Executive Summary
Summary | |
---|---|
Title | New openssh packages fix predictable randomness |
Informations | |||
---|---|---|---|
Name | DSA-1576 | First vendor Publication | 2008-05-14 |
Vendor | Debian | Last vendor Modification | 2008-05-16 |
Severity (Vendor) | N/A | Revision | 2 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys with options (such as "no-port-forwarding" or forced commands) were ignored by the new ssh-vulnkey tool introduced in openssh 1:4.3p2-9etch1 (see DSA 1576-1). This could cause some compromised keys not to be listed in ssh-vulnkey's output. This update also adds more information to ssh-vulnkey's manual page. For the stable distribution (etch), this problem has been fixed in version 1:4.3p2-9etch2 We recommend that you upgrade your openssh (1:4.3p2-9etch2) package. |
Original Source
Url : http://www.debian.org/security/2008/dsa-1576 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-59 | Session Credential Falsification through Prediction |
CAPEC-112 | Brute Force |
CAPEC-281 | Analytic Attacks |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-338 | Use of Cryptographically Weak PRNG |
33 % | CWE-264 | Permissions, Privileges, and Access Controls |
33 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10809 | |||
Oval ID: | oval:org.mitre.oval:def:10809 | ||
Title: | ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted. | ||
Description: | ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-4752 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17406 | |||
Oval ID: | oval:org.mitre.oval:def:17406 | ||
Title: | USN-597-1 -- openssh vulnerability | ||
Description: | Timo Juhani Lindfors discovered that the OpenSSH client, when port forwarding was requested, would listen on any available address family. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-597-1 CVE-2008-1483 | Version: | 5 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | openssh |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17500 | |||
Oval ID: | oval:org.mitre.oval:def:17500 | ||
Title: | USN-566-1 -- openssh vulnerability | ||
Description: | Jan Pechanec discovered that ssh would forward trusted X11 cookies when untrusted cookie generation failed. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-566-1 CVE-2007-4752 | Version: | 5 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | openssh |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17595 | |||
Oval ID: | oval:org.mitre.oval:def:17595 | ||
Title: | USN-612-3 -- openvpn vulnerability | ||
Description: | Once the update is applied, weak shared encryption keys and SSL/TLS certificates will be rejected where possible (though they cannot be detected in all cases). | ||
Family: | unix | Class: | patch |
Reference(s): | USN-612-3 CVE-2008-0166 | Version: | 7 |
Platform(s): | Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | openvpn |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17688 | |||
Oval ID: | oval:org.mitre.oval:def:17688 | ||
Title: | USN-612-1 -- openssl vulnerability | ||
Description: | A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-612-1 CVE-2008-0166 | Version: | 7 |
Platform(s): | Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17770 | |||
Oval ID: | oval:org.mitre.oval:def:17770 | ||
Title: | USN-612-2 -- openssh vulnerability | ||
Description: | A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-612-2 CVE-2008-0166 | Version: | 5 |
Platform(s): | Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | openssh |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17774 | |||
Oval ID: | oval:org.mitre.oval:def:17774 | ||
Title: | USN-612-4 -- ssl-cert vulnerability | ||
Description: | USN-612-1 fixed vulnerabilities in openssl. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-612-4 CVE-2008-0166 | Version: | 7 |
Platform(s): | Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | ssl-cert |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17807 | |||
Oval ID: | oval:org.mitre.oval:def:17807 | ||
Title: | USN-612-7 -- openssh update | ||
Description: | USN-612-2 introduced protections for OpenSSH, related to the OpenSSL vulnerabilities addressed by USN-612-1. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-612-7 CVE-2008-0166 | Version: | 5 |
Platform(s): | Ubuntu 6.06 | Product(s): | openssh |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18593 | |||
Oval ID: | oval:org.mitre.oval:def:18593 | ||
Title: | DSA-1576-1 openssh openssh-blacklist - predictable randomness | ||
Description: | The recently announced vulnerability in Debian's openssl package (<a href="/security/2008/dsa-1571">DSA-1571-1</a>, <a href="http://security-tracker.debian.org/tracker/CVE-2008-0166">CVE-2008-0166</a>) indirectly affects OpenSSH. As a result, all user and host keys generated using broken versions of the openssl package must be considered untrustworthy, even after the openssl update has been applied. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1576-1 CVE-2008-0166 CVE-2008-1483 CVE-2007-4752 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | openssh |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5599 | |||
Oval ID: | oval:org.mitre.oval:def:5599 | ||
Title: | HP-UX Running HP Secure Shell, Remotely Gain Extended Privileges | ||
Description: | ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-4752 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6085 | |||
Oval ID: | oval:org.mitre.oval:def:6085 | ||
Title: | Security Vulnerability in Solaris SSH May Allow Unauthorized Access to X11 Sessions | ||
Description: | OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1483 | Version: | 1 |
Platform(s): | Sun Solaris 9 Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7978 | |||
Oval ID: | oval:org.mitre.oval:def:7978 | ||
Title: | DSA-1576 openssh -- predictable random number generator | ||
Description: | The recently announced vulnerability in Debian's openssl package (DSA-1571-1, CVE-2008-0166) indirectly affects OpenSSH. As a result, all user and host keys generated using broken versions of the openssl package must be considered untrustworthy, even after the openssl update has been applied. 1. Install the security updates This update contains a dependency on the openssl update and will automatically install a corrected version of the libssl0.9.8 package, and a new package openssh-blacklist. Once the update is applied, weak user keys will be automatically rejected where possible (though they cannot be detected in all cases). If you are using such keys for user authentication, they will immediately stop working and will need to be replaced (see step 3). OpenSSH host keys can be automatically regenerated when the OpenSSH security update is applied. The update will prompt for confirmation before taking this step. 2. Update OpenSSH known_hosts files The regeneration of host keys will cause a warning to be displayed when connecting to the system using SSH until the host key is updated in the known_hosts file. The warning will look like this: In this case, the host key has simply been changed, and you should update the relevant known_hosts file as indicated in the error message. It is recommended that you use a trustworthy channel to exchange the server key. It is found in the file /etc/ssh/ssh_host_rsa_key.pub on the server; its fingerprint can be printed using the command: ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub In addition to user-specific known_hosts files, there may be a system-wide known hosts file /etc/ssh/ssh_known_hosts. This is file is used both by the ssh client and by sshd for the hosts.equiv functionality. This file needs to be updated as well. 3. Check all OpenSSH user keys The safest course of action is to regenerate all OpenSSH user keys, except where it can be established to a high degree of certainty that the key was generated on an unaffected system. Check whether your key is affected by running the ssh-vulnkey tool, included in the security update. By default, ssh-vulnkey will check the standard location for user keys (~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity), your authorised_keys file (~/.ssh/authorised_keys and ~/.ssh/authorised_keys2), and the system's host keys (/etc/ssh/ssh_host_dsa_key and /etc/ssh/ssh_host_rsa_key). To check all your own keys, assuming they are in the standard locations (~/.ssh/id_rsa, ~/.ssh/id_dsa, or ~/.ssh/identity): ssh-vulnkey To check all keys on your system: sudo ssh-vulnkey -a To check a key in a non-standard location: ssh-vulnkey /path/to/key If ssh-vulnkey says "Unknown (no blacklist information)", then it has no information about whether that key is affected. In this case, you can examine the modification time (mtime) of the file using "ls -l". Keys generated before September 2006 are not affected. Keep in mind that, although unlikely, backup procedures may have changed the file date back in time (or the system clock may have been incorrectly set). If in doubt, generate a new key and remove the old one from any servers. 4. Regenerate any affected user keys OpenSSH keys used for user authentication must be manually regenerated, including those which may have since been transferred to a different system after being generated. New keys can be generated using ssh-keygen, e.g.: 5. Update authorised_keys files (if necessary) Once the user keys have been regenerated, the relevant public keys must be propagated to any authorised_keys files (and authorised_keys2 files, if applicable) on remote systems. Be sure to delete the lines containing old keys from those files. In addition to countermeasures to mitigate the randomness vulnerability, this OpenSSH update fixes several other vulnerabilities: CVE-2008-1483: Timo Juhani Lindfors discovered that, when using X11 forwarding, the SSH client selects an X11 forwarding port without ensuring that it can be bound on all address families. If the system is configured with IPv6 (even if it does not have working IPv6 connectivity), this could allow a local attacker on the remote server to hijack X11 forwarding. CVE-2007-4752: Jan Pechanec discovered that ssh falls back to creating a trusted X11 cookie if creating an untrusted cookie fails, potentially exposing the local display to a malicious remote server when using X11 forwarding. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1576 CVE-2008-0166 CVE-2008-1483 CVE-2007-4752 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | openssh |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X 10.5.5 Update / Security Update 2008-006 File : nvt/macosx_upd_10_5_5_secupd_2008-006.nasl |
2010-04-19 | Name : OpenSSH X Connections Session Hijacking Vulnerability File : nvt/gb_openssh_28444.nasl |
2010-02-03 | Name : Solaris Update for Kernel 122300-48 File : nvt/gb_solaris_122300_48.nasl |
2010-02-03 | Name : Solaris Update for Kernel 122301-48 File : nvt/gb_solaris_122301_48.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : Solaris Update for /usr/bin/ssh 114357-18 File : nvt/gb_solaris_114357_18.nasl |
2009-10-13 | Name : Solaris Update for Kernel 122300-44 File : nvt/gb_solaris_122300_44.nasl |
2009-10-13 | Name : Solaris Update for /usr/bin/ssh 114356-19 File : nvt/gb_solaris_114356_19.nasl |
2009-10-13 | Name : Solaris Update for Kernel 122301-44 File : nvt/gb_solaris_122301_44.nasl |
2009-10-13 | Name : SLES10: Security update for OpenSSH File : nvt/sles10_openssh0.nasl |
2009-10-10 | Name : SLES9: Security update for OpenSSH File : nvt/sles9p5016761.nasl |
2009-10-10 | Name : SLES9: Security update for OpenSSH File : nvt/sles9p5023096.nasl |
2009-09-23 | Name : Solaris Update for Kernel 122301-42 File : nvt/gb_solaris_122301_42.nasl |
2009-06-03 | Name : Solaris Update for kernel 137137-09 File : nvt/gb_solaris_137137_09.nasl |
2009-06-03 | Name : Solaris Update for Kernel 122301-40 File : nvt/gb_solaris_122301_40.nasl |
2009-06-03 | Name : Solaris Update for kernel 137138-09 File : nvt/gb_solaris_137138_09.nasl |
2009-06-03 | Name : Solaris Update for Kernel 122300-40 File : nvt/gb_solaris_122300_40.nasl |
2009-06-03 | Name : Solaris Update for /usr/bin/ssh 114357-17 File : nvt/gb_solaris_114357_17.nasl |
2009-06-03 | Name : Solaris Update for /usr/bin/ssh 114356-18 File : nvt/gb_solaris_114356_18.nasl |
2009-05-05 | Name : HP-UX Update for HP-UX Secure Shell HPSBUX02337 File : nvt/gb_hp_ux_HPSBUX02337.nasl |
2009-05-05 | Name : HP-UX Update for HP Secure Shell HPSBUX02287 File : nvt/gb_hp_ux_HPSBUX02287.nasl |
2009-04-09 | Name : Mandriva Update for openssh MDVSA-2008:078 (openssh) File : nvt/gb_mandriva_MDVSA_2008_078.nasl |
2009-04-09 | Name : Mandriva Update for openssh MDKSA-2007:236 (openssh) File : nvt/gb_mandriva_MDKSA_2007_236.nasl |
2009-03-23 | Name : Ubuntu Update for openssh update USN-612-7 File : nvt/gb_ubuntu_USN_612_7.nasl |
2009-03-23 | Name : Ubuntu Update for ssl-cert vulnerability USN-612-4 File : nvt/gb_ubuntu_USN_612_4.nasl |
2009-03-23 | Name : Ubuntu Update for openssh vulnerability USN-566-1 File : nvt/gb_ubuntu_USN_566_1.nasl |
2009-03-23 | Name : Ubuntu Update for openssh vulnerability USN-597-1 File : nvt/gb_ubuntu_USN_597_1.nasl |
2009-03-23 | Name : Ubuntu Update for openssh vulnerability USN-612-2 File : nvt/gb_ubuntu_USN_612_2.nasl |
2009-03-23 | Name : Ubuntu Update for openvpn vulnerability USN-612-3 File : nvt/gb_ubuntu_USN_612_3.nasl |
2009-03-06 | Name : RedHat Update for openssh RHSA-2008:0855-01 File : nvt/gb_RHSA-2008_0855-01_openssh.nasl |
2009-02-27 | Name : Fedora Update for openssh FEDORA-2007-715 File : nvt/gb_fedora_2007_715_openssh_fc6.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-02 (openssh) File : nvt/glsa_200711_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-03 (openssh) File : nvt/glsa_200804_03.nasl |
2008-09-04 | Name : USN-612-1 through USN-612-11: OpenSSL vulnerability (openssl) File : nvt/ubuntu_usn-612.nasl |
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc) File : nvt/freebsdsa_openssh4.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1576-2 (openssh) File : nvt/deb_1576_2.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1576-1 (openssh) File : nvt/deb_1576_1.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1571-1 (openssl) File : nvt/deb_1571_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-095-01 openssh File : nvt/esoft_slk_ssa_2008_095_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-255-01 openssh File : nvt/esoft_slk_ssa_2007_255_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
45503 | Ubuntu Linux ssh-vulnkey authorized_keys Unspecified Options Key Guessing Wea... |
45029 | OpenSSL on Debian/Ubuntu Linux Predictable Random Number Generator (RNG) Cryp... |
43745 | OpenSSH X11 Forwarding Local Session Hijacking |
43371 | OpenSSH Trusted X11 Cookie Connection Policy Bypass |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2008-08-28 | IAVM : 2008-T-0046 - Red Hat OpenSSH Vulnerability Severity : Category II - VMSKEY : V0017144 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-12-14 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-1351.nasl - Type : ACT_GATHER_INFO |
2017-12-08 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-3230-1.nasl - Type : ACT_GATHER_INFO |
2014-04-16 | Name : The remote AIX host is running a vulnerable version of OpenSSH. File : aix_ssh_advisory.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0855.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-527.nasl - Type : ACT_GATHER_INFO |
2013-03-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-612-1.nasl - Type : ACT_GATHER_INFO |
2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-612-2.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080822_openssh_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2011-10-04 | Name : Remote attackers may be able to bypass authentication. File : openssh_47.nasl - Type : ACT_GATHER_INFO |
2011-08-29 | Name : The SSH service running on the remote host has an information disclosure vuln... File : sunssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0855.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12122.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11931.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-078.nasl - Type : ACT_GATHER_INFO |
2008-09-16 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_5.nasl - Type : ACT_GATHER_INFO |
2008-09-16 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-006.nasl - Type : ACT_GATHER_INFO |
2008-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0855.nasl - Type : ACT_GATHER_INFO |
2008-08-20 | Name : The remote SSH service is affected by multiple vulnerabilities. File : attachmate_reflection_70_sp1.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-612-7.nasl - Type : ACT_GATHER_INFO |
2008-05-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1576.nasl - Type : ACT_GATHER_INFO |
2008-05-16 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-612-4.nasl - Type : ACT_GATHER_INFO |
2008-05-16 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-612-3.nasl - Type : ACT_GATHER_INFO |
2008-05-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-612-5.nasl - Type : ACT_GATHER_INFO |
2008-05-15 | Name : The remote SSH host is set up to accept authentication with weak Debian SSH k... File : ssh_debian_find_weak_keys.nasl - Type : ACT_GATHER_INFO |
2008-05-15 | Name : The remote SSL certificate uses a weak key. File : ssl_debian_weak.nasl - Type : ACT_GATHER_INFO |
2008-05-14 | Name : The remote SSH host keys are weak. File : ssh_debian_weak.nasl - Type : ACT_GATHER_INFO |
2008-05-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1571.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-095-01.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-03.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote openSUSE host is missing a security update. File : suse_openssh-5149.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote openSUSE host is missing a security update. File : suse_openssh-5148.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssh-5122.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-597-1.nasl - Type : ACT_GATHER_INFO |
2008-04-03 | Name : The remote SSH service is prone to an X11 session hijacking vulnerability. File : openssh_50.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO |
2008-01-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-566-1.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssh-4580.nasl - Type : ACT_GATHER_INFO |
2007-12-07 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-236.nasl - Type : ACT_GATHER_INFO |
2007-11-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-02.nasl - Type : ACT_GATHER_INFO |
2007-10-30 | Name : The remote openSUSE host is missing a security update. File : suse_openssh-4579.nasl - Type : ACT_GATHER_INFO |
2007-10-16 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-715.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-255-01.nasl - Type : ACT_GATHER_INFO |
2005-10-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-527.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:27:38 |
|