Mandrake Linux Security Advisory : openssh (MDKSA-2002:019)

critical Nessus Plugin ID 13927

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

Joost Pol found a bug in the channel code of all versions of OpenSSH from 2.0 to 3.0.2. This bug can allow authenticated users with an existing account on the vulnerable system to obtain root privilege or by a malicious server attacking a vulnerable client. OpenSSH 3.1 is not vulnerable to this problem. The provided packages fix this vulnerability.

Solution

Update the affected packages.

See Also

https://marc.info/?l=bugtraq&m=101553908201861&w=2

http://www.pine.nl/advisories/pine-cert-20020301.txt

Plugin Details

Severity: Critical

ID: 13927

File Name: mandrake_MDKSA-2002-019.nasl

Version: 1.20

Type: local

Published: 7/31/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:openssh-server, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2, cpe:/o:mandrakesoft:mandrake_linux:8.1, cpe:/o:mandrakesoft:mandrake_linux:8.0, p-cpe:/a:mandriva:linux:openssh-askpass, p-cpe:/a:mandriva:linux:openssh-clients, p-cpe:/a:mandriva:linux:openssh, p-cpe:/a:mandriva:linux:openssh-askpass-gnome

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/7/2002

Exploitable With

Core Impact

Reference Information

CVE: CVE-2002-0083

CWE: 189

MDKSA: 2002:019