Mandrake Linux Security Advisory : openssh (MDKSA-2000:068-1)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A vulnerability exists with all versions of OpenSSH prior to 2.3.0
with regards to the X11 forwarding and ssh-agent. If agent or X11
forwarding is disabled in the ssh client configuration, the client
does not request these features during session setup. However, when
the ssh client receives an actual request asking for access to the
ssh-agent, the client fails to check whether this feature has been
negotiated during session setup. The client does not check whether the
request is in compliance with the client configuration and grants
access to the ssh-agent. A similar problem exists in the X11
forwarding implementation.

Update :

The packages announced yesterday for Linux-Mandrake 7.0 and 7.1 did
not have PAM support enabled. This meant that the server would not
allow logins. These updated packages for 7.0 and 7.1 are now available
with PAM support properly enabled.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 61854 ()

Bugtraq ID:

CVE ID: CVE-2000-1169

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now