Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> Mandriva Security Update Fixes OpenSSH Security Bypass Issues

Title : Mandriva Security Update Fixes OpenSSH Security Bypass Issues
VUPEN ID : VUPEN/ADV-2005-1979
CVE ID : CVE-2005-2798
Rated as : Low Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-10-07

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format 

Mandriva has released updated packages to correct two vulnerabilities identified in OpenSSH. The first issue is due to an error introduced in OpenSSH 4.0, which could cause "GatewayPorts" to be incorrectly activated for dynamic port forwarding when no listen address is explicitly specified. The second issue occurs when a user has GSSAPI authentication configured and "GSSAPIDelegateCredentials" is enabled, which could cause Kerberos credentials to be exposed to remote hosts. For additional information, see : VUPEN/ADV-2005-1624

Affected Products

Mandrivalinux 10.2

Solution

Use MandrakeUpdate to apply patches :

Mandrivalinux 10.2:
5b16f3323d58303c290bf4b8c4e2a4b3 10.2/RPMS/openssh-3.9p1-9.1.102mdk.i586.rpm
2a7fca4e1c99008a53cb9498c1bd9840 10.2/RPMS/openssh-askpass-3.9p1-9.1.102mdk.i586.rpm
65f397d175fb638d0e73912a7e9faa7d 10.2/RPMS/openssh-askpass-gnome-3.9p1-9.1.102mdk.i586.rpm
2733baa7c0258da37920d66a7f1ee9d3 10.2/RPMS/openssh-clients-3.9p1-9.1.102mdk.i586.rpm
a93cd3020e41bd6b25c3fa57ca8586f8 10.2/RPMS/openssh-server-3.9p1-9.1.102mdk.i586.rpm
f90cfc307f313e14ddd919fc729f1984 10.2/SRPMS/openssh-3.9p1-9.1.102mdk.src.rpm

Mandrivalinux 10.2/X86_64:
545f0245578cee586f2ded4b3616061a x86_64/10.2/RPMS/openssh-3.9p1-9.1.102mdk.x86_64.rpm
98962ab477d7cc19338d04acdb462ec1 x86_64/10.2/RPMS/openssh-askpass-3.9p1-9.1.102mdk.x86_64.rpm
0935a8dd00cdb2604e6fd37a6913cb91 x86_64/10.2/RPMS/openssh-askpass-gnome-3.9p1-9.1.102mdk.x86_64.rpm
7c124895fc7fad47d1e88ee3ebe91daf x86_64/10.2/RPMS/openssh-clients-3.9p1-9.1.102mdk.x86_64.rpm
27bc59e934f3d196470611cc4e9dd430 x86_64/10.2/RPMS/openssh-server-3.9p1-9.1.102mdk.x86_64.rpm
f90cfc307f313e14ddd919fc729f1984 x86_64/10.2/SRPMS/openssh-3.9p1-9.1.102mdk.src.rpm

References

http://www.vupen.com/english/advisories/2005/1979
http://archives.mandrivalinux.com/security-announce/2005-10/msg00002.php

ChangeLog

2005-10-07 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Vulnerability Alerting

Free 14-Day Trial
 
  Latest News

 

  >> 2009-07-06

     

  Microsoft Windows 0-Day
  Flaw Exploited in the Wild


  >> 2009-06-10

     

  VUPEN Security Research
  Discovered Critical Flaws
  in Adobe Acrobat and MS
  Office Word


  >> 2009-06-02

     

  VUPEN Security Research
  Discovered Critical Flaws
  in ACDSee Products


  >> 2009-05-22

     

  VUPEN Discovered Two
  Critical Vulnerabilities in
  Novell GroupWise 8 / 7

 

 

More Informations    
    








Copyright 2003-2009 © VUPEN.COM - Privacy Policy