Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:204: openssh Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the openssh package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:204 (openssh).
A vulnerability in the privilege separation functionality in OpenSSH
was discovered, caused by an incorrect checking for bad signatures in
sshd's privsep monitor. As a result, the monitor and the unprivileged
process can get out sync. The OpenSSH team indicated that this bug is
not known to be exploitable in the abence of additional
Updated packages have been patched to correct this issue, and Mandriva
Linux 2007 has received the latest version of OpenSSH.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:204
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.