Veracode Vulnerability DatabaseVERACODE:23064Authorization Bypass
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
openssh is vulnerable to authorization bypass. The vulnerability exists as a flaw was found in the way the ssh server wrote account names to the audit subsystem. An attacker could inject strings containing parts of audit messages, which could possibly mislead or confuse audit log parsing tools.
References
osvdb.org/39214
secunia.com/advisories/27235
secunia.com/advisories/27588
secunia.com/advisories/27590
secunia.com/advisories/28319
secunia.com/advisories/28320
support.avaya.com/elmodocs2/security/ASA-2007-526.htm
support.avaya.com/elmodocs2/security/ASA-2007-527.htm
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2007-0540.html
www.redhat.com/support/errata/RHSA-2007-0555.html
www.redhat.com/support/errata/RHSA-2007-0703.html
www.redhat.com/support/errata/RHSA-2007-0737.html
www.securityfocus.com/bid/26097
access.redhat.com/errata/RHSA-2007:0540
bugzilla.redhat.com/show_bug.cgi?id=248059
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11124
www.redhat.com/archives/fedora-package-announce/2007-October/msg00214.html
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N