Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:172: openssh Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the openssh package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:172 (openssh).
Sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows
GSSAPI credentials to be delegated to clients who log in using non-GSSAPI
methods, which could cause those credentials to be exposed to untrusted users
GSSAPI is only enabled in versions of openssh shipped in LE2005 and greater.
The updated packages have been patched to correct this issue.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:172
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.