Mandrake Linux Security Advisory : openssh (MDKSA-2002:019)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

Joost Pol found a bug in the channel code of all versions of OpenSSH
from 2.0 to 3.0.2. This bug can allow authenticated users with an
existing account on the vulnerable system to obtain root privilege or
by a malicious server attacking a vulnerable client. OpenSSH 3.1 is
not vulnerable to this problem. The provided packages fix this
vulnerability.

See also :

http://marc.info/?l=bugtraq&m=101553908201861&w=2
http://www.pine.nl/advisories/pine-cert-20020301.txt

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 13927 (mandrake_MDKSA-2002-019.nasl)

Bugtraq ID:

CVE ID: CVE-2002-0083

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now