Family: SuSE Local Security Checks --> Category: infos
SUSE-SA:2006:062: openssh Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the openssh package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory SUSE-SA:2006:062 (openssh).
Several security problems were fixed in OpenSSH 4.4 and the bug fixes were
back ported to the openssh versions in our products.
- CVE-2006-4924: A denial of service problem has been fixed in OpenSSH which could
be used to cause lots of CPU consumption on a remote openssh server.
- CVE-2006-4925: If a remote attacker is able to inject network traffic this could
be used to cause a client connection to close.
- CVE-2006-5051: Fixed an unsafe signal handler reported by Mark Dowd. The signal
handler was vulnerable to a race condition that could be exploited to perform a
pre-authentication denial of service. This vulnerability could theoretically lead to
pre-authentication remote code execution if GSSAPI authentication is enabled,
but the likelihood of successful exploitation appears remote.
- CVE-2006-5052: Fixed a GSSAPI authentication abort that could be used to acertain
the validity of user names on some platforms.
Solution : http://www.suse.de/security/http://www.novell.com/linux/security/advisories/2006_62_openssh.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.