Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-649-1: OpenSSH vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-649-1: OpenSSH vulnerabilities
# 1  
Old 10-01-2008
USN-649-1: OpenSSH vulnerabilities
Referenced CVEs:
CVE-2008-1657, CVE-2008-4109


Description:
===========================================================Ubuntu Security Notice USN-649-1 October 01, 2008openssh vulnerabilitiesCVE-2008-1657, CVE-2008-4109===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: openssh-server 1:4.2p1-7ubuntu3.5Ubuntu 7.04: openssh-server 1:4.3p2-8ubuntu1.5Ubuntu 7.10: openssh-server 1:4.6p1-5ubuntu0.6In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that the ForceCommand directive could be bypassed.If a local user created a malicious ~/.ssh/rc file, they could executearbitrary commands as their user id. This only affected Ubuntu 7.10.(CVE-2008-1657)USN-355-1 fixed vulnerabilities in OpenSSH. It was discovered that thefixes for this issue were incomplete. A remote attacker could attemptmultiple logins, filling all available connection slots, leading to adenial of service. This only affected Ubuntu 6.06 and 7.04.(CVE-2008-4109)





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

net::openssh::compat

Net::OpenSSH::Compat(3pm)				User Contributed Perl Documentation				 Net::OpenSSH::Compat(3pm)

NAME

       Net::OpenSSH::Compat - Compatibility modules for Net::OpenSSH

SYNOPSIS

	 use Net::OpenSSH::Compat 'Net::SSH2';
	 use Net::OpenSSH::Compat 'Net::SSH::Perl';

DESCRIPTION

       This package contains a set of adapter modules that run on top of Net::OpenSSH providing the APIs of other SSH modules available from CPAN.

       Currently, there are adapters available for Net::SSH2 and Net::SSH::Perl. Adapters for Net::SSH and Net::SFTP are planned... maybe also for
       Net::SCP and Net::SCP::Expect if somebody request them.

BUGS AND SUPPORT

       This is a work in progress.

       If you find any bug fill a report at the CPAN RT bugtracker (https://rt.cpan.org/Ticket/Create.html?Queue=Net-OpenSSH-Compat
       <https://rt.cpan.org/Ticket/Create.html?Queue=Net-OpenSSH-Compat>) or just send me an e-mail with the details.

   Git repository
       The source code repository is at https://github.com/salva/p5-Net-OpenSSH-Compat <https://github.com/salva/p5-Net-OpenSSH-Compat>.

   My wishlist
       If you like this module and you're feeling generous, take a look at my Amazon Wish List: <http://amzn.com/w/1WU1P6IR5QZ42>

       Also consider contributing to the OpenSSH project this module builds upon: <http://www.openssh.org/donations.html>.

SEE ALSO

       Net::OpenSSH, Net::OpenSSH::Compat::SSH2, Net::OpenSSH::Compat::Perl.

COPYRIGHT AND LICENSE

       Copyright (C) 2011 by Salvador Fandino (sfandino@yahoo.com)

       This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.10.1 or,
       at your option, any later version of Perl 5 you may have available.

perl v5.14.2							    2011-09-28						 Net::OpenSSH::Compat(3pm)