Executive Summary
Summary | |
---|---|
Title | OpenSSH update |
Informations | |||
---|---|---|---|
Name | USN-612-7 | First vendor Publication | 2008-05-20 |
Vendor | Ubuntu | Last vendor Modification | 2008-05-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-612-2 introduced protections for OpenSSH, related to the OpenSSL vulnerabilities addressed by USN-612-1. This update provides the corresponding updates for OpenSSH in Ubuntu 6.06 LTS. While the OpenSSL in Ubuntu 6.06 is not vulnerable, this update will block weak keys generated on systems that may have been affected themselves. Original advisory details: A weakness has been discovered in the random number generator used |
Original Source
Url : http://www.ubuntu.com/usn/USN-612-7 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-59 | Session Credential Falsification through Prediction |
CAPEC-112 | Brute Force |
CAPEC-281 | Analytic Attacks |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-338 | Use of Cryptographically Weak PRNG |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17595 | |||
Oval ID: | oval:org.mitre.oval:def:17595 | ||
Title: | USN-612-3 -- openvpn vulnerability | ||
Description: | Once the update is applied, weak shared encryption keys and SSL/TLS certificates will be rejected where possible (though they cannot be detected in all cases). | ||
Family: | unix | Class: | patch |
Reference(s): | USN-612-3 CVE-2008-0166 | Version: | 7 |
Platform(s): | Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | openvpn |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17688 | |||
Oval ID: | oval:org.mitre.oval:def:17688 | ||
Title: | USN-612-1 -- openssl vulnerability | ||
Description: | A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-612-1 CVE-2008-0166 | Version: | 7 |
Platform(s): | Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17770 | |||
Oval ID: | oval:org.mitre.oval:def:17770 | ||
Title: | USN-612-2 -- openssh vulnerability | ||
Description: | A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-612-2 CVE-2008-0166 | Version: | 5 |
Platform(s): | Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | openssh |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17774 | |||
Oval ID: | oval:org.mitre.oval:def:17774 | ||
Title: | USN-612-4 -- ssl-cert vulnerability | ||
Description: | USN-612-1 fixed vulnerabilities in openssl. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-612-4 CVE-2008-0166 | Version: | 7 |
Platform(s): | Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | ssl-cert |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17807 | |||
Oval ID: | oval:org.mitre.oval:def:17807 | ||
Title: | USN-612-7 -- openssh update | ||
Description: | USN-612-2 introduced protections for OpenSSH, related to the OpenSSL vulnerabilities addressed by USN-612-1. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-612-7 CVE-2008-0166 | Version: | 5 |
Platform(s): | Ubuntu 6.06 | Product(s): | openssh |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-03-23 | Name : Ubuntu Update for openssh vulnerability USN-612-2 File : nvt/gb_ubuntu_USN_612_2.nasl |
2009-03-23 | Name : Ubuntu Update for openvpn vulnerability USN-612-3 File : nvt/gb_ubuntu_USN_612_3.nasl |
2009-03-23 | Name : Ubuntu Update for ssl-cert vulnerability USN-612-4 File : nvt/gb_ubuntu_USN_612_4.nasl |
2009-03-23 | Name : Ubuntu Update for openssh update USN-612-7 File : nvt/gb_ubuntu_USN_612_7.nasl |
2008-09-04 | Name : USN-612-1 through USN-612-11: OpenSSL vulnerability (openssl) File : nvt/ubuntu_usn-612.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1571-1 (openssl) File : nvt/deb_1571_1.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1576-1 (openssh) File : nvt/deb_1576_1.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1576-2 (openssh) File : nvt/deb_1576_2.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
45503 | Ubuntu Linux ssh-vulnkey authorized_keys Unspecified Options Key Guessing Wea... |
45029 | OpenSSL on Debian/Ubuntu Linux Predictable Random Number Generator (RNG) Cryp... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-03-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-612-1.nasl - Type : ACT_GATHER_INFO |
2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-612-2.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-612-7.nasl - Type : ACT_GATHER_INFO |
2008-05-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1576.nasl - Type : ACT_GATHER_INFO |
2008-05-16 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-612-3.nasl - Type : ACT_GATHER_INFO |
2008-05-16 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-612-4.nasl - Type : ACT_GATHER_INFO |
2008-05-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-612-5.nasl - Type : ACT_GATHER_INFO |
2008-05-15 | Name : The remote SSH host is set up to accept authentication with weak Debian SSH k... File : ssh_debian_find_weak_keys.nasl - Type : ACT_GATHER_INFO |
2008-05-15 | Name : The remote SSL certificate uses a weak key. File : ssl_debian_weak.nasl - Type : ACT_GATHER_INFO |
2008-05-14 | Name : The remote SSH host keys are weak. File : ssh_debian_weak.nasl - Type : ACT_GATHER_INFO |
2008-05-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1571.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:05:08 |
|
2013-05-11 00:55:41 |
|