|
|
>> Ubuntu Security Update Fixes OpenSSH Security Bypass Issues
|
Title : Ubuntu Security Update Fixes OpenSSH Security Bypass Issues
VUPEN ID : VUPEN/ADV-2005-2127
CVE ID : CVE-2005-2798
Rated as : Low Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-10-18
|
Ubuntu has released updated packages to correct two vulnerabilities identified in OpenSSH. The first issue is due to an error introduced in OpenSSH 4.0, which could cause "GatewayPorts" to be incorrectly activated for dynamic port forwarding when no listen address is explicitly specified. The second issue occurs when a user has GSSAPI authentication configured and "GSSAPIDelegateCredentials" is enabled, which could cause Kerberos credentials to be exposed to remote hosts. For additional information, see : VUPEN/ADV-2005-1624
Affected Products
Ubuntu 4.10
Ubuntu 5.04
Solution
Upgrade the affected package to version 1:3.8.1p1-11ubuntu3.2 (for Ubuntu 4.10), or 1:3.9p1-1ubuntu2.1 (for Ubuntu 5.04).
References
http://www.vupen.com/english/advisories/2005/2127
http://lists.ubuntu.com/archives/ubuntu-security-announce/2005-October/000233.html
ChangeLog
2005-10-18 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
