Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-566-1: OpenSSH vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-566-1: OpenSSH vulnerability
# 1  
Old 01-09-2008
USN-566-1: OpenSSH vulnerability
Referenced CVEs:
CVE-2007-4752


Description:
=========================================================== Ubuntu Security Notice USN-566-1 January 09, 2008 openssh vulnerability CVE-2007-4752 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: openssh-client 1:4.2p1-7ubuntu3.2 Ubuntu 6.10: openssh-client 1:4.3p2-5ubuntu1.1 Ubuntu 7.04: openssh-client 1:4.3p2-8ubuntu1.1 Ubuntu 7.10: openssh-client 1:4.6p1-5ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Jan Pechanec discovered that ssh would forward trusted X11 cookies when untrusted cookie generation failed. This could lead to unintended privileges being forwarded to a remote host.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. Red Hat

Vulnerability with ssh in OpenSSH in an RHEL installation

There was a security analysis run on one server which has RHEL 5.8 installed and it is showing security vulnerabilities with respect to ssh in OpenSSH with reference no CVE-2007-4752. The vulnerability solution in the security report is showing solution as below: 1) Download and apply the... (3 Replies)
Discussion started by: RHCE
3 Replies
Login or Register to Ask a Question

LEARN ABOUT LINUX

ssh-argv0

SSH-ARGV0(1)						    BSD General Commands Manual 					      SSH-ARGV0(1)

NAME

     ssh-argv0 -- replaces the old ssh command-name as hostname handling

SYNOPSIS

     hostname | user@hostname [-l login_name] [command]

     hostname | user@hostname [-afgknqstvxACNTX1246] [-b bind_address] [-c cipher_spec] [-e escape_char] [-i identity_file] [-l login_name]
     [-m mac_spec] [-o option] [-p port] [-F configfile] [-L port:host:hostport] [-R port:host:hostport] [-D port] [command]

DESCRIPTION

     ssh-argv0 replaces the old ssh command-name as hostname handling.	If you link to this script with a hostname then executing the link is
     equivalent to having executed ssh with that hostname as an argument.  All other arguments are passed to ssh and will be processed normally.

OPTIONS

     See ssh(1).

FILES

     See ssh(1).

AUTHORS

     OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
     Theo de Raadt and Dug Song removed many bugs, re-added newer features and created OpenSSH.  Markus Friedl contributed the support for SSH
     protocol versions 1.5 and 2.0.  Jonathan Amery wrote this ssh-argv0 script and the associated documentation.

SEE ALSO

     ssh(1)

Debian Project							 September 7, 2001						    Debian Project