RedHat Update for openssh RHSA-2013:1591-02

RedHat Update for openssh RHSA-2013:1591-02 includes OpenSSH core files for client and server, fixes CVE-2010-5107, recommends to install updated package

Reporter	Title	Published	Views	Family All 143
IBM Security Bulletins	Security Bulletin: IBM System x and Flex Systems OpenSSH Vulnerabilities (CVE-2012-0814, CVE-2008-5161)	30 Jan 201908:05	–	ibm
IBM Security Bulletins	Security Bulletin: Flex System Manager (FSM) vulnerability allows a denial of service attack (CVE-2010-5107)	30 Jan 201908:20	–	ibm
Tenable Nessus	OpenSSH < 6.2 DoS	21 Aug 201900:00	–	nessus
Tenable Nessus	AIX OpenSSH Advisory : openssh_advisory2.asc	16 Apr 201400:00	–	nessus
Tenable Nessus	CentOS 6 : openssh (CESA-2013:1591)	12 Nov 201400:00	–	nessus
Tenable Nessus	F5 Networks BIG-IP : OpenSSH vulnerability (K14741)	30 Jun 201500:00	–	nessus
Tenable Nessus	Fedora 17 : openssh-5.9p1-29.fc17 (2013-2206)	26 Feb 201300:00	–	nessus
Tenable Nessus	Fedora 18 : openssh-6.1p1-5.fc18 (2013-2212)	13 Feb 201300:00	–	nessus
Tenable Nessus	GLSA-201405-06 : OpenSSH: Multiple vulnerabilities	12 May 201400:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : openssh (MDVSA-2013:051)	20 Apr 201300:00	–	nessus

Source	Link
redhat	www.redhat.com/archives/rhsa-announce/2013-November/msg00024.html

###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for openssh RHSA-2013:1591-02
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");

if(description)
{
  script_id(871081);
  script_version("$Revision: 8456 $");
  script_tag(name:"last_modification", value:"$Date: 2018-01-18 07:58:40 +0100 (Thu, 18 Jan 2018) $");
  script_tag(name:"creation_date", value:"2013-11-21 10:44:16 +0530 (Thu, 21 Nov 2013)");
  script_cve_id("CVE-2010-5107");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_name("RedHat Update for openssh RHSA-2013:1591-02");

  tag_insight = "OpenSSH is OpenBSD's Secure Shell (SSH) protocol implementation.
These packages include the core files necessary for the OpenSSH client
and server.

The default OpenSSH configuration made it easy for remote attackers to
exhaust unauthorized connection slots and prevent other users from being
able to log in to a system. This flaw has been addressed by enabling random
early connection drops by setting MaxStartups to 10:30:100 by default.
For more information, refer to the sshd_config(5) man page. (CVE-2010-5107)

These updated openssh packages include numerous bug fixes and enhancements.
Space precludes documenting all of these changes in this advisory.
Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes,
linked to in the References, for information on the most significant of
these changes.

All openssh users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add
these enhancements.
";

  tag_affected = "openssh on Red Hat Enterprise Linux Desktop (v. 6),
  Red Hat Enterprise Linux Server (v. 6),
  Red Hat Enterprise Linux Workstation (v. 6)";

  tag_solution = "Please Install the Updated Packages.";


  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  script_xref(name: "RHSA", value: "2013:1591-02");
  script_xref(name: "URL" , value: "https://www.redhat.com/archives/rhsa-announce/2013-November/msg00024.html");
  script_tag(name: "summary" , value: "Check for the Version of openssh");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2013 Greenbone Networks GmbH");
  script_family("Red Hat Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");

res = "";
if(release == NULL){
  exit(0);
}

if(release == "RHENT_6")
{

  if ((res = isrpmvuln(pkg:"openssh", rpm:"openssh~5.3p1~94.el6", rls:"RHENT_6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"openssh-askpass", rpm:"openssh-askpass~5.3p1~94.el6", rls:"RHENT_6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"openssh-clients", rpm:"openssh-clients~5.3p1~94.el6", rls:"RHENT_6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"openssh-debuginfo", rpm:"openssh-debuginfo~5.3p1~94.el6", rls:"RHENT_6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"openssh-server", rpm:"openssh-server~5.3p1~94.el6", rls:"RHENT_6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

18 Jan 2018 00:00Current

6.1Medium risk

Vulners AI Score6.1

EPSS0.02271