Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-649-1: OpenSSH vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-649-1: OpenSSH vulnerabilities
# 1  
Old 10-01-2008
USN-649-1: OpenSSH vulnerabilities
Referenced CVEs:
CVE-2008-1657, CVE-2008-4109


Description:
===========================================================Ubuntu Security Notice USN-649-1 October 01, 2008openssh vulnerabilitiesCVE-2008-1657, CVE-2008-4109===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: openssh-server 1:4.2p1-7ubuntu3.5Ubuntu 7.04: openssh-server 1:4.3p2-8ubuntu1.5Ubuntu 7.10: openssh-server 1:4.6p1-5ubuntu0.6In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that the ForceCommand directive could be bypassed.If a local user created a malicious ~/.ssh/rc file, they could executearbitrary commands as their user id. This only affected Ubuntu 7.10.(CVE-2008-1657)USN-355-1 fixed vulnerabilities in OpenSSH. It was discovered that thefixes for this issue were incomplete. A remote attacker could attemptmultiple logins, filling all available connection slots, leading to adenial of service. This only affected Ubuntu 6.06 and 7.04.(CVE-2008-4109)





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT CENTOS

ssh-ldap-helper

SSH-LDAP-HELPER(8)					    BSD System Manager's Manual 					SSH-LDAP-HELPER(8)

NAME

     ssh-ldap-helper -- sshd helper program for ldap support

SYNOPSIS

     ssh-ldap-helper [-devw] [-f file] [-s user]

DESCRIPTION

     ssh-ldap-helper is used by sshd(1) to access keys provided by an LDAP.  ssh-ldap-helper is disabled by default and can only be enabled in the
     sshd configuration file /etc/ssh/sshd_config by setting AuthorizedKeysCommand to ``/usr/libexec/openssh/ssh-ldap-wrapper''.

     ssh-ldap-helper is not intended to be invoked by the user, but from sshd(8) via ssh-ldap-wrapper.

     The options are as follows:

     -d      Set the debug mode; ssh-ldap-helper prints all logs to stderr instead of syslog.

     -e      Implies -w; ssh-ldap-helper halts if it encounters an unknown item in the ldap.conf file.

     -f      ssh-ldap-helper uses this file as the ldap configuration file instead of /etc/ssh/ldap.conf (default).

     -s      ssh-ldap-helper prints out the user's keys to stdout and exits.

     -v      Implies -d; increases verbosity.

     -w      ssh-ldap-helper writes warnings about unknown items in the ldap.conf configuration file.

SEE ALSO

     sshd(8), sshd_config(5), ssh-ldap.conf(5),

HISTORY

     ssh-ldap-helper first appeared in OpenSSH 5.5 + PKA-LDAP .

AUTHORS

     Jan F. Chadima <jchadima@redhat.com>

BSD
								  April 29, 2010							       BSD