(RHSA-2007:0540) Moderate: openssh security and bug fix update
2007-11-07T05:00:00
ID RHSA-2007:0540 Type redhat Reporter RedHat Modified 2017-09-08T11:47:53
Description
OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. These
packages include the core files necessary for both the OpenSSH client and
server.
A flaw was found in the way the ssh server wrote account names to the audit
subsystem. An attacker could inject strings containing parts of audit
messages, which could possibly mislead or confuse audit log parsing tools.
(CVE-2007-3102)
A flaw was found in the way the OpenSSH server processes GSSAPI
authentication requests. When GSSAPI authentication was enabled in the
OpenSSH server, a remote attacker was potentially able to determine if a
username is valid. (CVE-2006-5052)
The following bugs in SELinux MLS (Multi-Level Security) support has also
been fixed in this update:
It was sometimes not possible to select a SELinux role and level when
logging in using ssh.
If the user obtained a non-default SELinux role or level, the role change
was not recorded in the audit subsystem.
In some cases, on labeled networks, sshd allowed logins from level ranges
it should not allow.
The updated packages also contain experimental support for using private
keys stored in PKCS#11 tokens for client authentication. The support is
provided through the NSS (Network Security Services) library.
All users of openssh should upgrade to these updated packages, which
contain patches to correct these issues.
{"id": "RHSA-2007:0540", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2007:0540) Moderate: openssh security and bug fix update", "description": "OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client and\nserver.\n\nA flaw was found in the way the ssh server wrote account names to the audit\nsubsystem. An attacker could inject strings containing parts of audit\nmessages, which could possibly mislead or confuse audit log parsing tools.\n(CVE-2007-3102)\n\nA flaw was found in the way the OpenSSH server processes GSSAPI\nauthentication requests. When GSSAPI authentication was enabled in the\nOpenSSH server, a remote attacker was potentially able to determine if a\nusername is valid. (CVE-2006-5052)\n\nThe following bugs in SELinux MLS (Multi-Level Security) support has also\nbeen fixed in this update:\n\n* It was sometimes not possible to select a SELinux role and level when\nlogging in using ssh.\n\n* If the user obtained a non-default SELinux role or level, the role change\nwas not recorded in the audit subsystem.\n\n* In some cases, on labeled networks, sshd allowed logins from level ranges\nit should not allow.\n\nThe updated packages also contain experimental support for using private\nkeys stored in PKCS#11 tokens for client authentication. The support is\nprovided through the NSS (Network Security Services) library.\n\nAll users of openssh should upgrade to these updated packages, which\ncontain patches to correct these issues.", "published": "2007-11-07T05:00:00", "modified": "2017-09-08T11:47:53", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://access.redhat.com/errata/RHSA-2007:0540", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2006-5052", "CVE-2007-3102"], "lastseen": "2019-08-13T18:45:41", "viewCount": 2, "enchantments": {"score": {"value": 5.3, "vector": "NONE", "modified": "2019-08-13T18:45:41", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-5052", "CVE-2007-3102"]}, {"type": "f5", "idList": ["F5:K6876", "SOL15155", "SOL6876"]}, {"type": "centos", "idList": ["CESA-2007:0703", "CESA-2007:0737"]}, {"type": "openvas", "idList": ["OPENVAS:57492", "OPENVAS:861012", "OPENVAS:136141256231057492", "OPENVAS:1361412562310122636", "OPENVAS:136141256231065248", "OPENVAS:1361412562310122637", "OPENVAS:861170", "OPENVAS:861319", "OPENVAS:57919", "OPENVAS:65248"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-0555", "ELSA-2007-0540", "ELSA-2007-0737", "ELSA-2007-0703"]}, {"type": "redhat", "idList": ["RHSA-2007:0737", "RHSA-2007:0703", "RHSA-2007:0555"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2007-0737.NASL", "REDHAT-RHSA-2007-0540.NASL", "SL_20071115_OPENSSH_ON_SL4_X.NASL", "REDHAT-RHSA-2007-0703.NASL", "CENTOS_RHSA-2007-0703.NASL", "GENTOO_GLSA-200611-06.NASL", "OPENSSH_44.NASL", "FEDORA_2007-394.NASL", "SL_20071109_OPENSSH_ON_SL5.NASL", "SL_20071109_PAM_ON_SL5.NASL"]}, {"type": "osvdb", "idList": ["OSVDB:29266", "OSVDB:39214"]}, {"type": "gentoo", "idList": ["GLSA-200611-06"]}, {"type": "fedora", "idList": ["FEDORA:L9FJSSNP014372"]}, {"type": "slackware", "idList": ["SSA-2006-272-02"]}, {"type": "suse", "idList": ["SUSE-SA:2006:062"]}], "modified": "2019-08-13T18:45:41", "rev": 2}, "vulnersScore": 5.3}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "openssh", "packageVersion": "4.3p2-24.el5", "packageFilename": "openssh-4.3p2-24.el5.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "openssh-server", "packageVersion": "4.3p2-24.el5", "packageFilename": "openssh-server-4.3p2-24.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "openssh-server", "packageVersion": "4.3p2-24.el5", "packageFilename": "openssh-server-4.3p2-24.el5.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "openssh", "packageVersion": "4.3p2-24.el5", "packageFilename": "openssh-4.3p2-24.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "openssh-server", "packageVersion": "4.3p2-24.el5", "packageFilename": "openssh-server-4.3p2-24.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "openssh-askpass", "packageVersion": "4.3p2-24.el5", "packageFilename": "openssh-askpass-4.3p2-24.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "openssh-clients", "packageVersion": "4.3p2-24.el5", "packageFilename": "openssh-clients-4.3p2-24.el5.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc", "packageName": "openssh", "packageVersion": "4.3p2-24.el5", "packageFilename": "openssh-4.3p2-24.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc", "packageName": "openssh-clients", "packageVersion": "4.3p2-24.el5", "packageFilename": "openssh-clients-4.3p2-24.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "openssh-clients", "packageVersion": "4.3p2-24.el5", "packageFilename": "openssh-clients-4.3p2-24.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc", "packageName": "openssh-server", "packageVersion": "4.3p2-24.el5", "packageFilename": "openssh-server-4.3p2-24.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "src", "packageName": "openssh", "packageVersion": "4.3p2-24.el5", "packageFilename": "openssh-4.3p2-24.el5.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "openssh-server", "packageVersion": "4.3p2-24.el5", "packageFilename": "openssh-server-4.3p2-24.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "openssh-askpass", "packageVersion": "4.3p2-24.el5", "packageFilename": "openssh-askpass-4.3p2-24.el5.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "openssh-clients", "packageVersion": "4.3p2-24.el5", "packageFilename": "openssh-clients-4.3p2-24.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "openssh", "packageVersion": "4.3p2-24.el5", "packageFilename": "openssh-4.3p2-24.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "openssh-askpass", "packageVersion": "4.3p2-24.el5", "packageFilename": "openssh-askpass-4.3p2-24.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc", "packageName": "openssh-askpass", "packageVersion": "4.3p2-24.el5", "packageFilename": "openssh-askpass-4.3p2-24.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "openssh-askpass", "packageVersion": "4.3p2-24.el5", "packageFilename": "openssh-askpass-4.3p2-24.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "openssh-clients", "packageVersion": "4.3p2-24.el5", "packageFilename": "openssh-clients-4.3p2-24.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "openssh", "packageVersion": "4.3p2-24.el5", "packageFilename": "openssh-4.3p2-24.el5.s390x.rpm", "operator": "lt"}]}
{"cve": [{"lastseen": "2021-02-02T05:27:24", "description": "Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI \"authentication abort.\"", "edition": 4, "cvss3": {}, "published": "2006-09-27T23:07:00", "title": "CVE-2006-5052", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-5052"], "modified": "2018-10-17T21:40:00", "cpe": ["cpe:/a:openbsd:openssh:3.1", "cpe:/a:openbsd:openssh:1.2.27", "cpe:/a:openbsd:openssh:3.7.1p2", "cpe:/a:openbsd:openssh:2.9.9", "cpe:/a:openbsd:openssh:3.9.1", "cpe:/a:openbsd:openssh:3.0p1", "cpe:/a:openbsd:openssh:2.9", "cpe:/a:openbsd:openssh:3.0.1p1", "cpe:/a:openbsd:openssh:3.6.1p2", "cpe:/a:openbsd:openssh:2.9p1", "cpe:/a:openbsd:openssh:3.0.2p1", "cpe:/a:openbsd:openssh:2.9.9p2", "cpe:/a:openbsd:openssh:4.2", "cpe:/a:openbsd:openssh:4.0p1", "cpe:/a:openbsd:openssh:3.1p1", "cpe:/a:openbsd:openssh:3.3", "cpe:/a:openbsd:openssh:3.2", "cpe:/a:openbsd:openssh:2.5.1", "cpe:/a:openbsd:openssh:4.0", "cpe:/a:openbsd:openssh:2.9p2", "cpe:/a:openbsd:openssh:3.6.1p1", "cpe:/a:openbsd:openssh:1.2.2", "cpe:/a:openbsd:openssh:3.9", "cpe:/a:openbsd:openssh:3.9.1p1", "cpe:/a:openbsd:openssh:2.3", "cpe:/a:openbsd:openssh:2.5", "cpe:/a:openbsd:openssh:3.7", "cpe:/a:openbsd:openssh:3.3p1", "cpe:/a:openbsd:openssh:3.8.1p1", "cpe:/a:openbsd:openssh:3.6.1", "cpe:/a:openbsd:openssh:4.3", "cpe:/a:openbsd:openssh:3.4", "cpe:/a:openbsd:openssh:3.5p1", "cpe:/a:openbsd:openssh:3.2.2p1", "cpe:/a:openbsd:openssh:4.2p1", "cpe:/a:openbsd:openssh:1.2", "cpe:/a:openbsd:openssh:3.8.1", "cpe:/a:openbsd:openssh:3.8", "cpe:/a:openbsd:openssh:2.1", "cpe:/a:openbsd:openssh:4.1p1", "cpe:/a:openbsd:openssh:1.2.1", "cpe:/a:openbsd:openssh:1.2.3", "cpe:/a:openbsd:openssh:3.4p1", "cpe:/a:openbsd:openssh:3.0.2", "cpe:/a:openbsd:openssh:2.2", "cpe:/a:openbsd:openssh:2.1.1", "cpe:/a:openbsd:openssh:3.2.3p1", "cpe:/a:openbsd:openssh:3.2.2", "cpe:/a:openbsd:openssh:3.5", "cpe:/a:openbsd:openssh:3.0", "cpe:/a:openbsd:openssh:3.7.1", "cpe:/a:openbsd:openssh:3.7.1p1", "cpe:/a:openbsd:openssh:3.0.1", "cpe:/a:openbsd:openssh:2.5.2", "cpe:/a:openbsd:openssh:3.6", "cpe:/a:openbsd:openssh:4.3p1"], "id": "CVE-2006-5052", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5052", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:31:24", "description": "Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.", "edition": 4, "cvss3": {}, "published": "2007-10-18T20:17:00", "title": "CVE-2007-3102", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3102"], "modified": "2017-10-11T01:32:00", "cpe": ["cpe:/a:openbsd:openssh:4.3p2"], "id": "CVE-2007-3102", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3102", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2017-06-08T00:16:02", "bulletinFamily": "software", "cvelist": ["CVE-2006-5052"], "edition": 1, "description": "", "modified": "2016-01-09T02:26:00", "published": "2006-12-08T03:00:00", "id": "F5:K6876", "href": "https://support.f5.com/csp/article/K6876", "title": "OpenSSH vulnerabilities CVE-2006-5052", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:07", "bulletinFamily": "software", "cvelist": ["CVE-2006-5052"], "edition": 1, "description": "This security advisory describes an OpenSSH vulnerability. OpenSSH versions previous to version 4.4, on platforms with GSSAPI enabled, allow remote attackers to determine the validity of usernames through a Generic Security Services Application Program Interface (GSSAPI) **authentication abort** response.\n\n**Important**: F5 disables GSSAPI by default, although some third-party platforms have GSSAPI enabled.\n\nThe **authentication abort** response is issued when GSSAPI is enabled and a user attempts to log in a certain number of times using an incorrect password. Remote attackers can use this **authentication abort** response to validate whether the username exists on the system.\n\nInformation about this advisory is available at the following location:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052>\n\n**Note**: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.\n", "modified": "2013-03-26T00:00:00", "published": "2006-12-07T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/6000/800/sol6876.html", "id": "SOL6876", "title": "SOL6876 - OpenSSH vulnerabilities CVE-2006-5052", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:24", "bulletinFamily": "software", "cvelist": ["CVE-2007-3102"], "edition": 1, "description": "Recommended action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2014-04-10T00:00:00", "published": "2014-04-10T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15155.html", "id": "SOL15155", "title": "SOL15155 - OpenSSH vulnerability CVE-2007-3102", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "centos": [{"lastseen": "2019-12-20T18:24:08", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5052", "CVE-2007-3102"], "description": "**CentOS Errata and Security Advisory** CESA-2007:0703\n\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client and\nserver.\n\nA flaw was found in the way the ssh server wrote account names to the\naudit subsystem. An attacker could inject strings containing parts of audit\nmessages which could possibly mislead or confuse audit log parsing tools.\n(CVE-2007-3102)\n\nA flaw was found in the way the OpenSSH server processes GSSAPI\nauthentication requests. When GSSAPI authentication was enabled in OpenSSH\nserver, a remote attacker may have been able to determine if a username is\nvalid. (CVE-2006-5052)\n\nThe following bugs were also fixed:\n\n* the ssh daemon did not generate audit messages when an ssh session was\nclosed.\n\n* GSSAPI authentication sometimes failed on clusters using DNS or\nload-balancing.\n\n* the sftp client and server leaked small amounts of memory in some cases.\n\n* the sftp client didn't properly exit and return non-zero status in batch\nmode when the destination disk drive was full.\n\n* when restarting the ssh daemon with the initscript, the ssh daemon was\nsometimes not restarted successfully because the old running ssh daemon was\nnot properly killed.\n\n* with challenge/response authentication enabled, the pam sub-process was\nnot terminated if the user authentication timed out.\n\nAll users of openssh should upgrade to these updated packages, which\ncontain patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/026459.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/026468.html\n\n**Affected packages:**\nopenssh\nopenssh-askpass\nopenssh-askpass-gnome\nopenssh-clients\nopenssh-server\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0703.html", "edition": 4, "modified": "2007-11-15T19:13:57", "published": "2007-11-15T15:52:23", "href": "http://lists.centos.org/pipermail/centos-announce/2007-November/026459.html", "id": "CESA-2007:0703", "title": "openssh security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-12-20T18:25:06", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1716", "CVE-2007-3102"], "description": "**CentOS Errata and Security Advisory** CESA-2007:0737\n\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs that handle authentication.\n\nA flaw was found in the way pam_console set console device permissions. It\nwas possible for various console devices to retain ownership of the console\nuser after logging out, possibly leaking information to another local user.\n(CVE-2007-1716)\n\nA flaw was found in the way the PAM library wrote account names to the\naudit subsystem. An attacker could inject strings containing parts of audit\nmessages, which could possibly mislead or confuse audit log parsing tools.\n(CVE-2007-3102)\n\nAs well, these updated packages fix the following bugs:\n\n* the pam_xauth module, which is used for copying the X11 authentication\ncookie, did not reset the \"XAUTHORITY\" variable in certain circumstances,\ncausing unnecessary delays when using su command.\n\n* when calculating password similarity, pam_cracklib disregarded changes\nto the last character in passwords when \"difok=x\" (where \"x\" is the\nnumber of characters required to change) was configured in\n\"/etc/pam.d/system-auth\". This resulted in password changes that should\nhave been successful to fail with the following error:\n\nBAD PASSWORD: is too similar to the old one\n\nThis issue has been resolved in these updated packages.\n\n* the pam_limits module, which provides setting up system resources limits\nfor user sessions, reset the nice priority of the user session to \"0\" if it\nwas not configured otherwise in the \"/etc/security/limits.conf\"\nconfiguration file.\n\nThese updated packages add the following enhancement:\n\n* a new PAM module, pam_tally2, which allows accounts to be locked after a\nmaximum number of failed log in attempts.\n\nAll users of PAM should upgrade to these updated packages, which resolve\nthese issues and add this enhancement.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/026463.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/026484.html\n\n**Affected packages:**\npam\npam-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0737.html", "edition": 4, "modified": "2007-11-16T06:19:32", "published": "2007-11-15T17:15:52", "href": "http://lists.centos.org/pipermail/centos-announce/2007-November/026463.html", "id": "CESA-2007:0737", "title": "pam security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:35:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5052", "CVE-2007-3102"], "description": "Oracle Linux Local Security Checks ELSA-2007-0540", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122637", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122637", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2007-0540", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2007-0540.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122637\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:49:57 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2007-0540\");\n script_tag(name:\"insight\", value:\"ELSA-2007-0540 - openssh security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2007-0540\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2007-0540.html\");\n script_cve_id(\"CVE-2007-3102\", \"CVE-2006-5052\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~4.3p2~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssh-askpass\", rpm:\"openssh-askpass~4.3p2~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssh-clients\", rpm:\"openssh-clients~4.3p2~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"openssh-server\", rpm:\"openssh-server~4.3p2~24.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-25T10:56:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5052"], "description": "Check for the Version of openssh", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861170", "href": "http://plugins.openvas.org/nasl.php?oid=861170", "type": "openvas", "title": "Fedora Update for openssh FEDORA-2007-394", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssh FEDORA-2007-394\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SSH (Secure SHell) is a program for logging into and executing\n commands on a remote machine. SSH is intended to replace rlogin and\n rsh, and to provide secure encrypted communications between two\n untrusted hosts over an insecure network. X11 connections and\n arbitrary TCP/IP ports can also be forwarded over the secure channel.\n\n OpenSSH is OpenBSD's version of the last free version of SSH, bringing\n it up to date in terms of security and features, as well as removing\n all patented algorithms to separate libraries.\n \n This package includes the core files necessary for both the OpenSSH\n client and server. To make this package useful, you should also\n install openssh-clients, openssh-server, or both\";\n\ntag_affected = \"openssh on Fedora Core 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-April/msg00010.html\");\n script_id(861170);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:23:18 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2007-394\");\n script_cve_id(\"CVE-2006-5052\");\n script_name( \"Fedora Update for openssh FEDORA-2007-394\");\n\n script_summary(\"Check for the Version of openssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~4.3p2~19.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/openssh-debuginfo\", rpm:\"x86_64/debug/openssh-debuginfo~4.3p2~19.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/openssh\", rpm:\"x86_64/openssh~4.3p2~19.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/openssh-server\", rpm:\"x86_64/openssh-server~4.3p2~19.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/openssh-clients\", rpm:\"x86_64/openssh-clients~4.3p2~19.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/openssh-askpass\", rpm:\"x86_64/openssh-askpass~4.3p2~19.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/openssh\", rpm:\"i386/openssh~4.3p2~19.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/openssh-debuginfo\", rpm:\"i386/debug/openssh-debuginfo~4.3p2~19.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/openssh-askpass\", rpm:\"i386/openssh-askpass~4.3p2~19.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/openssh-clients\", rpm:\"i386/openssh-clients~4.3p2~19.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/openssh-server\", rpm:\"i386/openssh-server~4.3p2~19.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5052", "CVE-2006-5051"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200611-06.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:57919", "href": "http://plugins.openvas.org/nasl.php?oid=57919", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200611-06 (openssh)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several Denial of Service vulnerabilities have been identified in OpenSSH.\";\ntag_solution = \"All OpenSSH users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/openssh-4.4_p1-r5'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200611-06\nhttp://bugs.gentoo.org/show_bug.cgi?id=149502\nhttp://www.openssh.com/txt/release-4.4\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200611-06.\";\n\n \n\nif(description)\n{\n script_id(57919);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-5051\", \"CVE-2006-5052\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200611-06 (openssh)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-misc/openssh\", unaffected: make_list(\"ge 4.4_p1-r5\"), vulnerable: make_list(\"lt 4.4_p1-r5\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1716", "CVE-2007-3102"], "description": "Oracle Linux Local Security Checks ELSA-2007-0555", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122636", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122636", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2007-0555", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2007-0555.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122636\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:49:56 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2007-0555\");\n script_tag(name:\"insight\", value:\"ELSA-2007-0555 - pam security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2007-0555\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2007-0555.html\");\n script_cve_id(\"CVE-2007-1716\", \"CVE-2007-3102\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"pam\", rpm:\"pam~0.99.6.2~3.26.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"pam-devel\", rpm:\"pam-devel~0.99.6.2~3.26.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-25T10:56:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4752", "CVE-2007-3102"], "description": "Check for the Version of openssh", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861012", "href": "http://plugins.openvas.org/nasl.php?oid=861012", "type": "openvas", "title": "Fedora Update for openssh FEDORA-2007-715", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssh FEDORA-2007-715\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SSH (Secure SHell) is a program for logging into and executing\n commands on a remote machine. SSH is intended to replace rlogin and\n rsh, and to provide secure encrypted communications between two\n untrusted hosts over an insecure network. X11 connections and\n arbitrary TCP/IP ports can also be forwarded over the secure channel.\n\n OpenSSH is OpenBSD's version of the last free version of SSH, bringing\n it up to date in terms of security and features, as well as removing\n all patented algorithms to separate libraries.\n \n This package includes the core files necessary for both the OpenSSH\n client and server. To make this package useful, you should also\n install openssh-clients, openssh-server, or both\";\n\ntag_affected = \"openssh on Fedora Core 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html\");\n script_id(861012);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2007-715\");\n script_cve_id(\"CVE-2007-4752\", \"CVE-2007-3102\");\n script_name( \"Fedora Update for openssh FEDORA-2007-715\");\n\n script_summary(\"Check for the Version of openssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC6\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~4.3p2~25.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/openssh\", rpm:\"x86_64/openssh~4.3p2~25.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/openssh-clients\", rpm:\"x86_64/openssh-clients~4.3p2~25.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/openssh-askpass\", rpm:\"x86_64/openssh-askpass~4.3p2~25.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/openssh-server\", rpm:\"x86_64/openssh-server~4.3p2~25.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/openssh-debuginfo\", rpm:\"x86_64/debug/openssh-debuginfo~4.3p2~25.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/openssh-askpass\", rpm:\"i386/openssh-askpass~4.3p2~25.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/openssh-debuginfo\", rpm:\"i386/debug/openssh-debuginfo~4.3p2~25.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/openssh\", rpm:\"i386/openssh~4.3p2~25.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/openssh-server\", rpm:\"i386/openssh-server~4.3p2~25.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/openssh-clients\", rpm:\"i386/openssh-clients~4.3p2~25.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5052", "CVE-2006-5051", "CVE-2006-4924"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-272-02.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:57492", "href": "http://plugins.openvas.org/nasl.php?oid=57492", "type": "openvas", "title": "Slackware Advisory SSA:2006-272-02 openssh", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_272_02.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, and -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-272-02.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-272-02\";\n \nif(description)\n{\n script_id(57492);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2006-272-02 openssh \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i386-1_slack8.1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5052", "CVE-2006-5051", "CVE-2006-4924"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-272-02.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231057492", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231057492", "type": "openvas", "title": "Slackware Advisory SSA:2006-272-02 openssh", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_272_02.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.57492\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2006-272-02 openssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(8\\.1|9\\.0|9\\.1|10\\.0|10\\.1|10\\.2)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-272-02\");\n\n script_tag(name:\"insight\", value:\"New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, and -current to fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2006-272-02.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i386-1_slack8.1\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i386-1_slack9.0\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-26T08:56:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5052", "CVE-2006-4925", "CVE-2006-5051", "CVE-2006-4924"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssh\n openssh-askpass\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5019505 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65248", "href": "http://plugins.openvas.org/nasl.php?oid=65248", "type": "openvas", "title": "SLES9: Security update for OpenSSH", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5019505.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for OpenSSH\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssh\n openssh-askpass\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5019505 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65248);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-4925\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for OpenSSH\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~4.1p1~11.28\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5052", "CVE-2006-4925", "CVE-2006-5051", "CVE-2006-4924"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssh\n openssh-askpass\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5019505 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065248", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065248", "type": "openvas", "title": "SLES9: Security update for OpenSSH", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5019505.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for OpenSSH\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssh\n openssh-askpass\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5019505 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65248\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-4925\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for OpenSSH\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~4.1p1~11.28\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5052", "CVE-2006-5051", "CVE-2006-5794", "CVE-2006-4924"], "description": "Check for the Version of openssh", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861319", "href": "http://plugins.openvas.org/nasl.php?oid=861319", "type": "openvas", "title": "Fedora Update for openssh FEDORA-2007-395", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssh FEDORA-2007-395\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SSH (Secure SHell) is a program for logging into and executing\n commands on a remote machine. SSH is intended to replace rlogin and\n rsh, and to provide secure encrypted communications between two\n untrusted hosts over an insecure network. X11 connections and\n arbitrary TCP/IP ports can also be forwarded over the secure channel.\n\n OpenSSH is OpenBSD's version of the last free version of SSH, bringing\n it up to date in terms of security and features, as well as removing\n all patented algorithms to separate libraries.\n \n This package includes the core files necessary for both the OpenSSH\n client and server. To make this package useful, you should also\n install openssh-clients, openssh-server, or both\";\n\ntag_affected = \"openssh on Fedora Core 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-April/msg00011.html\");\n script_id(861319);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:23:18 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-395\");\n script_cve_id(\"CVE-2006-5052\", \"CVE-2006-5794\", \"CVE-2006-4924\", \"CVE-2006-5051\");\n script_name( \"Fedora Update for openssh FEDORA-2007-395\");\n\n script_summary(\"Check for the Version of openssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/openssh\", rpm:\"x86_64/openssh~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/openssh-server\", rpm:\"x86_64/openssh-server~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/openssh-clients\", rpm:\"x86_64/openssh-clients~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/openssh-askpass\", rpm:\"x86_64/openssh-askpass~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/openssh-debuginfo\", rpm:\"x86_64/debug/openssh-debuginfo~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/openssh-server\", rpm:\"i386/openssh-server~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/openssh-askpass\", rpm:\"i386/openssh-askpass~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/openssh-clients\", rpm:\"i386/openssh-clients~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/openssh-debuginfo\", rpm:\"i386/debug/openssh-debuginfo~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/openssh\", rpm:\"i386/openssh~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:57", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5052", "CVE-2007-3102"], "description": "[3.9p1-8.RHEL4.24]\n- return correct exit status on failed write on sftp batch mode (#247802)\n[3.9p1-8.RHEL4.23]\n- some more mem leaks fix in sftp (#240909)\n[3.9p1-8.RHEL4.22]\n- CVE-2007-3102 escape account name to prevent audit log injection (#248058)\n[3.9p1-8.RHEL4.21]\n- move pam session calls so pam_close_session is always called (#216689)\n- get canonical hostname for gssapi (#216854)\n- CVE-2006-5052 dont leak info about user existence with krb5 auth (#234643)\n- fix some memory leaks in sftp (#240909)\n- correctly kill sshd in initscript (#244655)\n- close unused ends of sockets so [pam] child is always terminated (#247440)", "edition": 4, "modified": "2007-11-27T00:00:00", "published": "2007-11-27T00:00:00", "id": "ELSA-2007-0703", "href": "http://linux.oracle.com/errata/ELSA-2007-0703.html", "title": "openssh security and bug fix update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:37:59", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5052", "CVE-2007-3102"], "description": "[4.3p2-24]\n- fixed audit log injection problem (CVE-2007-3102) (#248059)\n[4.3p2-23]\n- document where the nss certificate and token dbs are looked for\n[4.3p2-22]\n- experimental support for PKCS#11 tokens through libnss3 (#183423)\n[4.3p2-21]\n- fix an information leak in Kerberos password authentication (CVE-2006-5052)\n (#234638)\n- correctly setup context when empty level requested (#234951)\n[4.3p2-20]\n- and always request default level as returned by getseuserbyname (#231695)\n[4.3p2-19]\n- check requested level context against a context with the same role (#231695)\n[4.3p2-18]\n- reject connection if requested mls range is not obtained (#229278)\n[4.3p2-17]\n- allow selecting non-default roles and audit role changes (#227733)", "edition": 4, "modified": "2007-11-19T00:00:00", "published": "2007-11-19T00:00:00", "id": "ELSA-2007-0540", "href": "http://linux.oracle.com/errata/ELSA-2007-0540.html", "title": "openssh security and bug fix update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:50", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1716", "CVE-2007-3102"], "description": "[0.77-66.23]\n- pam_cracklib should count the last char when computing difference (#267201)\n[0.77-66.22]\n- add pam_tally2 module (#228044)\n- unset XAUTHORITY when appropriate (#228980)\n- CVE-2007-1716 always decrement use count (#230823)\n- reset priority only when specified in limits.conf (#232407)\n- CVE-2007-3102 prevent audit log injection through user name (#247797)", "edition": 4, "modified": "2007-11-27T00:00:00", "published": "2007-11-27T00:00:00", "id": "ELSA-2007-0737", "href": "http://linux.oracle.com/errata/ELSA-2007-0737.html", "title": "pam security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:39:16", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1716", "CVE-2007-3102"], "description": "[0.99.6.2-3.26]\n- removed realtime default limits (#240123) from the package as\n it caused regression on machines with nonexistent realtime group\n[0.99.6.2-3.25]\n- added and improved translations (#219124)\n- adjusted the default limits for realtime users (#240123)\n[0.99.6.2-3.23]\n- pam_unix: truncated MD5 passwords in shadow shouldn't match (#219258)\n- pam_limits: add limits.d support (#232700)\n- pam_limits, pam_time, pam_access: add auditing of failed logins (#232993)\n- pam_namespace: expand /home/ksharma even when appended with text (#237163)\n original patch by Ted X. Toth\n- add some default limits for users in realtime group (#240123)\n- CVE-2007-3102 - prevent audit log injection through user name (#243204)\n[0.99.6.2-3.22]\n- make unix_update helper executable only by root as it isn't\n useful for regular user anyway\n[0.99.6.2-3.21]\n- pam_namespace: better document behavior on failure (#237249)\n- pam_unix: split out passwd change to a new helper binary (#236316)\n[0.99.6.2-3.19]\n- pam_selinux: improve context change auditing (#234781)\n[0.99.6.2-3.18]\n- pam_console: always decrement use count (#233581)\n- pam_namespace: fix parsing config file with unknown users (#234513)\n[0.99.6.2-3.17]\n- pam_namespace: unmount poly dir for override users (#229689)\n- pam_namespace: use raw context for poly dir name (#227345)\n- pam_namespace: truncate long poly dir name (append hash) (#230120)\n[0.99.6.2-3.15]\n- correctly relabel tty in the default case (#229542)", "edition": 4, "modified": "2007-11-19T00:00:00", "published": "2007-11-19T00:00:00", "id": "ELSA-2007-0555", "href": "http://linux.oracle.com/errata/ELSA-2007-0555.html", "title": "pam security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:45:20", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5052", "CVE-2007-3102"], "description": "OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client and\nserver.\n\nA flaw was found in the way the ssh server wrote account names to the\naudit subsystem. An attacker could inject strings containing parts of audit\nmessages which could possibly mislead or confuse audit log parsing tools.\n(CVE-2007-3102)\n\nA flaw was found in the way the OpenSSH server processes GSSAPI\nauthentication requests. When GSSAPI authentication was enabled in OpenSSH\nserver, a remote attacker may have been able to determine if a username is\nvalid. (CVE-2006-5052)\n\nThe following bugs were also fixed:\n\n* the ssh daemon did not generate audit messages when an ssh session was\nclosed.\n\n* GSSAPI authentication sometimes failed on clusters using DNS or\nload-balancing.\n\n* the sftp client and server leaked small amounts of memory in some cases.\n\n* the sftp client didn't properly exit and return non-zero status in batch\nmode when the destination disk drive was full.\n\n* when restarting the ssh daemon with the initscript, the ssh daemon was\nsometimes not restarted successfully because the old running ssh daemon was\nnot properly killed.\n\n* with challenge/response authentication enabled, the pam sub-process was\nnot terminated if the user authentication timed out.\n\nAll users of openssh should upgrade to these updated packages, which\ncontain patches to correct these issues.", "modified": "2017-09-08T11:51:05", "published": "2007-11-15T05:00:00", "id": "RHSA-2007:0703", "href": "https://access.redhat.com/errata/RHSA-2007:0703", "type": "redhat", "title": "(RHSA-2007:0703) Moderate: openssh security and bug fix update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:54", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1716", "CVE-2007-3102"], "description": "Pluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs that handle authentication.\n\nA flaw was found in the way pam_console set console device permissions. It\nwas possible for various console devices to retain ownership of the console\nuser after logging out, possibly leaking information to another local user.\n(CVE-2007-1716)\n\nA flaw was found in the way the PAM library wrote account names to the\naudit subsystem. An attacker could inject strings containing parts of audit\nmessages, which could possibly mislead or confuse audit log parsing tools.\n(CVE-2007-3102)\n\nAs well, these updated packages fix the following bugs:\n\n* the pam_xauth module, which is used for copying the X11 authentication\ncookie, did not reset the \"XAUTHORITY\" variable in certain circumstances,\ncausing unnecessary delays when using su command.\n\n* when calculating password similarity, pam_cracklib disregarded changes\nto the last character in passwords when \"difok=x\" (where \"x\" is the\nnumber of characters required to change) was configured in\n\"/etc/pam.d/system-auth\". This resulted in password changes that should\nhave been successful to fail with the following error:\n\nBAD PASSWORD: is too similar to the old one\n\nThis issue has been resolved in these updated packages.\n\n* the pam_limits module, which provides setting up system resources limits\nfor user sessions, reset the nice priority of the user session to \"0\" if it\nwas not configured otherwise in the \"/etc/security/limits.conf\"\nconfiguration file.\n\nThese updated packages add the following enhancement:\n\n* a new PAM module, pam_tally2, which allows accounts to be locked after a\nmaximum number of failed log in attempts.\n\nAll users of PAM should upgrade to these updated packages, which resolve\nthese issues and add this enhancement.", "modified": "2017-09-08T11:51:35", "published": "2007-11-15T05:00:00", "id": "RHSA-2007:0737", "href": "https://access.redhat.com/errata/RHSA-2007:0737", "type": "redhat", "title": "(RHSA-2007:0737) Moderate: pam security, bug fix, and enhancement update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:44:42", "bulletinFamily": "unix", "cvelist": ["CVE-2007-1716", "CVE-2007-3102"], "description": "Pluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs that handle authentication.\n\nA flaw was found in the way pam_console set console device permissions. It\nwas possible for various console devices to retain ownership of the console\nuser after logging out, possibly leaking information to another local user.\n(CVE-2007-1716)\n\nA flaw was found in the way the PAM library wrote account names to the\naudit subsystem. An attacker could inject strings containing parts of audit\nmessages which could possibly mislead or confuse audit log parsing tools.\n(CVE-2007-3102)\n\nAs well, these updated packages fix the following bugs:\n\n* truncated MD5-hashed passwords in \"/etc/shadow\" were treated as valid, \nresulting in insecure and invalid passwords.\n\n* the pam_namespace module did not convert context names to raw format and\ndid not unmount polyinstantiated directories in some cases. It also crashed\nwhen an unknown user name was used in \"/etc/security/namespace.conf\", the\npam_namespace configuration file.\n\n* the pam_selinux module was not relabeling the controlling tty correctly,\nand in some cases it did not send complete information about user role and\nlevel change to the audit subsystem.\n\nThese updated packages add the following enhancements:\n\n* pam_limits module now supports parsing additional config files placed\ninto the /etc/security/limits.d/ directory. These files are read after the\nmain configuration file.\n\n* the modules pam_limits, pam_access, and pam_time now send a message to\nthe audit subsystem when a user is denied access based on the number of\nlogin sessions, origin of user, and time of login.\n\n* pam_unix module security properties were improved. Functionality in the\nsetuid helper binary, unix_chkpwd, which was not required for user\nauthentication, was moved to a new non-setuid helper binary, unix_update.\n\nAll users of PAM should upgrade to these updated packages, which resolve\nthese issues and add these enhancements.", "modified": "2017-09-08T11:55:43", "published": "2007-11-07T05:00:00", "id": "RHSA-2007:0555", "href": "https://access.redhat.com/errata/RHSA-2007:0555", "type": "redhat", "title": "(RHSA-2007:0555) Moderate: pam security, bug fix, and enhancement update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-17T13:05:51", "description": "Updated openssh packages that fix two security issues and various bugs\nare now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client\nand server.\n\nA flaw was found in the way the ssh server wrote account names to the\naudit subsystem. An attacker could inject strings containing parts of\naudit messages which could possibly mislead or confuse audit log\nparsing tools. (CVE-2007-3102)\n\nA flaw was found in the way the OpenSSH server processes GSSAPI\nauthentication requests. When GSSAPI authentication was enabled in\nOpenSSH server, a remote attacker may have been able to determine if a\nusername is valid. (CVE-2006-5052)\n\nThe following bugs were also fixed :\n\n* the ssh daemon did not generate audit messages when an ssh session\nwas closed.\n\n* GSSAPI authentication sometimes failed on clusters using DNS or\nload-balancing.\n\n* the sftp client and server leaked small amounts of memory in some\ncases.\n\n* the sftp client didn't properly exit and return non-zero status in\nbatch mode when the destination disk drive was full.\n\n* when restarting the ssh daemon with the initscript, the ssh daemon\nwas sometimes not restarted successfully because the old running ssh\ndaemon was not properly killed.\n\n* with challenge/response authentication enabled, the pam sub-process\nwas not terminated if the user authentication timed out.\n\nAll users of openssh should upgrade to these updated packages, which\ncontain patches to correct these issues.", "edition": 28, "published": "2007-11-16T00:00:00", "title": "RHEL 4 : openssh (RHSA-2007:0703)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5052", "CVE-2007-3102"], "modified": "2007-11-16T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:openssh-askpass-gnome", "p-cpe:/a:redhat:enterprise_linux:openssh", "p-cpe:/a:redhat:enterprise_linux:openssh-askpass", "p-cpe:/a:redhat:enterprise_linux:openssh-clients", "p-cpe:/a:redhat:enterprise_linux:openssh-server"], "id": "REDHAT-RHSA-2007-0703.NASL", "href": "https://www.tenable.com/plugins/nessus/28237", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0703. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28237);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-5052\", \"CVE-2007-3102\");\n script_bugtraq_id(20245);\n script_xref(name:\"RHSA\", value:\"2007:0703\");\n\n script_name(english:\"RHEL 4 : openssh (RHSA-2007:0703)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssh packages that fix two security issues and various bugs\nare now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client\nand server.\n\nA flaw was found in the way the ssh server wrote account names to the\naudit subsystem. An attacker could inject strings containing parts of\naudit messages which could possibly mislead or confuse audit log\nparsing tools. (CVE-2007-3102)\n\nA flaw was found in the way the OpenSSH server processes GSSAPI\nauthentication requests. When GSSAPI authentication was enabled in\nOpenSSH server, a remote attacker may have been able to determine if a\nusername is valid. (CVE-2006-5052)\n\nThe following bugs were also fixed :\n\n* the ssh daemon did not generate audit messages when an ssh session\nwas closed.\n\n* GSSAPI authentication sometimes failed on clusters using DNS or\nload-balancing.\n\n* the sftp client and server leaked small amounts of memory in some\ncases.\n\n* the sftp client didn't properly exit and return non-zero status in\nbatch mode when the destination disk drive was full.\n\n* when restarting the ssh daemon with the initscript, the ssh daemon\nwas sometimes not restarted successfully because the old running ssh\ndaemon was not properly killed.\n\n* with challenge/response authentication enabled, the pam sub-process\nwas not terminated if the user authentication timed out.\n\nAll users of openssh should upgrade to these updated packages, which\ncontain patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-5052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0703\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0703\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"openssh-3.9p1-8.RHEL4.24\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openssh-askpass-3.9p1-8.RHEL4.24\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openssh-askpass-gnome-3.9p1-8.RHEL4.24\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openssh-clients-3.9p1-8.RHEL4.24\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openssh-server-3.9p1-8.RHEL4.24\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-askpass-gnome / openssh-clients / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-06T09:25:10", "description": "Updated openssh packages that fix two security issues and various bugs\nare now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client\nand server.\n\nA flaw was found in the way the ssh server wrote account names to the\naudit subsystem. An attacker could inject strings containing parts of\naudit messages which could possibly mislead or confuse audit log\nparsing tools. (CVE-2007-3102)\n\nA flaw was found in the way the OpenSSH server processes GSSAPI\nauthentication requests. When GSSAPI authentication was enabled in\nOpenSSH server, a remote attacker may have been able to determine if a\nusername is valid. (CVE-2006-5052)\n\nThe following bugs were also fixed :\n\n* the ssh daemon did not generate audit messages when an ssh session\nwas closed.\n\n* GSSAPI authentication sometimes failed on clusters using DNS or\nload-balancing.\n\n* the sftp client and server leaked small amounts of memory in some\ncases.\n\n* the sftp client didn't properly exit and return non-zero status in\nbatch mode when the destination disk drive was full.\n\n* when restarting the ssh daemon with the initscript, the ssh daemon\nwas sometimes not restarted successfully because the old running ssh\ndaemon was not properly killed.\n\n* with challenge/response authentication enabled, the pam sub-process\nwas not terminated if the user authentication timed out.\n\nAll users of openssh should upgrade to these updated packages, which\ncontain patches to correct these issues.", "edition": 27, "published": "2013-06-29T00:00:00", "title": "CentOS 4 : openssh (CESA-2007:0703)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5052", "CVE-2007-3102"], "modified": "2013-06-29T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssh", "p-cpe:/a:centos:centos:openssh-server", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:openssh-clients", "p-cpe:/a:centos:centos:openssh-askpass", "p-cpe:/a:centos:centos:openssh-askpass-gnome"], "id": "CENTOS_RHSA-2007-0703.NASL", "href": "https://www.tenable.com/plugins/nessus/67053", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0703 and \n# CentOS Errata and Security Advisory 2007:0703 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67053);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-5052\", \"CVE-2007-3102\");\n script_bugtraq_id(20245);\n script_xref(name:\"RHSA\", value:\"2007:0703\");\n\n script_name(english:\"CentOS 4 : openssh (CESA-2007:0703)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssh packages that fix two security issues and various bugs\nare now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client\nand server.\n\nA flaw was found in the way the ssh server wrote account names to the\naudit subsystem. An attacker could inject strings containing parts of\naudit messages which could possibly mislead or confuse audit log\nparsing tools. (CVE-2007-3102)\n\nA flaw was found in the way the OpenSSH server processes GSSAPI\nauthentication requests. When GSSAPI authentication was enabled in\nOpenSSH server, a remote attacker may have been able to determine if a\nusername is valid. (CVE-2006-5052)\n\nThe following bugs were also fixed :\n\n* the ssh daemon did not generate audit messages when an ssh session\nwas closed.\n\n* GSSAPI authentication sometimes failed on clusters using DNS or\nload-balancing.\n\n* the sftp client and server leaked small amounts of memory in some\ncases.\n\n* the sftp client didn't properly exit and return non-zero status in\nbatch mode when the destination disk drive was full.\n\n* when restarting the ssh daemon with the initscript, the ssh daemon\nwas sometimes not restarted successfully because the old running ssh\ndaemon was not properly killed.\n\n* with challenge/response authentication enabled, the pam sub-process\nwas not terminated if the user authentication timed out.\n\nAll users of openssh should upgrade to these updated packages, which\ncontain patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-November/014421.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cf455c0d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openssh-3.9p1-8.RHEL4.24\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openssh-askpass-3.9p1-8.RHEL4.24\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openssh-askpass-gnome-3.9p1-8.RHEL4.24\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openssh-clients-3.9p1-8.RHEL4.24\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openssh-server-3.9p1-8.RHEL4.24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-askpass-gnome / openssh-clients / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T13:05:50", "description": "Updated openssh packages that fix a security issue and various bugs\nare now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client\nand server.\n\nA flaw was found in the way the ssh server wrote account names to the\naudit subsystem. An attacker could inject strings containing parts of\naudit messages, which could possibly mislead or confuse audit log\nparsing tools. (CVE-2007-3102)\n\nA flaw was found in the way the OpenSSH server processes GSSAPI\nauthentication requests. When GSSAPI authentication was enabled in the\nOpenSSH server, a remote attacker was potentially able to determine if\na username is valid. (CVE-2006-5052)\n\nThe following bugs in SELinux MLS (Multi-Level Security) support has\nalso been fixed in this update :\n\n* It was sometimes not possible to select a SELinux role and level\nwhen logging in using ssh.\n\n* If the user obtained a non-default SELinux role or level, the role\nchange was not recorded in the audit subsystem.\n\n* In some cases, on labeled networks, sshd allowed logins from level\nranges it should not allow.\n\nThe updated packages also contain experimental support for using\nprivate keys stored in PKCS#11 tokens for client authentication. The\nsupport is provided through the NSS (Network Security Services)\nlibrary.\n\nAll users of openssh should upgrade to these updated packages, which\ncontain patches to correct these issues.", "edition": 28, "published": "2007-11-08T00:00:00", "title": "RHEL 5 : openssh (RHSA-2007:0540)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5052", "CVE-2007-3102"], "modified": "2007-11-08T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:openssh", "p-cpe:/a:redhat:enterprise_linux:openssh-askpass", "p-cpe:/a:redhat:enterprise_linux:openssh-clients", "p-cpe:/a:redhat:enterprise_linux:openssh-server"], "id": "REDHAT-RHSA-2007-0540.NASL", "href": "https://www.tenable.com/plugins/nessus/27829", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0540. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27829);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-5052\", \"CVE-2007-3102\");\n script_bugtraq_id(20245);\n script_xref(name:\"RHSA\", value:\"2007:0540\");\n\n script_name(english:\"RHEL 5 : openssh (RHSA-2007:0540)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssh packages that fix a security issue and various bugs\nare now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client\nand server.\n\nA flaw was found in the way the ssh server wrote account names to the\naudit subsystem. An attacker could inject strings containing parts of\naudit messages, which could possibly mislead or confuse audit log\nparsing tools. (CVE-2007-3102)\n\nA flaw was found in the way the OpenSSH server processes GSSAPI\nauthentication requests. When GSSAPI authentication was enabled in the\nOpenSSH server, a remote attacker was potentially able to determine if\na username is valid. (CVE-2006-5052)\n\nThe following bugs in SELinux MLS (Multi-Level Security) support has\nalso been fixed in this update :\n\n* It was sometimes not possible to select a SELinux role and level\nwhen logging in using ssh.\n\n* If the user obtained a non-default SELinux role or level, the role\nchange was not recorded in the audit subsystem.\n\n* In some cases, on labeled networks, sshd allowed logins from level\nranges it should not allow.\n\nThe updated packages also contain experimental support for using\nprivate keys stored in PKCS#11 tokens for client authentication. The\nsupport is provided through the NSS (Network Security Services)\nlibrary.\n\nAll users of openssh should upgrade to these updated packages, which\ncontain patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-5052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0540\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0540\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openssh-4.3p2-24.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openssh-4.3p2-24.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openssh-4.3p2-24.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openssh-askpass-4.3p2-24.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openssh-askpass-4.3p2-24.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openssh-askpass-4.3p2-24.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openssh-clients-4.3p2-24.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openssh-clients-4.3p2-24.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openssh-clients-4.3p2-24.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"openssh-server-4.3p2-24.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"openssh-server-4.3p2-24.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"openssh-server-4.3p2-24.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-clients / openssh-server\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T13:43:48", "description": "A flaw was found in the way the ssh server wrote account names to the\naudit subsystem. An attacker could inject strings containing parts of\naudit messages which could possibly mislead or confuse audit log\nparsing tools. (CVE-2007-3102)\n\nA flaw was found in the way the OpenSSH server processes GSSAPI\nauthentication requests. When GSSAPI authentication was enabled in\nOpenSSH server, a remote attacker may have been able to determine if a\nusername is valid. (CVE-2006-5052)\n\nThe following bugs were also fixed :\n\n - the ssh daemon did not generate audit messages when an\n ssh session was closed.\n\n - GSSAPI authentication sometimes failed on clusters using\n DNS or load-balancing.\n\n - the sftp client and server leaked small amounts of\n memory in some cases.\n\n - the sftp client didn't properly exit and return non-zero\n status in batch mode when the destination disk drive was\n full.\n\n - when restarting the ssh daemon with the initscript, the\n ssh daemon was sometimes not restarted successfully\n because the old running ssh daemon was not properly\n killed.\n\n - with challenge/response authentication enabled, the pam\n sub-process was not terminated if the user\n authentication timed out.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : openssh on SL4.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5052", "CVE-2007-3102"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20071115_OPENSSH_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60306", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60306);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-5052\", \"CVE-2007-3102\");\n\n script_name(english:\"Scientific Linux Security Update : openssh on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way the ssh server wrote account names to the\naudit subsystem. An attacker could inject strings containing parts of\naudit messages which could possibly mislead or confuse audit log\nparsing tools. (CVE-2007-3102)\n\nA flaw was found in the way the OpenSSH server processes GSSAPI\nauthentication requests. When GSSAPI authentication was enabled in\nOpenSSH server, a remote attacker may have been able to determine if a\nusername is valid. (CVE-2006-5052)\n\nThe following bugs were also fixed :\n\n - the ssh daemon did not generate audit messages when an\n ssh session was closed.\n\n - GSSAPI authentication sometimes failed on clusters using\n DNS or load-balancing.\n\n - the sftp client and server leaked small amounts of\n memory in some cases.\n\n - the sftp client didn't properly exit and return non-zero\n status in batch mode when the destination disk drive was\n full.\n\n - when restarting the ssh daemon with the initscript, the\n ssh daemon was sometimes not restarted successfully\n because the old running ssh daemon was not properly\n killed.\n\n - with challenge/response authentication enabled, the pam\n sub-process was not terminated if the user\n authentication timed out.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0711&L=scientific-linux-errata&T=0&P=3964\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?613435bd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"openssh-3.9p1-8.RHEL4.24\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"openssh-askpass-3.9p1-8.RHEL4.24\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"openssh-askpass-gnome-3.9p1-8.RHEL4.24\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"openssh-clients-3.9p1-8.RHEL4.24\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"openssh-server-3.9p1-8.RHEL4.24\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T13:43:47", "description": "Problem description :\n\nA flaw was found in the way the ssh server wrote account names to the\naudit subsystem. An attacker could inject strings containing parts of\naudit messages, which could possibly mislead or confuse audit log\nparsing tools. (CVE-2007-3102)\n\nA flaw was found in the way the OpenSSH server processes GSSAPI\nauthentication requests. When GSSAPI authentication was enabled in the\nOpenSSH server, a remote attacker was potentially able to determine if\na username is valid. (CVE-2006-5052)\n\nThe following bugs in SELinux MLS (Multi-Level Security) support has\nalso been fixed in this update :\n\n - It was sometimes not possible to select a SELinux role\n and level when logging in using ssh.\n\n - If the user obtained a non-default SELinux role or\n level, the role change was not recorded in the audit\n subsystem.\n\n - In some cases, on labeled networks, sshd allowed logins\n from level ranges it should not allow.\n\nThe updated packages also contain experimental support for using\nprivate keys stored in PKCS#11 tokens for client authentication. The\nsupport is provided through the NSS (Network Security Services)\nlibrary.", "edition": 24, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : openssh on SL5.x", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5052", "CVE-2007-3102"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20071109_OPENSSH_ON_SL5.NASL", "href": "https://www.tenable.com/plugins/nessus/60296", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60296);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-5052\", \"CVE-2007-3102\");\n\n script_name(english:\"Scientific Linux Security Update : openssh on SL5.x\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Problem description :\n\nA flaw was found in the way the ssh server wrote account names to the\naudit subsystem. An attacker could inject strings containing parts of\naudit messages, which could possibly mislead or confuse audit log\nparsing tools. (CVE-2007-3102)\n\nA flaw was found in the way the OpenSSH server processes GSSAPI\nauthentication requests. When GSSAPI authentication was enabled in the\nOpenSSH server, a remote attacker was potentially able to determine if\na username is valid. (CVE-2006-5052)\n\nThe following bugs in SELinux MLS (Multi-Level Security) support has\nalso been fixed in this update :\n\n - It was sometimes not possible to select a SELinux role\n and level when logging in using ssh.\n\n - If the user obtained a non-default SELinux role or\n level, the role change was not recorded in the audit\n subsystem.\n\n - In some cases, on labeled networks, sshd allowed logins\n from level ranges it should not allow.\n\nThe updated packages also contain experimental support for using\nprivate keys stored in PKCS#11 tokens for client authentication. The\nsupport is provided through the NSS (Network Security Services)\nlibrary.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0711&L=scientific-linux-errata&T=0&P=884\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f5551c6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"openssh-4.3p2-24.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssh-askpass-4.3p2-24.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssh-clients-4.3p2-24.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openssh-server-4.3p2-24.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:06:11", "description": " - Fri Mar 30 2007 Miloslav Trmac <mitr at redhat.com> -\n 4.3p2-19\n\n - Fix an information leak in Kerberos password\n authentication (CVE-2006-5052) Resolves: #234640\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "published": "2007-04-05T00:00:00", "title": "Fedora Core 6 : openssh-4.3p2-19.fc6 (2007-394)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5052"], "modified": "2007-04-05T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora_core:6", "p-cpe:/a:fedoraproject:fedora:openssh-debuginfo", "p-cpe:/a:fedoraproject:fedora:openssh-askpass", "p-cpe:/a:fedoraproject:fedora:openssh", "p-cpe:/a:fedoraproject:fedora:openssh-clients", "p-cpe:/a:fedoraproject:fedora:openssh-server"], "id": "FEDORA_2007-394.NASL", "href": "https://www.tenable.com/plugins/nessus/24925", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-394.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24925);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2007-394\");\n\n script_name(english:\"Fedora Core 6 : openssh-4.3p2-19.fc6 (2007-394)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Mar 30 2007 Miloslav Trmac <mitr at redhat.com> -\n 4.3p2-19\n\n - Fix an information leak in Kerberos password\n authentication (CVE-2006-5052) Resolves: #234640\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-April/001634.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3a3414bf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 6.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC6\", reference:\"openssh-4.3p2-19.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"openssh-askpass-4.3p2-19.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"openssh-clients-4.3p2-19.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"openssh-debuginfo-4.3p2-19.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"openssh-server-4.3p2-19.fc6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-clients / openssh-debuginfo / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-03-01T04:56:13", "description": "According to its banner, the version of OpenSSH installed on the\nremote host is affected by multiple vulnerabilities :\n\n - A race condition exists that may allow an\n unauthenticated, remote attacker to crash the service \n or, on portable OpenSSH, possibly execute code on the \n affected host. Note that successful exploitation \n requires that GSSAPI authentication be enabled.\n \n - A flaw exists that may allow an attacker to determine \n the validity of usernames on some platforms. Note that \n this issue requires that GSSAPI authentication be \n enabled.\n\n - When SSH version 1 is used, an issue can be triggered \n via an SSH packet that contains duplicate blocks that \n could result in a loss of availability for the service.\n\n - On Fedora Core 6 (and possibly other systems), an\n unspecified vulnerability in the\n linux_audit_record_event() function allows remote\n attackers to inject incorrect information into\n audit logs.", "edition": 26, "published": "2006-09-28T00:00:00", "title": "OpenSSH < 4.4 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5052", "CVE-2006-4925", "CVE-2006-5229", "CVE-2006-5051", "CVE-2007-3102", "CVE-2008-4109", "CVE-2006-4924"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:openbsd:openssh"], "id": "OPENSSH_44.NASL", "href": "https://www.tenable.com/plugins/nessus/22466", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description) \n{\n script_id(22466);\n script_version(\"1.30\");\n script_cvs_date(\"Date: 2018/07/16 14:09:13\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-4925\", \"CVE-2006-5051\", \"CVE-2006-5052\", \"CVE-2006-5229\", \"CVE-2007-3102\", \"CVE-2008-4109\");\n script_bugtraq_id(20216, 20241, 20245);\n\n script_name(english:\"OpenSSH < 4.4 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version number of OpenSSH\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SSH server is affected by multiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of OpenSSH installed on the\nremote host is affected by multiple vulnerabilities :\n\n - A race condition exists that may allow an\n unauthenticated, remote attacker to crash the service \n or, on portable OpenSSH, possibly execute code on the \n affected host. Note that successful exploitation \n requires that GSSAPI authentication be enabled.\n \n - A flaw exists that may allow an attacker to determine \n the validity of usernames on some platforms. Note that \n this issue requires that GSSAPI authentication be \n enabled.\n\n - When SSH version 1 is used, an issue can be triggered \n via an SSH packet that contains duplicate blocks that \n could result in a loss of availability for the service.\n\n - On Fedora Core 6 (and possibly other systems), an\n unspecified vulnerability in the\n linux_audit_record_event() function allows remote\n attackers to inject incorrect information into\n audit logs.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssh.com/txt/release-4.4\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSH 4.4 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(264, 362, 399);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/09/28\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2006/09/28\");\n script_set_attribute(attribute:\"plugin_type\", value: \"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openbsd:openssh\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"ssh_detect.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n exit(0);\n}\n\ninclude(\"backport.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Ensure the port is open.\nport = get_service(svc:\"ssh\", exit_on_fail:TRUE);\n\n# Get banner for service.\nbanner = get_kb_item_or_exit(\"SSH/banner/\"+port);\n\nbp_banner = tolower(get_backport_banner(banner:banner));\nif (\"openssh\" >!< bp_banner) exit(0, \"The SSH service on port \"+port+\" is not OpenSSH.\");\nif (backported) exit(1, \"The banner from the OpenSSH server on port \"+port+\" indicates patches may have been backported.\");\n\nif (!get_kb_item(\"Settings/PCI_DSS\"))\n{\n auth = get_kb_item_or_exit(\"SSH/supportedauth/\" + port);\n if (\"gssapi\" >!< auth) exit(0, \"The SSH service on port \"+port+\" doesn't support GSSAPI.\");\n}\n\nif (bp_banner =~ \"openssh[-_]([0-3]\\.|4\\.[0-3]([^0-9]|$))\")\n security_hole(port);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:52:08", "description": "The remote host is affected by the vulnerability described in GLSA-200611-06\n(OpenSSH: Multiple Denial of Service vulnerabilities)\n\n Tavis Ormandy of the Google Security Team has discovered a\n pre-authentication vulnerability, causing sshd to spin until the login\n grace time has been expired. Mark Dowd found an unsafe signal handler\n that was vulnerable to a race condition. It has also been discovered\n that when GSSAPI authentication is enabled, GSSAPI will in certain\n cases incorrectly abort.\n \nImpact :\n\n The pre-authentication and signal handler vulnerabilities can cause a\n Denial of Service in OpenSSH. The vulnerability in the GSSAPI\n authentication abort could be used to determine the validity of\n usernames on some platforms.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2006-11-20T00:00:00", "title": "GLSA-200611-06 : OpenSSH: Multiple Denial of Service vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5052", "CVE-2006-5051"], "modified": "2006-11-20T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:openssh"], "id": "GENTOO_GLSA-200611-06.NASL", "href": "https://www.tenable.com/plugins/nessus/23671", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200611-06.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23671);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-5051\", \"CVE-2006-5052\");\n script_bugtraq_id(20241, 20245);\n script_xref(name:\"GLSA\", value:\"200611-06\");\n\n script_name(english:\"GLSA-200611-06 : OpenSSH: Multiple Denial of Service vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200611-06\n(OpenSSH: Multiple Denial of Service vulnerabilities)\n\n Tavis Ormandy of the Google Security Team has discovered a\n pre-authentication vulnerability, causing sshd to spin until the login\n grace time has been expired. Mark Dowd found an unsafe signal handler\n that was vulnerable to a race condition. It has also been discovered\n that when GSSAPI authentication is enabled, GSSAPI will in certain\n cases incorrectly abort.\n \nImpact :\n\n The pre-authentication and signal handler vulnerabilities can cause a\n Denial of Service in OpenSSH. The vulnerability in the GSSAPI\n authentication abort could be used to determine the validity of\n usernames on some platforms.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.openssh.com/txt/release-4.4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200611-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenSSH users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/openssh-4.4_p1-r5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/11/20\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/openssh\", unaffected:make_list(\"ge 4.4_p1-r5\"), vulnerable:make_list(\"lt 4.4_p1-r5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSH\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:25:11", "description": "Updated pam packages that fix two security flaws, resolve two bugs,\nand add an enhancement are now available for Red Hat Enterprise Linux\n4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs that handle authentication.\n\nA flaw was found in the way pam_console set console device\npermissions. It was possible for various console devices to retain\nownership of the console user after logging out, possibly leaking\ninformation to another local user. (CVE-2007-1716)\n\nA flaw was found in the way the PAM library wrote account names to the\naudit subsystem. An attacker could inject strings containing parts of\naudit messages, which could possibly mislead or confuse audit log\nparsing tools. (CVE-2007-3102)\n\nAs well, these updated packages fix the following bugs :\n\n* the pam_xauth module, which is used for copying the X11\nauthentication cookie, did not reset the 'XAUTHORITY' variable in\ncertain circumstances, causing unnecessary delays when using su\ncommand.\n\n* when calculating password similarity, pam_cracklib disregarded\nchanges to the last character in passwords when 'difok=x' (where 'x'\nis the number of characters required to change) was configured in\n'/etc/pam.d/system-auth'. This resulted in password changes that\nshould have been successful to fail with the following error :\n\nBAD PASSWORD: is too similar to the old one\n\nThis issue has been resolved in these updated packages.\n\n* the pam_limits module, which provides setting up system resources\nlimits for user sessions, reset the nice priority of the user session\nto '0' if it was not configured otherwise in the\n'/etc/security/limits.conf' configuration file.\n\nThese updated packages add the following enhancement :\n\n* a new PAM module, pam_tally2, which allows accounts to be locked\nafter a maximum number of failed log in attempts.\n\nAll users of PAM should upgrade to these updated packages, which\nresolve these issues and add this enhancement.", "edition": 27, "published": "2013-06-29T00:00:00", "title": "CentOS 4 : pam (CESA-2007:0737)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1716", "CVE-2007-3102"], "modified": "2013-06-29T00:00:00", "cpe": ["p-cpe:/a:centos:centos:pam-devel", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:pam"], "id": "CENTOS_RHSA-2007-0737.NASL", "href": "https://www.tenable.com/plugins/nessus/67055", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0737 and \n# CentOS Errata and Security Advisory 2007:0737 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67055);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-1716\", \"CVE-2007-3102\");\n script_xref(name:\"RHSA\", value:\"2007:0737\");\n\n script_name(english:\"CentOS 4 : pam (CESA-2007:0737)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pam packages that fix two security flaws, resolve two bugs,\nand add an enhancement are now available for Red Hat Enterprise Linux\n4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs that handle authentication.\n\nA flaw was found in the way pam_console set console device\npermissions. It was possible for various console devices to retain\nownership of the console user after logging out, possibly leaking\ninformation to another local user. (CVE-2007-1716)\n\nA flaw was found in the way the PAM library wrote account names to the\naudit subsystem. An attacker could inject strings containing parts of\naudit messages, which could possibly mislead or confuse audit log\nparsing tools. (CVE-2007-3102)\n\nAs well, these updated packages fix the following bugs :\n\n* the pam_xauth module, which is used for copying the X11\nauthentication cookie, did not reset the 'XAUTHORITY' variable in\ncertain circumstances, causing unnecessary delays when using su\ncommand.\n\n* when calculating password similarity, pam_cracklib disregarded\nchanges to the last character in passwords when 'difok=x' (where 'x'\nis the number of characters required to change) was configured in\n'/etc/pam.d/system-auth'. This resulted in password changes that\nshould have been successful to fail with the following error :\n\nBAD PASSWORD: is too similar to the old one\n\nThis issue has been resolved in these updated packages.\n\n* the pam_limits module, which provides setting up system resources\nlimits for user sessions, reset the nice priority of the user session\nto '0' if it was not configured otherwise in the\n'/etc/security/limits.conf' configuration file.\n\nThese updated packages add the following enhancement :\n\n* a new PAM module, pam_tally2, which allows accounts to be locked\nafter a maximum number of failed log in attempts.\n\nAll users of PAM should upgrade to these updated packages, which\nresolve these issues and add this enhancement.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-November/014425.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0270f38f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pam packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pam-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"pam-0.77-66.23\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"pam-devel-0.77-66.23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam / pam-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T13:05:51", "description": "Updated pam packages that fix two security flaws, resolve several\nbugs, and add enhancements are now available for Red Hat Enterprise\nLinux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs that handle authentication.\n\nA flaw was found in the way pam_console set console device\npermissions. It was possible for various console devices to retain\nownership of the console user after logging out, possibly leaking\ninformation to another local user. (CVE-2007-1716)\n\nA flaw was found in the way the PAM library wrote account names to the\naudit subsystem. An attacker could inject strings containing parts of\naudit messages which could possibly mislead or confuse audit log\nparsing tools. (CVE-2007-3102)\n\nAs well, these updated packages fix the following bugs :\n\n* truncated MD5-hashed passwords in '/etc/shadow' were treated as\nvalid, resulting in insecure and invalid passwords.\n\n* the pam_namespace module did not convert context names to raw format\nand did not unmount polyinstantiated directories in some cases. It\nalso crashed when an unknown user name was used in\n'/etc/security/namespace.conf', the pam_namespace configuration file.\n\n* the pam_selinux module was not relabeling the controlling tty\ncorrectly, and in some cases it did not send complete information\nabout user role and level change to the audit subsystem.\n\nThese updated packages add the following enhancements :\n\n* pam_limits module now supports parsing additional config files\nplaced into the /etc/security/limits.d/ directory. These files are\nread after the main configuration file.\n\n* the modules pam_limits, pam_access, and pam_time now send a message\nto the audit subsystem when a user is denied access based on the\nnumber of login sessions, origin of user, and time of login.\n\n* pam_unix module security properties were improved. Functionality in\nthe setuid helper binary, unix_chkpwd, which was not required for user\nauthentication, was moved to a new non-setuid helper binary,\nunix_update.\n\nAll users of PAM should upgrade to these updated packages, which\nresolve these issues and add these enhancements.", "edition": 28, "published": "2007-11-08T00:00:00", "title": "RHEL 5 : pam (RHSA-2007:0555)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1716", "CVE-2007-3102"], "modified": "2007-11-08T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:pam-devel", "p-cpe:/a:redhat:enterprise_linux:pam"], "id": "REDHAT-RHSA-2007-0555.NASL", "href": "https://www.tenable.com/plugins/nessus/27831", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0555. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27831);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1716\", \"CVE-2007-3102\");\n script_xref(name:\"RHSA\", value:\"2007:0555\");\n\n script_name(english:\"RHEL 5 : pam (RHSA-2007:0555)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pam packages that fix two security flaws, resolve several\nbugs, and add enhancements are now available for Red Hat Enterprise\nLinux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPluggable Authentication Modules (PAM) provide a system whereby\nadministrators can set up authentication policies without having to\nrecompile programs that handle authentication.\n\nA flaw was found in the way pam_console set console device\npermissions. It was possible for various console devices to retain\nownership of the console user after logging out, possibly leaking\ninformation to another local user. (CVE-2007-1716)\n\nA flaw was found in the way the PAM library wrote account names to the\naudit subsystem. An attacker could inject strings containing parts of\naudit messages which could possibly mislead or confuse audit log\nparsing tools. (CVE-2007-3102)\n\nAs well, these updated packages fix the following bugs :\n\n* truncated MD5-hashed passwords in '/etc/shadow' were treated as\nvalid, resulting in insecure and invalid passwords.\n\n* the pam_namespace module did not convert context names to raw format\nand did not unmount polyinstantiated directories in some cases. It\nalso crashed when an unknown user name was used in\n'/etc/security/namespace.conf', the pam_namespace configuration file.\n\n* the pam_selinux module was not relabeling the controlling tty\ncorrectly, and in some cases it did not send complete information\nabout user role and level change to the audit subsystem.\n\nThese updated packages add the following enhancements :\n\n* pam_limits module now supports parsing additional config files\nplaced into the /etc/security/limits.d/ directory. These files are\nread after the main configuration file.\n\n* the modules pam_limits, pam_access, and pam_time now send a message\nto the audit subsystem when a user is denied access based on the\nnumber of login sessions, origin of user, and time of login.\n\n* pam_unix module security properties were improved. Functionality in\nthe setuid helper binary, unix_chkpwd, which was not required for user\nauthentication, was moved to a new non-setuid helper binary,\nunix_update.\n\nAll users of PAM should upgrade to these updated packages, which\nresolve these issues and add these enhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0555\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pam and / or pam-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pam-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0555\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"pam-0.99.6.2-3.26.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"pam-devel-0.99.6.2-3.26.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pam / pam-devel\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:25", "bulletinFamily": "software", "cvelist": ["CVE-2006-5052"], "edition": 1, "description": "## Vulnerability Description\nOpenSSH, when configured to use GSSAPI authentication, is prone to a remote information disclosure weakness. The issue occurs due to the GSSAPI authentication routine responding differently to an attacker who lets the connection proceed normally versus aborting the connection prematurely. This different in the system's response allows an attacker to determine which accounts are valid.\n## Solution Description\nUpgrade to version 4.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nOpenSSH, when configured to use GSSAPI authentication, is prone to a remote information disclosure weakness. The issue occurs due to the GSSAPI authentication routine responding differently to an attacker who lets the connection proceed normally versus aborting the connection prematurely. This different in the system's response allows an attacker to determine which accounts are valid.\n## References:\nVendor Specific News/Changelog Entry: http://openssh.org/txt/release-4.4\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200611-06.xml)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Oct/0005.html)\n[Secunia Advisory ID:22183](https://secuniaresearch.flexerasoftware.com/advisories/22183/)\n[Secunia Advisory ID:22173](https://secuniaresearch.flexerasoftware.com/advisories/22173/)\n[Secunia Advisory ID:22236](https://secuniaresearch.flexerasoftware.com/advisories/22236/)\n[Secunia Advisory ID:22158](https://secuniaresearch.flexerasoftware.com/advisories/22158/)\n[Secunia Advisory ID:22495](https://secuniaresearch.flexerasoftware.com/advisories/22495/)\n[Secunia Advisory ID:22196](https://secuniaresearch.flexerasoftware.com/advisories/22196/)\n[Secunia Advisory ID:22823](https://secuniaresearch.flexerasoftware.com/advisories/22823/)\nRedHat RHSA: RHSA-2006:0698\nRedHat RHSA: RHSA-2006:0697\nOther Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc\n[CVE-2006-5052](https://vulners.com/cve/CVE-2006-5052)\n", "modified": "2006-09-29T00:00:00", "published": "2006-09-29T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:29266", "id": "OSVDB:29266", "title": "OpenSSH GSSAPI Authentication Abort Username Enumeration", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "cvelist": ["CVE-2007-3102"], "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:27235](https://secuniaresearch.flexerasoftware.com/advisories/27235/)\n[Secunia Advisory ID:27588](https://secuniaresearch.flexerasoftware.com/advisories/27588/)\n[Secunia Advisory ID:27590](https://secuniaresearch.flexerasoftware.com/advisories/27590/)\nRedHat RHSA: RHSA-2007:0703\nRedHat RHSA: RHSA-2007:0737\nRedHat RHSA: RHSA-2007:0540\nRedHat RHSA: RHSA-2007:0555\nOther Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html\nOther Advisory URL: https://bugzilla.redhat.com/show_bug.cgi?id=248059\nOther Advisory URL: http://www.redhat.com/support/errata/RHSA-2007-0703.html\nOther Advisory URL: http://www.redhat.com/support/errata/RHSA-2007-0737.html\nOther Advisory URL: http://www.redhat.com/support/errata/RHSA-2007-0555.html\n[CVE-2007-3102](https://vulners.com/cve/CVE-2007-3102)\nBugtraq ID: 26097\n", "edition": 1, "modified": "2007-07-12T18:08:58", "published": "2007-07-12T18:08:58", "href": "https://vulners.com/osvdb/OSVDB:39214", "id": "OSVDB:39214", "title": "OpenSSH linux_audit_record_event Crafted Username Audit Log Injection", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:17", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5052", "CVE-2006-5051"], "description": "### Background\n\nOpenSSH is a complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. \n\n### Description\n\nTavis Ormandy of the Google Security Team has discovered a pre-authentication vulnerability, causing sshd to spin until the login grace time has been expired. Mark Dowd found an unsafe signal handler that was vulnerable to a race condition. It has also been discovered that when GSSAPI authentication is enabled, GSSAPI will in certain cases incorrectly abort. \n\n### Impact\n\nThe pre-authentication and signal handler vulnerabilities can cause a Denial of Service in OpenSSH. The vulnerability in the GSSAPI authentication abort could be used to determine the validity of usernames on some platforms. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll OpenSSH users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/openssh-4.4_p1-r5\"", "edition": 1, "modified": "2006-11-13T00:00:00", "published": "2006-11-13T00:00:00", "id": "GLSA-200611-06", "href": "https://security.gentoo.org/glsa/200611-06", "type": "gentoo", "title": "OpenSSH: Multiple Denial of Service vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3102", "CVE-2007-4752"], "description": "SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries. This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. ", "modified": "2007-10-15T19:54:28", "published": "2007-10-15T19:54:28", "id": "FEDORA:L9FJSSNP014372", "href": "", "type": "fedora", "title": "[SECURITY] Fedora Core 6 Update: openssh-4.3p2-25.fc6", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:36:03", "bulletinFamily": "unix", "cvelist": ["CVE-2006-4924", "CVE-2006-5051", "CVE-2006-5052"], "description": "New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, and -current to fix security issues.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/openssh-4.4p1-i486-1_slack10.2.tgz:\n Upgraded to openssh-4.4p1.\n This fixes a few security related issues. From the release notes found at\n http://www.openssh.com/txt/release-4.4:\n * Fix a pre-authentication denial of service found by Tavis Ormandy,\n that would cause sshd(8) to spin until the login grace time\n expired.\n * Fix an unsafe signal hander reported by Mark Dowd. The signal\n handler was vulnerable to a race condition that could be exploited\n to perform a pre-authentication denial of service. On portable\n OpenSSH, this vulnerability could theoretically lead to\n pre-authentication remote code execution if GSSAPI authentication\n is enabled, but the likelihood of successful exploitation appears\n remote.\n * On portable OpenSSH, fix a GSSAPI authentication abort that could\n be used to determine the validity of usernames on some platforms.\n Links to the CVE entries will be found here:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052\n After this upgrade, make sure the permissions on /etc/rc.d/rc.sshd are set\n the way you want them. Future upgrades will respect the existing permissions\n settings. Thanks to Manuel Reimer for pointing out that upgrading openssh\n would enable a previously disabled sshd daemon.\n Do better checking of passwd, shadow, and group to avoid adding\n redundant entries to these files. Thanks to Menno Duursma.\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssh-4.4p1-i386-1_slack8.1.tgz\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssh-4.4p1-i386-1_slack9.0.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssh-4.4p1-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/openssh-4.4p1-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/openssh-4.4p1-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/openssh-4.4p1-i486-1_slack10.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-4.4p1-i486-1.tgz\n\n\n\nMD5 signatures:\n\nSlackware 8.1 package:\n0a42fb286fd722f019dfc5f167d69ced openssh-4.4p1-i386-1_slack8.1.tgz\n\nSlackware 9.0 package:\n92563664845d902251d7b19254b3dda1 openssh-4.4p1-i386-1_slack9.0.tgz\n\nSlackware 9.1 package:\n5814a00eefa0b1e1fe7673862525788e openssh-4.4p1-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\n24ce8b2013b8759a173e5ccd7db54289 openssh-4.4p1-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\ne7950e6a357871092514ce07051f055e openssh-4.4p1-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\nb8d2d67276a662de40d6adf9bfe00bce openssh-4.4p1-i486-1_slack10.2.tgz\n\nSlackware -current package:\n6f2c30b503db9685180af6f4a87eadcc openssh-4.4p1-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg openssh-4.4p1-i486-1_slack10.2.tgz\n\nIf you are running an sshd daemon, restart it:\n\nsh /etc/rc.d/rc.sshd restart", "modified": "2006-09-29T07:57:38", "published": "2006-09-29T07:57:38", "id": "SSA-2006-272-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566", "type": "slackware", "title": "[slackware-security] openssh", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:40:17", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5052", "CVE-2006-4925", "CVE-2006-5051", "CVE-2006-4924"], "description": "Several security problems were fixed in OpenSSH 4.4 and the bug fixes were back ported to the openssh versions in our products.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2006-10-20T14:30:36", "published": "2006-10-20T14:30:36", "id": "SUSE-SA:2006:062", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-10/msg00011.html", "type": "suse", "title": "remote denial of service in openssh", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
