Slackware 8.1 / 9.0 / current : New OpenSSH packages (SSA:2003-266-01)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote Slackware host is missing a security update.

Description :

Upgraded OpenSSH 3.7.1p2 packages are available for Slackware 8.1,
9.0 and -current. This fixes security problems with PAM
authentication. It also includes several code cleanups from Solar
Designer. Slackware is not vulnerable to the PAM problem, and it is
not believed that any of the other code cleanups fix exploitable
security problems, not nevertheless sites may wish to upgrade. These
are some of the more interesting entries from OpenSSH's ChangeLog so
you can be the judge: [buffer.c] protect against double free; #660;
zardoz at users.sf.net - [email protected] 2003/09/18 08:49:45
[deattack.c misc.c session.c ssh-agent.c] more buffer allocation
fixes; from Solar Designer; CAN-2003-0682; ok [email protected] - (djm) Bug
#676: Fix PAM stack corruption - (djm) Fix bad free() in PAM code

See also :

http://www.nessus.org/u?d0bae0a9

Solution :

Update the affected openssh package.

Risk factor :

High

Family: Slackware Local Security Checks

Nessus Plugin ID: 18728 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now