Executive Summary
Summary | |
---|---|
Title | openssh security, bug fix, and enhancement update |
Informations | |||
---|---|---|---|
Name | RHSA-2009:1287 | First vendor Publication | 2009-09-02 |
Vendor | RedHat | Last vendor Modification | 2009-09-02 |
Severity (Vendor) | Low | Revision | 02 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.6 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated openssh packages that fix a security issue, a bug, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the SSH protocol. An attacker able to perform a man-in-the-middle attack may be able to obtain a portion of plain text from an arbitrary ciphertext block when a CBC mode cipher was used to encrypt SSH communication. This update helps mitigate this attack: OpenSSH clients and servers now prefer CTR mode ciphers to CBC mode, and the OpenSSH server now reads SSH packets up to their full possible length when corruption is detected, rather than reporting errors early, reducing the possibility of successful plain text recovery. (CVE-2008-5161) This update also fixes the following bug: * the ssh client hung when trying to close a session in which a background process still held tty file descriptors open. With this update, this so-called "hang on exit" error no longer occurs and the ssh client closes the session immediately. (BZ#454812) In addition, this update adds the following enhancements: * the SFTP server can now chroot users to various directories, including a user's home directory, after log in. A new configuration option -- ChrootDirectory -- has been added to "/etc/ssh/sshd_config" for setting this up (the default is not to chroot users). Details regarding configuring this new option are in the sshd_config(5) manual page. (BZ#440240) * the executables which are part of the OpenSSH FIPS module which is being validated will check their integrity and report their FIPS mode status to the system log or to the terminal. (BZ#467268, BZ#492363) All OpenSSH users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues and add these enhancements. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 440240 - request to add chroot sftp capabilty into openssh-server 472068 - CVE-2008-5161 OpenSSH: Plaintext Recovery Attack against CBC ciphers |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2009-1287.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11279 | |||
Oval ID: | oval:org.mitre.oval:def:11279 | ||
Title: | Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors. | ||
Description: | Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5161 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22951 | |||
Oval ID: | oval:org.mitre.oval:def:22951 | ||
Title: | ELSA-2009:1287: openssh security, bug fix, and enhancement update (Low) | ||
Description: | Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1287-02 CVE-2008-5161 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | openssh |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29350 | |||
Oval ID: | oval:org.mitre.oval:def:29350 | ||
Title: | RHSA-2009:1287 -- openssh security, bug fix, and enhancement update (Low) | ||
Description: | Updated openssh packages that fix a security issue, a bug, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1287 CESA-2009:1287-CentOS 5 CVE-2008-5161 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | openssh |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for openssh CESA-2009:1287 centos5 i386 File : nvt/gb_CESA-2009_1287_openssh_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for openssh CESA-2009:1470 centos5 i386 File : nvt/gb_CESA-2009_1470_openssh_centos5_i386.nasl |
2010-05-12 | Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006 File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl |
2009-10-06 | Name : RedHat Security Advisory RHSA-2009:1470 File : nvt/RHSA_2009_1470.nasl |
2009-09-21 | Name : CentOS Security Advisory CESA-2009:1287 (openssh) File : nvt/ovcesa2009_1287.nasl |
2009-09-09 | Name : RedHat Security Advisory RHSA-2009:1287 File : nvt/RHSA_2009_1287.nasl |
2009-04-23 | Name : OpenSSH CBC Mode Information Disclosure Vulnerability File : nvt/openssh_32319_remote.nasl |
2008-12-02 | Name : OpenSSH CBC Mode Information Disclosure Vulnerability File : nvt/secpod_openssh_information_disclosure_vuln_900179.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
50036 | OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure |
50035 | SSH Tectia Multiple Products CBC Mode Chosen Ciphertext 32-bit Chunk Plaintex... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL14609.nasl - Type : ACT_GATHER_INFO |
2014-05-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201405-06.nasl - Type : ACT_GATHER_INFO |
2014-04-16 | Name : The remote AIX host is running a vulnerable version of OpenSSH. File : aix_openssh_advisory.nasl - Type : ACT_GATHER_INFO |
2013-10-28 | Name : The SSH server is configured to use Cipher Block Chaining. File : ssh_cbc_supported_ciphers.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1470.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090930_openssh_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090902_openssh_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2011-09-27 | Name : The SSH service running on the remote host has an information disclosure vuln... File : openssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO |
2011-08-29 | Name : The SSH service running on the remote host has an information disclosure vuln... File : sunssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO |
2010-03-05 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0004.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1287.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1470.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-006.nasl - Type : ACT_GATHER_INFO |
2009-10-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1470.nasl - Type : ACT_GATHER_INFO |
2009-09-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1287.nasl - Type : ACT_GATHER_INFO |
2007-03-18 | Name : The remote host is missing Sun Security Patch number 122300-61 File : solaris9_122300.nasl - Type : ACT_GATHER_INFO |
2007-03-18 | Name : The remote host is missing Sun Security Patch number 122301-61 File : solaris9_x86_122301.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:52:49 |
|
2013-01-23 13:23:19 |
|