Mandrake Linux Security Advisory : openssh (MDKSA-2000:068-1)

high Nessus Plugin ID 61854

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A vulnerability exists with all versions of OpenSSH prior to 2.3.0 with regards to the X11 forwarding and ssh-agent. If agent or X11 forwarding is disabled in the ssh client configuration, the client does not request these features during session setup. However, when the ssh client receives an actual request asking for access to the ssh-agent, the client fails to check whether this feature has been negotiated during session setup. The client does not check whether the request is in compliance with the client configuration and grants access to the ssh-agent. A similar problem exists in the X11 forwarding implementation.

Update :

The packages announced yesterday for Linux-Mandrake 7.0 and 7.1 did not have PAM support enabled. This meant that the server would not allow logins. These updated packages for 7.0 and 7.1 are now available with PAM support properly enabled.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 61854

File Name: mandrake_MDKSA-2000-068.nasl

Version: 1.6

Type: local

Published: 9/6/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:openssh, p-cpe:/a:mandriva:linux:openssh-askpass, p-cpe:/a:mandriva:linux:openssh-askpass-gnome, p-cpe:/a:mandriva:linux:openssh-clients, p-cpe:/a:mandriva:linux:openssh-server, cpe:/o:mandrakesoft:mandrake_linux:7.0, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 11/14/2000

Reference Information

CVE: CVE-2000-1169

MDKSA: 2000:068-1