Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-5586.NASL
HistoryDec 22, 2023 - 12:00 a.m.

Debian DSA-5586-1 : openssh - security update

2023-12-2200:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
58
debian 11
debian 12
openssh
cve-2021-41617
cve-2023-28531
terrapin attack
cve-2023-48795
cve-2023-51384
cve-2023-51385
nessus

8 High

AI Score

Confidence

High

JSON

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5586 advisory.

  • sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.
    (CVE-2021-41617)

  • ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. (CVE-2023-28531)

  • The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH’s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust. (CVE-2023-48795)

  • In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys. (CVE-2023-51384)

  • In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
    (CVE-2023-51385)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dsa-5586. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(187213);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/04");

  script_cve_id(
    "CVE-2021-41617",
    "CVE-2023-28531",
    "CVE-2023-48795",
    "CVE-2023-51384",
    "CVE-2023-51385"
  );
  script_xref(name:"IAVA", value:"2021-A-0474-S");
  script_xref(name:"IAVA", value:"2023-A-0152-S");
  script_xref(name:"IAVA", value:"2023-A-0701");
  script_xref(name:"IAVA", value:"2023-A-0703");

  script_name(english:"Debian DSA-5586-1 : openssh - security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dsa-5586 advisory.

  - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows
    privilege escalation because supplemental groups are not initialized as expected. Helper programs for
    AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group
    memberships of the sshd process, if the configuration specifies running the command as a different user.
    (CVE-2021-41617)

  - ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination
    constraints. The earliest affected version is 8.9. (CVE-2023-28531)

  - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other
    products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the
    extension negotiation message), and a client and server may consequently end up with a connection for
    which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because
    the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and
    mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of
    ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and
    (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API
    before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80,
    AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0,
    Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15,
    SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH
    through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang
    XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd
    through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and
    LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3,
    Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server
    before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the
    mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh
    crate before 0.40.2 for Rust. (CVE-2023-48795)

  - In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When
    destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints
    are only applied to the first key, even if a PKCS#11 token returns multiple keys. (CVE-2023-51384)

  - In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell
    metacharacters, and this name is referenced by an expansion token in certain situations. For example, an
    untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
    (CVE-2023-51385)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995130");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bookworm/openssh");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/openssh");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2023/dsa-5586");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-41617");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-28531");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-48795");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-51384");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-51385");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/openssh");
  script_set_attribute(attribute:"solution", value:
"Upgrade the openssh packages.

For the stable distribution (bookworm), these problems have been fixed in version 1");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-41617");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2023-28531");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/09/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/12/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/12/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssh-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssh-client-udeb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssh-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssh-server-udeb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssh-sftp-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssh-tests");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ssh");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ssh-askpass-gnome");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(11)\.[0-9]+|^(12)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0 / 12.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '11.0', 'prefix': 'openssh-client', 'reference': '1:8.4p1-5+deb11u3'},
    {'release': '11.0', 'prefix': 'openssh-client-udeb', 'reference': '1:8.4p1-5+deb11u3'},
    {'release': '11.0', 'prefix': 'openssh-server', 'reference': '1:8.4p1-5+deb11u3'},
    {'release': '11.0', 'prefix': 'openssh-server-udeb', 'reference': '1:8.4p1-5+deb11u3'},
    {'release': '11.0', 'prefix': 'openssh-sftp-server', 'reference': '1:8.4p1-5+deb11u3'},
    {'release': '11.0', 'prefix': 'openssh-tests', 'reference': '1:8.4p1-5+deb11u3'},
    {'release': '11.0', 'prefix': 'ssh', 'reference': '1:8.4p1-5+deb11u3'},
    {'release': '11.0', 'prefix': 'ssh-askpass-gnome', 'reference': '1:8.4p1-5+deb11u3'},
    {'release': '12.0', 'prefix': 'openssh-client', 'reference': '1:9.2p1-2+deb12u2'},
    {'release': '12.0', 'prefix': 'openssh-client-udeb', 'reference': '1:9.2p1-2+deb12u2'},
    {'release': '12.0', 'prefix': 'openssh-server', 'reference': '1:9.2p1-2+deb12u2'},
    {'release': '12.0', 'prefix': 'openssh-server-udeb', 'reference': '1:9.2p1-2+deb12u2'},
    {'release': '12.0', 'prefix': 'openssh-sftp-server', 'reference': '1:9.2p1-2+deb12u2'},
    {'release': '12.0', 'prefix': 'openssh-tests', 'reference': '1:9.2p1-2+deb12u2'},
    {'release': '12.0', 'prefix': 'ssh', 'reference': '1:9.2p1-2+deb12u2'},
    {'release': '12.0', 'prefix': 'ssh-askpass-gnome', 'reference': '1:9.2p1-2+deb12u2'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh-client / openssh-client-udeb / openssh-server / etc');
}
VendorProductVersionCPE
debiandebian_linuxopenssh-serverp-cpe:/a:debian:debian_linux:openssh-server
debiandebian_linux11.0cpe:/o:debian:debian_linux:11.0
debiandebian_linuxopenssh-client-udebp-cpe:/a:debian:debian_linux:openssh-client-udeb
debiandebian_linuxssh-askpass-gnomep-cpe:/a:debian:debian_linux:ssh-askpass-gnome
debiandebian_linuxopenssh-sftp-serverp-cpe:/a:debian:debian_linux:openssh-sftp-server
debiandebian_linuxopenssh-clientp-cpe:/a:debian:debian_linux:openssh-client
debiandebian_linuxopenssh-server-udebp-cpe:/a:debian:debian_linux:openssh-server-udeb
debiandebian_linuxopenssh-testsp-cpe:/a:debian:debian_linux:openssh-tests
debiandebian_linuxsshp-cpe:/a:debian:debian_linux:ssh
debiandebian_linux12.0cpe:/o:debian:debian_linux:12.0

Related

debian 2
openvas 41
ubuntu 4
osv 13
nessus 61
cloudfoundry 2
ibm 8
redos 2
fedora 3
aix 1
mageia 2
oraclelinux 6
almalinux 2
redhat 6
rocky 2
gentoo 1
veracode 4
photon 3
cbl_mariner 3
ubuntucve 4
alpinelinux 3
redhatcve 4
prion 3
cve 3
freebsd_advisory 1
freebsd 1
debiancve 3
f5 3
amazon 2
paloalto 1
broadcom 1
cloudlinux 1
suse 1
centos 1
rosalinux 1
debian
debian
[SECURITY] [DSA 5586-1] openssh security update
2023-12-22 08:59:42
[SECURITY] [DLA 3694-1] openssh security update
2023-12-26 02:23:02
openvas
openvas
Debian: Security Advisory (DSA-5586-1)
2023-12-25 00:00:00
Fedora: Security Advisory for openssh (FEDORA-2024-7e301327c2)
2024-01-18 00:00:00
OpenBSD OpenSSH < 9.6 Multiple Vulnerabilities (Terrapin Attack)
2023-12-20 00:00:00
ubuntu
ubuntu
OpenSSH vulnerabilities
2024-01-03 00:00:00
OpenSSH vulnerabilities
2023-12-19 00:00:00
OpenSSH vulnerabilities
2024-01-11 00:00:00
osv
osv
openssh vulnerabilities
2024-01-03 18:00:01
openssh - security update
2023-12-25 00:00:00
openssh vulnerabilities
2023-12-19 13:02:10
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : OpenSSH vulnerabilities (USN-6565-1)
2024-01-03 00:00:00
OpenSSH < 9.6 Multiple Vulnerabilities
2023-12-22 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : OpenSSH vulnerabilities (USN-6560-1)
2023-12-19 00:00:00
cloudfoundry
cloudfoundry
USN-6565-1: OpenSSH vulnerabilities | Cloud Foundry
2024-02-29 00:00:00
USN-6560-1: OpenSSH vulnerabilities | Cloud Foundry
2024-02-29 00:00:00
ibm
ibm
Security Bulletin: AIX is vulnerable to a machine-in-the-middle attack (CVE-2023-48795), arbitrary command execution (CVE-2023-51385), and information disclosure (CVE-2023-51384) due to OpenSSH
2024-03-14 20:09:59
Security Bulletin: IBM QRadar Network Security is affected by Vulnerability in OpenSSH. (CVE-2021-41617)
2022-07-07 10:45:43
Security Bulletin: OpenSSH for IBM i is affected by CVE-2021-41617
2021-12-01 23:03:59
redos
redos
ROS-20240319-01
2024-03-19 00:00:00
ROS-20230911-06
2023-09-11 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: openssh-9.3p1-10.fc39
2024-01-12 01:12:26
[SECURITY] Fedora 38 Update: openssh-9.0p1-18.fc38
2024-01-23 01:22:50
[SECURITY] Fedora 38 Update: openssh-9.0p1-19.fc38
2024-02-12 01:52:39
aix
aix
AIX is vulnerable to a machine-in-the-middle attack (CVE-2023-48795) arbitrary command execution (CVE-2023-51385) and information disclosure (CVE-2023-51384) due to OpenSSH
2024-02-28 12:58:51
mageia
mageia
Updated openssh packages fix security vulnerabilities
2024-01-15 01:23:43
Updated openssh packages fix security vulnerability
2021-12-19 15:26:08
oraclelinux
oraclelinux
openssh security update
2024-02-14 00:00:00
openssh security update
2024-02-01 00:00:00
openssh security update
2024-03-06 00:00:00
almalinux
almalinux
Moderate: openssh security update
2024-01-30 00:00:00
Moderate: openssh security update
2024-03-05 00:00:00
redhat
redhat
(RHSA-2024:0455) Moderate: openssh security update
2024-01-24 14:40:54
(RHSA-2024:1130) Moderate: openssh security update
2024-03-05 15:32:06
(RHSA-2024:0606) Moderate: openssh security update
2024-01-30 14:30:50
rocky
rocky
openssh security update
2024-02-12 20:17:16
openssh security, bug fix, and enhancement update
2022-05-10 06:45:24
gentoo
gentoo
OpenSSH: Multiple Vulnerabilities
2023-12-28 00:00:00
veracode
veracode
Privilege Escalation
2023-06-07 06:26:47
Improper Authentication
2024-01-30 17:07:03
OS Command Injection
2024-01-30 17:07:03
photon
photon
Important Photon OS Security Update - PHSA-2024-5.0-0188
2024-01-10 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0444
2023-08-02 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0440
2021-10-10 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-51384 affecting package openssh for versions less than 8.9p1-3
2024-01-04 19:54:01
CVE-2023-28531 affecting package openssh 8.9p1-1
2023-06-27 21:25:25
CVE-2023-51385 affecting package openssh for versions less than 8.9p1-3
2024-01-04 19:54:01
ubuntucve
ubuntucve
CVE-2023-51384
2023-12-20 00:00:00
CVE-2023-28531
2023-03-17 00:00:00
CVE-2023-51385
2023-12-20 00:00:00
alpinelinux
alpinelinux
CVE-2023-28531
2023-03-17 04:15:14
CVE-2023-51384
2023-12-18 19:15:08
CVE-2023-51385
2023-12-18 19:15:08
redhatcve
redhatcve
CVE-2023-51384
2023-12-19 21:35:06
CVE-2023-28531
2023-03-17 12:43:10
CVE-2023-51385
2023-12-19 21:34:54
prion
prion
Code injection
2023-12-18 19:15:00
Code injection
2023-03-17 04:15:00
Command injection
2023-12-18 19:15:00
cve
cve
CVE-2023-28531
2023-03-17 04:15:14
CVE-2023-51384
2023-12-18 19:15:08
CVE-2023-51385
2023-12-18 19:15:08
freebsd_advisory
freebsd_advisory
FreeBSD-SA-23:05.openssh
2023-06-21 00:00:00
freebsd
freebsd
FreeBSD -- ssh-add does not honor per-hop destination constraints
2023-06-21 00:00:00
debiancve
debiancve
CVE-2023-28531
2023-03-17 04:15:14
CVE-2023-51384
2023-12-18 19:15:08
CVE-2023-51385
2023-12-18 19:15:08
f5
f5
K000138825 : OpenSSH vulnerability CVE-2023-51384
2024-03-05 00:00:00
K000133517 : OpenSSH vulnerability CVE-2023-28531
2023-04-14 00:00:00
K000138827 : OpenSSH vulnerability CVE-2023-51385
2024-03-06 00:00:00
amazon
amazon
Medium: openssh
2024-03-27 21:32:00
Medium: openssh
2022-02-03 19:30:00
paloalto
paloalto
Informational: Impact of the OpenSSH Vulnerability CVE-2021-41617 on PAN-OS
2021-11-30 18:15:00
broadcom
broadcom
A flaw in OpenSSH helper programs could lead to local privilege escalation
2023-08-01 00:00:00
cloudlinux
cloudlinux
openssh: Fix of CVE-2023-51385
2023-12-28 17:39:04
suse
suse
Security update for openssh (important)
2021-12-06 00:00:00
centos
centos
openssh, pam_ssh_agent_auth security update
2021-12-01 19:19:31
rosalinux
rosalinux
Advisory ROSA-SA-2024-2340
2024-02-14 09:58:40

8 High

AI Score

Confidence

High

JSON
Related for DEBIAN_DSA-5586.NASL
debian2openvas41ubuntu4osv13nessus61cloudfoundry2ibm8redos2fedora3aix1mageia2oraclelinux6almalinux2redhat6rocky2gentoo1veracode4photon3cbl_mariner3ubuntucve4alpinelinux3redhatcve4prion3cve3freebsd_advisory1freebsd1debiancve3f53amazon2paloalto1broadcom1cloudlinux1suse1centos1rosalinux1