Lucene search
UbuntuUSN-597-1HistoryApr 01, 2008 - 12:00 a.m.
OpenSSH vulnerability
2008-04-0100:00:00
ubuntu.com
29
7.5 High
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
14.3%
Releases
- Ubuntu 7.10
- Ubuntu 7.04
- Ubuntu 6.10
- Ubuntu 6.06
Packages
- openssh -
Details
Timo Juhani Lindfors discovered that the OpenSSH client, when port
forwarding was requested, would listen on any available address family.
A local attacker could exploit this flaw on systems with IPv6 enabled
to hijack connections, including X11 forwards.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 7.10 | noarch | openssh-client | <Β 1:4.6p1-5ubuntu0.2 | UNKNOWN |
| Ubuntu | 7.10 | noarch | openssh-client-udeb | <Β 1:4.6p1-5ubuntu0.2 | UNKNOWN |
| Ubuntu | 7.10 | noarch | openssh-server | <Β 1:4.6p1-5ubuntu0.2 | UNKNOWN |
| Ubuntu | 7.10 | noarch | openssh-server-udeb | <Β 1:4.6p1-5ubuntu0.2 | UNKNOWN |
| Ubuntu | 7.10 | noarch | ssh-askpass-gnome | <Β 1:4.6p1-5ubuntu0.2 | UNKNOWN |
| Ubuntu | 7.04 | noarch | openssh-client | <Β 1:4.3p2-8ubuntu1.2 | UNKNOWN |
| Ubuntu | 7.04 | noarch | openssh-client-udeb | <Β 1:4.3p2-8ubuntu1.2 | UNKNOWN |
| Ubuntu | 7.04 | noarch | openssh-server | <Β 1:4.3p2-8ubuntu1.2 | UNKNOWN |
| Ubuntu | 7.04 | noarch | openssh-server-udeb | <Β 1:4.3p2-8ubuntu1.2 | UNKNOWN |
| Ubuntu | 7.04 | noarch | ssh-askpass-gnome | <Β 1:4.3p2-8ubuntu1.2 | UNKNOWN |
References
Related
openvas
openvas
Mandriva Update for openssh MDVSA-2008:078 (openssh)
2009-04-09 00:00:00
HP-UX Update for HP-UX Secure Shell HPSBUX02337
2009-05-05 00:00:00
FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
2008-09-04 00:00:00
nessus
nessus
openSUSE 10 Security Update : openssh (openssh-5148)
2008-04-11 00:00:00
Mandriva Linux Security Advisory : openssh (MDVSA-2008:078)
2009-04-23 00:00:00
debiancve
debiancve
CVE-2008-1483
2008-03-24 23:44:00
prion
prion
Design/Logic Flaw
2008-03-24 23:44:00
f5
f5
K9107 : OpenSSH vulnerability CVE-2008-1483
2013-03-25 00:00:00
SOL9107 - OpenSSH vulnerability CVE-2008-1483
2008-09-01 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-08:05.openssh
2008-04-17 00:00:00
securityvulns
securityvulns
rPSA-2008-0120-1 gnome-ssh-askpass openssh openssh-client openssh-server
2008-03-25 00:00:00
OpenSSH privilege escalation
2008-03-25 00:00:00
slackware
slackware
[slackware-security] openssh
2008-04-04 20:06:28
seebug
seebug
OpenSSH XθΏζ₯δΌθ―ε«ζζΌζ΄
2008-04-18 00:00:00
ubuntucve
ubuntucve
CVE-2008-1483
2008-03-24 00:00:00
cve
cve
CVE-2008-1483
2008-03-24 23:44:00
redhat
redhat
(RHSA-2005:527) openssh security update
2005-10-05 00:00:00
centos
centos
openssh security update
2005-10-05 16:16:35
gentoo
gentoo
OpenSSH: Privilege escalation
2008-04-05 00:00:00
debian
debian
[SECURITY] [DSA 1576-1] New openssh packages fix predictable randomness
2008-05-14 09:24:56
osv
osv
openssh openssh-blacklist - predictable randomness
2008-05-14 00:00:00
7.5 High
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
14.3%
Related for USN-597-1