[CentOS] OpenVAS Vulnerability

Kaushal Shriyan kaushalshriyan at gmail.com
Sat May 21 01:17:38 UTC 2011


Hi,

Please advice me about the below reported vulnerability.

High
OpenSSH X Connections Session Hijacking Vulnerability
Risk: High
Application: ssh
Port: 22
Protocol: tcp
ScriptID: 100584
Overview:
OpenSSH is prone to a vulnerability that allows attackers to hijack
forwarded X connections.
Successfully exploiting this issue may allow an attacker run arbitrary
shell commands with the privileges of the user running the affected
application.
This issue affects OpenSSH 4.3p2; other versions may also be affected.
NOTE: This issue affects the portable version of OpenSSH and may not
affect OpenSSH running on OpenBSD.
Solution:
Updates are available. Please see the references for more information.
References:
http://www.securityfocus.com/bid/28444
http://support.apple.com/kb/HT3137
http://www.openbsd.org/errata41.html
http://www.openbsd.org/errata42.html
http://www.openbsd.org/errata43.html
http://www.openssh.com/txt/release-5.0
http://www.openssh.com
http://sourceforge.net/project/shownotes.php?release_id=590180
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011
http://www.securityfocus.com/archive/1/492447
http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc
http://support.avaya.com/elmodocs2/security/ASA-2008-205.htm
http://www.globus.org/mail_archive/security-announce/2008/04/msg00000.html
http://support.attachmate.com/techdocs/2374.html#Security_Updates_in_7.0_SP1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-237444-1
CVE : CVE-2008-1483
BID : 28444
Medium
OpenSSH CBC Mode Information Disclosure Vulnerability
Risk: Medium
Application: ssh
Port: 22
Protocol: tcp
ScriptID: 100153
Overview: The host is installed with OpenSSH and is prone to information
disclosure vulnerability.
Vulnerability Insight:
The flaw is caused due to the improper handling of errors within an SSH session
encrypted with a block cipher algorithm in the Cipher-Block Chaining 'CBC' mode.
Impact:
Successful exploits will allow attackers to obtain four bytes of plaintext from
an encrypted session.
Impact Level: Application
Affected Software/OS:
Versions prior to OpenSSH 5.2 are vulnerable. Various versions of SSH Tectia
are also affected.
Fix: Upgrade to higher version
http://www.openssh.com/portable.html
References:
http://www.securityfocus.com/bid/32319
CVE : CVE-2008-5161
BID : 32319

Regards,

Kaushal



More information about the CentOS mailing list