Mandrake Linux Security Advisory : openssh (MDKSA-2003:090-1)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A buffer management error was discovered in all versions of openssh
prior to version 3.7. According to the OpenSSH team's advisory: 'It is
uncertain whether this error is potentially exploitable, however, we
prefer to see bugs fixed proactively.' There have also been reports of
an exploit in the wild.

MandrakeSoft encourages all users to upgrade to these patched openssh
packages immediately and to disable sshd until you are able to upgrade
if at all possible.

Update :

The OpenSSH developers discovered more, similar, problems and revised
the patch to correct these issues. These new packages have the latest
patch fix applied.

See also :

http://www.openssh.com/txt/buffer.adv

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14072 (mandrake_MDKSA-2003-090.nasl)

Bugtraq ID:

CVE ID: CVE-2003-0693
CVE-2003-0695

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now