Executive Summary
Summary | |
---|---|
Title | openssh security update |
Informations | |||
---|---|---|---|
Name | RHSA-2006:0697 | First vendor Publication | 2006-09-28 |
Vendor | RedHat | Last vendor Modification | 2006-09-28 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated openssh packages that fix two security flaws are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server. Mark Dowd discovered a signal handler race condition in the OpenSSH sshd server. A remote attacker could possibly leverage this flaw to cause a denial of service (crash). (CVE-2006-5051) The OpenSSH project believes the likelihood of successful exploitation leading to arbitrary code execution appears remote. However, the Red Hat Security Response Team have not yet been able to verify this claim due to lack of upstream vulnerability information. We are therefore including a fix for this flaw and have rated it important security severity in the event our continued investigation finds this issue to be exploitable. Tavis Ormandy of the Google Security Team discovered a denial of service bug in the OpenSSH sshd server. A remote attacker can send a specially crafted SSH-1 request to the server causing sshd to consume a large quantity of CPU resources. (CVE-2006-4924) All users of openssh should upgrade to these updated packages, which contain backported patches that resolves these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 207955 - CVE-2006-4924 openssh DoS 208347 - CVE-2006-5051 unsafe GSSAPI signal handler |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2006-0697.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-415 | Double Free |
50 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10178 | |||
Oval ID: | oval:org.mitre.oval:def:10178 | ||
Title: | Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort." | ||
Description: | Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-5052 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10462 | |||
Oval ID: | oval:org.mitre.oval:def:10462 | ||
Title: | sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. | ||
Description: | sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-4924 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11387 | |||
Oval ID: | oval:org.mitre.oval:def:11387 | ||
Title: | Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. | ||
Description: | Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-5051 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1193 | |||
Oval ID: | oval:org.mitre.oval:def:1193 | ||
Title: | Security Vulnerability in the sshd(1M) Protocol Version 1 Implementation May Allow a Denial of Service to the Host | ||
Description: | sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-4924 | Version: | 1 |
Platform(s): | Sun Solaris 9 Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for OpenSSH File : nvt/sles9p5019505.nasl |
2009-02-27 | Name : Fedora Update for openssh FEDORA-2007-394 File : nvt/gb_fedora_2007_394_openssh_fc6.nasl |
2009-02-27 | Name : Fedora Update for openssh FEDORA-2007-395 File : nvt/gb_fedora_2007_395_openssh_fc5.nasl |
2008-09-24 | Name : Debian Security Advisory DSA 1638-1 (openssh) File : nvt/deb_1638_1.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200609-17 (openssh) File : nvt/glsa_200609_17.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200611-06 (openssh) File : nvt/glsa_200611_06.nasl |
2008-09-04 | Name : FreeBSD Ports: openssh File : nvt/freebsd_openssh.nasl |
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc) File : nvt/freebsdsa_openssh3.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1189-1 (openssh-krb5) File : nvt/deb_1189_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6)) File : nvt/deb_1212_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2006-272-02 openssh File : nvt/esoft_slk_ssa_2006_272_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
29266 | OpenSSH GSSAPI Authentication Abort Username Enumeration OpenSSH, when configured to use GSSAPI authentication, is prone to a remote information disclosure weakness. The issue occurs due to the GSSAPI authentication routine responding differently to an attacker who lets the connection proceed normally versus aborting the connection prematurely. This different in the system's response allows an attacker to determine which accounts are valid. |
29264 | OpenSSH Signal Handler Pre-authentication Race Condition Code Execution OpenSSH (portable) contains a flaw that may allow a remote attacker to execute arbitrary code under some circumstances. When configured with GSSAPI authentication, the signal handler is prone to a race condition that could be exploited to conduct a Denial of Service and possibly execute arbitrary code. No further details have been provided. Note: On OpenSSH, this vulnerability can only be leveraged for a remote Denial of Service. The conditions for remote exploitation to execute arbitrary code are considered to be unlikely. |
29152 | OpenSSH Identical Block Packet DoS OpenSSH contains a flaw that may allow a pre-authentication remote denial of service. The issue is triggered when SSH version 1 is used via an SSH packet that contains duplicate blocks, and will result in loss of availability for the service. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-08-16 | IAVM : 2012-A-0136 - Multiple Vulnerabilities in Juniper Network Management Products Severity : Category I - VMSKEY : V0033662 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | OpenSSH sshd identical blocks DoS attempt RuleID : 17317 - Revision : 11 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-01-28 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL6736.nasl - Type : ACT_GATHER_INFO |
2013-09-13 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_2012_1.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2006-0697.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0703.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071115_openssh_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071109_openssh_on_SL5.nasl - Type : ACT_GATHER_INFO |
2011-08-29 | Name : The SSH service running on the remote host has an information disclosure vuln... File : sunssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-649-1.nasl - Type : ACT_GATHER_INFO |
2008-09-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1638.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssh-2184.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0703.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-355-1.nasl - Type : ACT_GATHER_INFO |
2007-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0540.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_openssh-2183.nasl - Type : ACT_GATHER_INFO |
2007-04-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-394.nasl - Type : ACT_GATHER_INFO |
2007-04-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-395.nasl - Type : ACT_GATHER_INFO |
2007-03-13 | Name : The remote host is missing a Mac OS X update which fixes a security issue. File : macosx_10_4_9.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-179.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_062.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-1011.nasl - Type : ACT_GATHER_INFO |
2006-11-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200611-06.nasl - Type : ACT_GATHER_INFO |
2006-11-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1212.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1189.nasl - Type : ACT_GATHER_INFO |
2006-10-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0697.nasl - Type : ACT_GATHER_INFO |
2006-10-02 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_32db37a550c311dbacf3000c6ec775d9.nasl - Type : ACT_GATHER_INFO |
2006-09-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0698.nasl - Type : ACT_GATHER_INFO |
2006-09-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0697.nasl - Type : ACT_GATHER_INFO |
2006-09-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2006-272-02.nasl - Type : ACT_GATHER_INFO |
2006-09-28 | Name : The remote SSH server is affected by multiple vulnerabilities. File : openssh_44.nasl - Type : ACT_GATHER_INFO |
2006-09-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200609-17.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:50:15 |
|