Vulners
Lucene search
openSUSE 10 Security Update : openssh (openssh-4579)
| Reporter | Title | Published | Views | Family All 143 |
|---|---|---|---|---|
 | OpenSSH < 4.7 Trusted X11 Cookie Connection Policy Bypass | 11 Sep 200700:00 | – | nessus |
| CentOS 4 / 5 : openssh (CESA-2008:0855) | 6 Jan 201000:00 | – | nessus |
| Debian DSA-1576-1 : openssh - predictable random number generator | 19 May 200800:00 | – | nessus |
| Fedora Core 6 : openssh-4.3p2-25.fc6 (2007-715) | 16 Oct 200700:00 | – | nessus |
| GLSA-200711-02 : OpenSSH: Security bypass | 2 Nov 200700:00 | – | nessus |
| Mac OS X Multiple Vulnerabilities (Security Update 2008-002) | 19 Mar 200800:00 | – | nessus |
| Mandrake Linux Security Advisory : openssh (MDKSA-2007:236) | 7 Dec 200700:00 | – | nessus |
| MiracleLinux 3 : openssh-4.3p2-26.1.1AXS3 (AXSA:2008-272:01) | 14 Jan 202600:00 | – | nessus |
| OpenSSH < 4.7 Trusted X11 Cookie Connection Policy Bypass | 4 Oct 201100:00 | – | nessus |
| Oracle Linux 5 : openssh (ELSA-2008-0855) | 12 Jul 201300:00 | – | nessus |
10
| Source | Link |
|---|---|
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openssh-4579.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(27589);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2007-4752");
script_name(english:"openSUSE 10 Security Update : openssh (openssh-4579)");
script_summary(english:"Check for the openssh-4579 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update fixes a bug in ssh's cookie handling code. It does not
properly handle the situation when an untrusted cookie cannot be
created and uses a trusted X11 cookie instead. This allows attackers
to violate the intended policy and gain privileges by causing an X
client to be treated as trusted. (CVE-2007-4752) Additionally this
update fixes a bug introduced with the last security update for
openssh. When the SSH daemon wrote to stderr (for instance, to warn
about the presence of a deprecated option like
PAMAuthenticationViaKbdInt in its configuration file), SIGALRM was
blocked for SSH sessions. This resulted in problems with processes
which rely on SIGALRM, such as ntpdate."
);
script_set_attribute(
attribute:"solution",
value:"Update the affected openssh packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_cwe_id(20);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssh");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssh-askpass");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");
script_set_attribute(attribute:"patch_publication_date", value:"2007/10/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/30");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.1|SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2 / 10.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE10.1", reference:"openssh-4.2p1-18.30") ) flag++;
if ( rpm_check(release:"SUSE10.1", reference:"openssh-askpass-4.2p1-18.30") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"openssh-4.4p1-26") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"openssh-askpass-4.4p1-26") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"openssh-4.6p1-58.1") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"openssh-askpass-4.6p1-58.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssh");
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Jan 2021 00:00Current
7.4High risk
Vulners AI Score7.4
CVSS 27.5
EPSS0.02374