulnerability File : nvt/openssh_32319_remote.nasl |
2008-12-02 | Name : OpenSSH CBC Mode Information Disclosure Vulnerability File : nvt/secpod_openssh_information_disclosure_vuln_900179.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
75249 | OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS |
75248 | OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS |
69658 | OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass OpenSSH contains a flaw related to public parameter validation of the J-PAKE protocol. The issue is triggered when a remote attacker uses crafted values for each round of the protocol to avoid the requirement for the shared sacred and bypass authentication. |
50036 | OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure |
50035 | SSH Tectia Multiple Products CBC Mode Chosen Ciphertext 32-bit Chunk Plaintex... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-05-21 | IAVM : 2015-A-0113 - Multiple Vulnerabilities in Juniper Networks CTPOS Severity : Category I - VMSKEY : V0060737 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-04-02 | OpenSSH maxstartup threshold potential connection exhaustion denial of servic... RuleID : 33654 - Revision : 6 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-06-15 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15780.nasl - Type : ACT_GATHER_INFO |
2016-03-22 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2016-0038.nasl - Type : ACT_GATHER_INFO |
2016-03-10 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2016-0033.nasl - Type : ACT_GATHER_INFO |
2016-02-29 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2016-0030.nasl - Type : ACT_GATHER_INFO |
2016-02-26 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-3521.nasl - Type : ACT_GATHER_INFO |
2015-10-05 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_11.nasl - Type : ACT_GATHER_INFO |
2015-06-30 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL14741.nasl - Type : ACT_GATHER_INFO |
2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-095.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_ssh_20130716.nasl - Type : ACT_GATHER_INFO |
2014-11-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1552.nasl - Type : ACT_GATHER_INFO |
2014-11-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1591.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-1527.nasl - Type : ACT_GATHER_INFO |
2014-10-23 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141014_openssh_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2014-10-17 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1552.nasl - Type : ACT_GATHER_INFO |
2014-10-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1552.nasl - Type : ACT_GATHER_INFO |
2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-369.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL14609.nasl - Type : ACT_GATHER_INFO |
2014-06-20 | Name : The remote AIX host has a vulnerable version of OpenSSH. File : aix_openssh_advisory4.nasl - Type : ACT_GATHER_INFO |
2014-06-19 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_openssh-140607.nasl - Type : ACT_GATHER_INFO |
2014-06-19 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_openssh-140606.nasl - Type : ACT_GATHER_INFO |
2014-06-10 | Name : The remote Fedora host is missing a security update. File : fedora_2014-6569.nasl - Type : ACT_GATHER_INFO |
2014-05-22 | Name : The remote Fedora host is missing a security update. File : fedora_2014-6380.nasl - Type : ACT_GATHER_INFO |
2014-05-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201405-06.nasl - Type : ACT_GATHER_INFO |
2014-04-16 | Name : The remote AIX host is running a vulnerable version of OpenSSH. File : aix_openssh_advisory2.nasl - Type : ACT_GATHER_INFO |
2014-04-16 | Name : The remote AIX host is running a vulnerable version of OpenSSH. File : aix_openssh_advisory.nasl - Type : ACT_GATHER_INFO |
2014-04-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-068.nasl - Type : ACT_GATHER_INFO |
2014-04-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2894.nasl - Type : ACT_GATHER_INFO |
2014-03-31 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-086-06.nasl - Type : ACT_GATHER_INFO |
2014-03-26 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2155-1.nasl - Type : ACT_GATHER_INFO |
2014-03-18 | Name : The SSH server on the remote host is affected by multiple vulnerabilities. File : openssh_66.nasl - Type : ACT_GATHER_INFO |
2013-12-04 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131121_openssh_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-11-29 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1591.nasl - Type : ACT_GATHER_INFO |
2013-11-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1591.nasl - Type : ACT_GATHER_INFO |
2013-10-28 | Name : The SSH server is configured to use Cipher Block Chaining. File : ssh_cbc_supported_ciphers.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-99.nasl - Type : ACT_GATHER_INFO |
2013-08-16 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_openssh-130716.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0884.nasl - Type : ACT_GATHER_INFO |
2013-07-03 | Name : The remote SSH service is susceptible to a remote denial of service attack. File : openssh_logingrace_dos.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-051.nasl - Type : ACT_GATHER_INFO |
2013-02-26 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2206.nasl - Type : ACT_GATHER_INFO |
2013-02-13 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2212.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_openssh-120813.nasl - Type : ACT_GATHER_INFO |
2012-08-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssh-8248.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120620_openssh_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090902_openssh_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-07-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0884.nasl - Type : ACT_GATHER_INFO |
2012-06-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0884.nasl - Type : ACT_GATHER_INFO |
2011-11-18 | Name : The SSH server on the remote host has multiple denial of service vulnerabilit... File : openssh_59.nasl - Type : ACT_GATHER_INFO |
2011-10-04 | Name : The remote SSH service may be affected by multiple vulnerabilities. File : openssh_57.nasl - Type : ACT_GATHER_INFO |
2011-09-27 | Name : The SSH service running on the remote host has an information disclosure vuln... File : openssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO |
2011-08-29 | Name : The SSH service running on the remote host has an information disclosure vuln... File : sunssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1287.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-006.nasl - Type : ACT_GATHER_INFO |
2009-09-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1287.nasl - Type : ACT_GATHER_INFO |
2007-03-18 | Name : The remote host is missing Sun Security Patch number 122300-61 File : solaris9_122300.nasl - Type : ACT_GATHER_INFO |
2007-03-18 | Name : The remote host is missing Sun Security Patch number 122301-61 File : solaris9_x86_122301.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-05-13 13:25:15 |
|
2014-05-11 17:21:38 |
|