正文

OpenSSH sshd Privilege Separation Monitor 未明漏洞

admin
admin V管理员 /0 评论 /11 阅读
0103
此篇文章发布距今已超过1235天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

OpenSSH sshd Privilege Separation Monitor 未明漏洞

  • CNNVD编号:CNNVD-200611-134
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-2006-5794
  • 漏洞类型: 设计错误
  • 发布时间: 2006-11-08
  • 威胁类型: 远程
  • 更新时间: 2006-11-09
  • 厂        商: openbsd
  • 漏洞来源: The vendor disclos...

漏洞简介

OpenSSH的4.5之前版本中的sshd Privilege Separation Monitor存在未明漏洞,导致系统对已经成功的认证的验证更弱,可能让攻击者绕过认证。注:自20061108起,认为此问题只有利用未授权过程中的漏洞才能被利用,而这种过程还未知存在与否。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

Turbolinux Turbolinux 10 F...

Turbolinux openssh-3.8p1-11.i586.rpm Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u

pdates/RPMS/openssh-3.8p1-11.i586.rpm

Turbolinux openssh-askpass-3.8p1-11.i586.rpm Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u

pdates/RPMS/openssh-askpass-3.8p1-11.i586.rpm

Turbolinux openssh-clients-3.8p1-11.i586.rpm Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u

pdates/RPMS/openssh-clients-3.8p1-11.i586.rpm

Turbolinux openssh-server-3.8p1-11.i586.rpm Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u

pdates/RPMS/openssh-server-3.8p1-11.i586.rpm

OpenSSH OpenSSH 4.4

OpenSSH openssh-4.5.tar.gz

ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/openssh-4.5.tar.gz

Turbolinux Home

Turbolinux openssh-askpass-3.8p1-11.i586.rpm Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u

pdates/RPMS/openssh-askpass-3.8p1-11.i586.rpm

Turbolinux openssh-clients-3.8p1-11.i586.rpm Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u

pdates/RPMS/openssh-clients-3.8p1-11.i586.rpm

Turbolinux openssh-server-3.8p1-11.i586.rpm Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u

pdates/RPMS/openssh-server-3.8p1-11.i586.rpm

Turbolinux Turbolinux FUJI

Turbolinux openssh-4.1p1-6.i686.rpm Turbolinux FUJI

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

Turbolinux openssh-askpass-4.1p1-6.i686.rpm Turbolinux FUJI

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

Turbolinux openssh-clients-4.1p1-6.i686.rpm Turbolinux FUJI

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

Turbolinux openssh-server-4.1p1-6.i686.rpm Turbolinux FUJI

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

Turbolinux Appliance Server 2.0

Turbolinux openssh-3.9p1-10.i586.rpm Turbolinux Appliance Server 2.0

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

Turbolinux openssh-askpass-3.9p1-10.i586.rpm Turbolinux Appliance Server 2.0

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

Turbolinux openssh-clients-3.9p1-10.i586.rpm Turbolinux Appliance Server 2.0

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

Turbolinux openssh-server-3.9p1-10.i586.rpm Turbolinux Appliance Server 2.0

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

TurboLinux Personal

Turbolinux openssh-3.8p1-11.i586.rpm Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u

pdates/RPMS/openssh-3.8p1-11.i586.rpm

Turbolinux openssh-askpass-3.8p1-11.i586.rpm Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u

pdates/RPMS/openssh-askpass-3.8p1-11.i586.rpm

Turbolinux openssh-clients-3.8p1-11.i586.rpm Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u

pdates/RPMS/openssh-clients-3.8p1-11.i586.rpm

Turbolinux openssh-server-3.8p1-11.i586.rpm Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u

pdates/RPMS/openssh-server-3.8p1-11.i586.rpm

Turb

参考网址

来源: BID

名称: 20956

链接:http://www.securityfocus.com/bid/20956

来源: VUPEN

名称: ADV-2006-4399

链接:http://www.frsirt.com/english/advisories/2006/4399

来源: SECUNIA

名称: 22773

链接:http://secunia.com/advisories/22773

来源: SECUNIA

名称: 22771

链接:http://secunia.com/advisories/22771

来源: www.openssh.org

链接:http://www.openssh.org/txt/release-4.5

来源: sourceforge.net

链接:http://sourceforge.net/project/shownotes.php?release_id=461854&group_id=69227

来源: issues.rpath.com

链接:https://issues.rpath.com/browse/RPL-766

来源: XF

名称: openssh-separation-verificaton-weakness(30120)

链接:http://xforce.iss.net/xforce/xfdb/30120

来源: www.vmware.com

链接:http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html

来源: www.vmware.com

链接:http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html

来源: BUGTRAQ

名称: 20061109 rPSA-2006-0207-1 openssh openssh-client openssh-server

链接:http://www.securityfocus.com/archive/1/archive/1/451100/100/0/threaded

来源: OPENPKG

名称: OpenPKG-SA-2006.032

链接:http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.032-openssh.html

来源: SUSE

名称: SUSE-SR:2006:026

链接:http://www.novell.com/linux/security/advisories/2006_26_sr.html

来源: MANDRIVA

名称: MDKSA-2006:204

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:204

来源: VUPEN

名称: ADV-2006-4400

链接:http://www.frsirt.com/english/advisories/2006/4400

来源:support.avaya.com

链接:http://support.avaya.com/elmodocs2/security/ASA-2007-048.htm

来源: sourceforge.net

链接:http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227

来源: SECTRACK

名称: 1017183

链接:http://securitytracker.com/id?1017183

来源: SECUNIA

名称: 24055

链接:http://secunia.com/advisories/24055

来源: SECUNIA

名称: 23680

链接:http://secunia.com/advisories/23680

来源: SECUNIA

名称: 23513

链接:http://secunia.com/advisories/23513

来源: SECUNIA

名称: 22932

链接:http://secunia.com/advisories/22932

来源: SECUNIA

名称: 22872

链接:http://secunia.com/advisories/22872

来源: SECUNIA

名称: 22814

链接:http://secunia.com/advisories/22814

来源: SECUNIA

名称: 22778

链接:http://secunia.com/advisories/22778

来源: SECUNIA

名称: 22772

链接:http://secunia.com/advisories/22772

来源: REDHAT

名称: RHSA-2006:0738

链接:http://rhn.redhat.com/errata/RHSA-2006-0738.html

来源: MANDRIVA

名称: MDKSA-2006:204

链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:204

来源: SGI

名称: 20061201-01-P

链接:ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc

受影响实体

  • Openbsd Openssh:4.4  
    <!--
    2000-1-1
    -->

补丁

    暂无