Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2021 Tenable Network Security, Inc.FEDORA_2006-056.NASL
HistoryJan 24, 2006 - 12:00 a.m.

Fedora Core 4 : openssh-4.2p1-fc4.10 (2006-056)

2006-01-2400:00:00
This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.
www.tenable.com
17
JSON

This is a minor security update which fixes double shell expansion in local to local and remote to remote copy with scp. It also fixes a few other minor non-security issues.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2006-056.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(20802);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2006-0225");
  script_xref(name:"FEDORA", value:"2006-056");

  script_name(english:"Fedora Core 4 : openssh-4.2p1-fc4.10 (2006-056)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora Core host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This is a minor security update which fixes double shell expansion in
local to local and remote to remote copy with scp. It also fixes a few
other minor non-security issues.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # https://lists.fedoraproject.org/pipermail/announce/2006-January/001767.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?d3d25dcd"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openssh");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openssh-askpass");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openssh-askpass-gnome");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openssh-clients");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openssh-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openssh-server");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:4");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/01/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 4.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC4", reference:"openssh-4.2p1-fc4.10")) flag++;
if (rpm_check(release:"FC4", reference:"openssh-askpass-4.2p1-fc4.10")) flag++;
if (rpm_check(release:"FC4", reference:"openssh-askpass-gnome-4.2p1-fc4.10")) flag++;
if (rpm_check(release:"FC4", reference:"openssh-clients-4.2p1-fc4.10")) flag++;
if (rpm_check(release:"FC4", reference:"openssh-debuginfo-4.2p1-fc4.10")) flag++;
if (rpm_check(release:"FC4", reference:"openssh-server-4.2p1-fc4.10")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssh / openssh-askpass / openssh-askpass-gnome / openssh-clients / etc");
}
VendorProductVersionCPE
fedoraprojectfedoraopensshp-cpe:/a:fedoraproject:fedora:openssh
fedoraprojectfedoraopenssh-askpassp-cpe:/a:fedoraproject:fedora:openssh-askpass
fedoraprojectfedoraopenssh-askpass-gnomep-cpe:/a:fedoraproject:fedora:openssh-askpass-gnome
fedoraprojectfedoraopenssh-clientsp-cpe:/a:fedoraproject:fedora:openssh-clients
fedoraprojectfedoraopenssh-debuginfop-cpe:/a:fedoraproject:fedora:openssh-debuginfo
fedoraprojectfedoraopenssh-serverp-cpe:/a:fedoraproject:fedora:openssh-server
fedoraprojectfedora_core4cpe:/o:fedoraproject:fedora_core:4

Related

nessus 22
debiancve 2
openvas 24
centos 3
ubuntucve 2
suse 1
redhat 3
slackware 1
gentoo 1
ubuntu 1
cve 3
seebug 1
prion 3
f5 2
nessus
nessus
RHEL 4 : openssh (RHSA-2006:0044)
2006-03-08 00:00:00
Solaris 9 (x86) : 114357-18
2007-07-02 00:00:00
Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : openssh (SSA:2006-045-06)
2006-02-15 00:00:00
debiancve
debiancve
CVE-2006-0225
2006-01-25 11:03:00
CVE-2023-38336
2023-07-14 22:15:09
openvas
openvas
SLES9: Security update for OpenSSH
2009-10-10 00:00:00
Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
2008-09-24 00:00:00
SLES9: Security update for OpenSSH
2009-10-10 00:00:00
centos
centos
openssh security update
2006-03-08 00:16:52
openssh security update
2006-07-20 15:13:49
openssh security update
2006-10-02 01:42:56
ubuntucve
ubuntucve
CVE-2006-0225
2006-01-25 00:00:00
CVE-2023-38336
2023-07-14 00:00:00
suse
suse
remote code execution in openssh
2006-02-14 10:41:38
redhat
redhat
(RHSA-2006:0044) openssh security update
2006-03-07 12:56:55
(RHSA-2006:0298) openssh security update
2006-07-20 09:25:51
(RHSA-2006:0698) openssh security update
2006-09-28 00:00:00
slackware
slackware
[slackware-security] openssh
2006-02-15 00:27:52
gentoo
gentoo
OpenSSH, Dropbear: Insecure use of system() call
2006-02-20 00:00:00
ubuntu
ubuntu
openssh vulnerability
2006-02-22 00:00:00
cve
cve
CVE-2006-0225
2006-01-25 11:03:00
CVE-2007-3717
2007-07-12 16:30:00
CVE-2023-38336
2023-07-14 22:15:09
seebug
seebug
Avaya CMS / IR Solaris scp命令行shell命令注入漏洞
2007-07-10 00:00:00
prion
prion
Command injection
2006-01-25 11:03:00
Code injection
2007-07-12 16:30:00
Command injection
2023-07-14 22:15:00
f5
f5
SOL17452 - OpenSSH vulnerabilities CVE-2001-0361, CVE-2001-0572, CVE-2004-2069, CVE-2006-0225, and CVE-2006-0883
2015-10-16 00:00:00
K17452 : OpenSSH vulnerabilities CVE-2001-0361, CVE-2001-0572, CVE-2004-2069, CVE-2006-0225, and CVE-2006-0883
2015-10-16 00:00:00
JSON
Related for FEDORA_2006-056.NASL
nessus22debiancve2openvas24centos3ubuntucve2suse1redhat3slackware1gentoo1ubuntu1cve3seebug1prion3f52