Executive Summary
| Summary | |
|---|---|
| Title | OpenSSH vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | USN-649-1 | First vendor Publication | 2008-10-01 |
| Vendor | Ubuntu | Last vendor Modification | 2008-10-01 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 7.04: Ubuntu 7.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the ForceCommand directive could be bypassed. If a local user created a malicious ~/.ssh/rc file, they could execute arbitrary commands as their user id. This only affected Ubuntu 7.10. (CVE-2008-1657) USN-355-1 fixed vulnerabilities in OpenSSH. It was discovered that the fixes for this issue were incomplete. A remote attacker could attempt multiple logins, filling all available connection slots, leading to a denial of service. This only affected Ubuntu 6.06 and 7.04. (CVE-2008-4109) |
Original Source
| Url : http://www.ubuntu.com/usn/USN-649-1 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:17752 | |||
| Oval ID: | oval:org.mitre.oval:def:17752 | ||
| Title: | USN-649-1 -- openssh vulnerabilities | ||
| Description: | It was discovered that the ForceCommand directive could be bypassed. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-649-1 CVE-2008-1657 CVE-2008-4109 | Version: | 5 |
| Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | openssh |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8085 | |||
| Oval ID: | oval:org.mitre.oval:def:8085 | ||
| Title: | DSA-1638 openssh -- denial of service | ||
| Description: | It has been discovered that the signal handler implementing the login timeout in Debian's version of the OpenSSH server uses functions which are not async-signal-safe, leading to a denial of service vulnerability (CVE-2008-4109). The problem was originally corrected in OpenSSH 4.4p1 (CVE-2006-5051), but the patch backported to the version released with etch was incorrect. Systems affected by this issue suffer from lots of zombie sshd processes. Processes stuck with a "[net]" process title have also been observed. Over time, a sufficient number of processes may accumulate such that further login attempts are impossible. Presence of these processes does not indicate active exploitation of this vulnerability. It is possible to trigger this denial of service condition by accident. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1638 CVE-2006-5051 CVE-2008-4109 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | openssh |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-05-12 | Name : Mac OS X 10.5.5 Update / Security Update 2008-006 File : nvt/macosx_upd_10_5_5_secupd_2008-006.nasl |
| 2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
| 2009-10-13 | Name : SLES10: Security update for OpenSSH File : nvt/sles10_openssh.nasl |
| 2009-10-10 | Name : SLES9: Security update for OpenSSH File : nvt/sles9p5036180.nasl |
| 2009-04-09 | Name : Mandriva Update for openssh MDVSA-2008:098 (openssh) File : nvt/gb_mandriva_MDVSA_2008_098.nasl |
| 2009-03-23 | Name : Ubuntu Update for openssh vulnerabilities USN-649-1 File : nvt/gb_ubuntu_USN_649_1.nasl |
| 2008-09-24 | Name : Debian Security Advisory DSA 1638-1 (openssh) File : nvt/deb_1638_1.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-03 (openssh) File : nvt/glsa_200804_03.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 43911 | OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution |
| 29264 | OpenSSH Signal Handler Pre-authentication Race Condition Code Execution OpenSSH (portable) contains a flaw that may allow a remote attacker to execute arbitrary code under some circumstances. When configured with GSSAPI authentication, the signal handler is prone to a race condition that could be exploited to conduct a Denial of Service and possibly execute arbitrary code. No further details have been provided. Note: On OpenSSH, this vulnerability can only be leveraged for a remote Denial of Service. The conditions for remote exploitation to execute arbitrary code are considered to be unlikely. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-04-16 | Name : The remote AIX host is running a vulnerable version of OpenSSH. File : aix_ssh_advisory.nasl - Type : ACT_GATHER_INFO |
| 2011-10-04 | Name : The remote SSH service is affected by a security bypass vulnerability. File : openssh_49.nasl - Type : ACT_GATHER_INFO |
| 2011-08-29 | Name : The SSH service running on the remote host has an information disclosure vuln... File : sunssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12257.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-098.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-649-1.nasl - Type : ACT_GATHER_INFO |
| 2008-10-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssh-5627.nasl - Type : ACT_GATHER_INFO |
| 2008-09-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1638.nasl - Type : ACT_GATHER_INFO |
| 2008-09-16 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_5.nasl - Type : ACT_GATHER_INFO |
| 2008-09-16 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-006.nasl - Type : ACT_GATHER_INFO |
| 2008-08-20 | Name : The remote SSH service is affected by multiple vulnerabilities. File : attachmate_reflection_70_sp1.nasl - Type : ACT_GATHER_INFO |
| 2008-04-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-03.nasl - Type : ACT_GATHER_INFO |
| 2008-04-11 | Name : The remote openSUSE host is missing a security update. File : suse_openssh-5149.nasl - Type : ACT_GATHER_INFO |
| 2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-355-1.nasl - Type : ACT_GATHER_INFO |
| 2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-179.nasl - Type : ACT_GATHER_INFO |
| 2006-09-28 | Name : The remote SSH server is affected by multiple vulnerabilities. File : openssh_44.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 12:05:19 |
|
| 2013-05-11 00:55:47 |
|
