Download
| Alert*
|
oval:org.secpod.oval:def:89045430
OpenSSH was updated to fix several security issues and bugs. Please note that due to a bug in the previous shipped openssh version, sshd might not correctly restart. Please verify that the ssh daemon is running after installing this update. These security issues were fixed: * CVE-2015-5352: The x11_ ... oval:org.secpod.oval:def:109478 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:204183 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to full ... oval:org.secpod.oval:def:30264 The host is installed with OpenSSH before 7.0 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation allows local users to gain privileges. oval:org.secpod.oval:def:501690 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to full ... oval:org.secpod.oval:def:1200191 The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a craft ... oval:org.secpod.oval:def:204168 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A m ... oval:org.secpod.oval:def:30724 The host is missing a patch containing security fixes, which affects the following package(s):openssh.base.server and openssh.base.client oval:org.secpod.oval:def:1501232 The remote host is missing a patch containing a security fix, which affects the following package(s): openssh oval:org.secpod.oval:def:31521 The host is installed with Apple Mac OS X or Server 10.11.x before 10.11.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle pre-authentication process. Successful exploitation could allow attackers to conduct impersonation attacks. oval:org.secpod.oval:def:31533 The host is missing a security update according to Apple advisory, APPLE-SA-2015-10-21-4. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code, dis ... oval:org.secpod.oval:def:1501461 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A m ... oval:org.secpod.oval:def:501816 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A m ... oval:org.secpod.oval:def:1200025 A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users.It was d ... |
