Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> Fedora Security Update Fixes OpenSSH Local Shell Injection Vulnerability

Title : Fedora Security Update Fixes OpenSSH Local Shell Injection Vulnerability
VUPEN ID : VUPEN/ADV-2006-0307
CVE ID : CVE-2006-0225
Rated as : Low Risk 
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2006-01-24

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format 

Fedora has released updated packages to address a vulnerability identified in OpenSSH. This flaw is due to an error in scp that, when performing a local-to-local copy, does not properly validate filenames supplied from the command line before being passed to a "system()" function, which could be exploited by malicious users to inject and execute shell commands with the privileges of the user running scp. For additional information, see : VUPEN/ADV-2006-0306

Affected Products

Fedora Core 4

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

994fee18b120794ffe1ff86ad7bf131ee8b88ccf SRPMS/openssh-4.2p1-fc4.10.src.rpm
6bcc9cd98830e18b0159564176fa009c46b80856 ppc/openssh-4.2p1-fc4.10.ppc.rpm
d40dba0afd9822437ed7a5a696ee3daa279411ec ppc/openssh-clients-4.2p1-fc4.10.ppc.rpm
c94bb942d7792b9afa900dd0287949e04ca32b28 ppc/openssh-server-4.2p1-fc4.10.ppc.rpm
05e7f1c5319ff9570a9e845f8c700fe90c7c31b5 ppc/openssh-askpass-4.2p1-fc4.10.ppc.rpm
b6e551070bbee67f7fd946911c97178626d3da65 ppc/openssh-askpass-gnome-4.2p1-fc4.10.ppc.rpm
f480a6976ff55113f91feab46595e6d635261e2c ppc/debug/openssh-debuginfo-4.2p1-fc4.10.ppc.rpm
0165741a413a34444d01b258438277bbd9bddf2d x86_64/openssh-4.2p1-fc4.10.x86_64.rpm
2cf77f379b5c23d79aae51dc9c6b1d57d0f09c26 x86_64/openssh-clients-4.2p1-fc4.10.x86_64.rpm
552067e9c66d6a9ad7948456f647639f80c5a704 x86_64/openssh-server-4.2p1-fc4.10.x86_64.rpm
e9ff3b7547b24c008e971ebab33a0c6129337388 x86_64/openssh-askpass-4.2p1-fc4.10.x86_64.rpm
02ca70440cdbc3a0d120c33f86e6a478e8a8dca6 x86_64/openssh-askpass-gnome-4.2p1-fc4.10.x86_64.rpm
5bc5c6c6f70beea25bfadc187468b2bf5c1d4559 x86_64/debug/openssh-debuginfo-4.2p1-fc4.10.x86_64.rpm
5f807379bdf5b01a2832c7098bebead38dd1d9e7 i386/openssh-4.2p1-fc4.10.i386.rpm
381e4cec46f4e8f52ef025ecc12f3550fd9047f8 i386/openssh-clients-4.2p1-fc4.10.i386.rpm
c829cdaecc4e1717602b71f5801446048605d0e3 i386/openssh-server-4.2p1-fc4.10.i386.rpm
27da09faab909fa05fe25d4f7193e85a19d11f57 i386/openssh-askpass-4.2p1-fc4.10.i386.rpm
f5ae2f000b0b6daa7f8f630a5ca21de6bb296459 i386/openssh-askpass-gnome-4.2p1-fc4.10.i386.rpm
118203388385081425531090a807e71116eaae88 i386/debug/openssh-debuginfo-4.2p1-fc4.10.i386.rpm

References

http://www.vupen.com/english/advisories/2006/0307
http://www.frsirt.com/english/reference/4949

ChangeLog

2006-01-24 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Vulnerability Alerting

Free 14-Day Trial
 
  Latest News

 

  >> 2009-07-06

     

  Microsoft Windows 0-Day
  Flaw Exploited in the Wild


  >> 2009-06-10

     

  VUPEN Security Research
  Discovered Critical Flaws
  in Adobe Acrobat and MS
  Office Word


  >> 2009-06-02

     

  VUPEN Security Research
  Discovered Critical Flaws
  in ACDSee Products


  >> 2009-05-22

     

  VUPEN Discovered Two
  Critical Vulnerabilities in
  Novell GroupWise 8 / 7

 

 

More Informations    
    








Copyright 2003-2009 © VUPEN.COM - Privacy Policy