Executive Summary
| Summary | |
|---|---|
| Title | Updated openssh packages fix vulnerability |
| Informations | |||
|---|---|---|---|
| Name | MDVSA-2008:098 | First vendor Publication | 2008-05-06 |
| Vendor | Mandriva | Last vendor Modification | 2008-05-06 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability in OpenSSH 4.4 through 4.8 allowed local attackers to bypass intended security restrictions enabling them to execute commands other than those specified by the ForceCommand directive, provided they are able to modify to ~/.ssh/rc (CVE-2008-1657). The updated packages have been patched to correct this issue. |
Original Source
| Url : http://www.mandriva.com/security/advisories?name=MDVSA-2008:098 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 6 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-05-12 | Name : Mac OS X 10.5.5 Update / Security Update 2008-006 File : nvt/macosx_upd_10_5_5_secupd_2008-006.nasl |
| 2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
| 2009-04-09 | Name : Mandriva Update for openssh MDVSA-2008:098 (openssh) File : nvt/gb_mandriva_MDVSA_2008_098.nasl |
| 2009-03-23 | Name : Ubuntu Update for openssh vulnerabilities USN-649-1 File : nvt/gb_ubuntu_USN_649_1.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-03 (openssh) File : nvt/glsa_200804_03.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 43911 | OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-04-16 | Name : The remote AIX host is running a vulnerable version of OpenSSH. File : aix_ssh_advisory.nasl - Type : ACT_GATHER_INFO |
| 2011-10-04 | Name : The remote SSH service is affected by a security bypass vulnerability. File : openssh_49.nasl - Type : ACT_GATHER_INFO |
| 2011-08-29 | Name : The SSH service running on the remote host has an information disclosure vuln... File : sunssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-098.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-649-1.nasl - Type : ACT_GATHER_INFO |
| 2008-09-16 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_5.nasl - Type : ACT_GATHER_INFO |
| 2008-09-16 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-006.nasl - Type : ACT_GATHER_INFO |
| 2008-08-20 | Name : The remote SSH service is affected by multiple vulnerabilities. File : attachmate_reflection_70_sp1.nasl - Type : ACT_GATHER_INFO |
| 2008-04-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-03.nasl - Type : ACT_GATHER_INFO |
| 2008-04-11 | Name : The remote openSUSE host is missing a security update. File : suse_openssh-5149.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:39:23 |
|
