GLSA-201405-06 : OpenSSH: Multiple vulnerabilities

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-201405-06
(OpenSSH: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in OpenSSH. Please review
the CVE identifiers referenced below for details.

Impact :

A remote attacker could execute arbitrary code, cause a Denial of
Service condition, obtain sensitive information, or bypass environment
restrictions.

Workaround :

There is no known workaround at this time.

See also :

https://security.gentoo.org/glsa/201405-06

Solution :

All OpenSSH users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-misc/openssh-6.6_p1-r1'
NOTE: One or more of the issues described in this advisory have been
fixed in previous updates. They are included in this advisory for the
sake of completeness. It is likely that your system is already no longer
affected by them.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Gentoo Local Security Checks

Nessus Plugin ID: 73958 ()

Bugtraq ID: 32319
45304
51702
54114
58162
66355

CVE ID: CVE-2008-5161
CVE-2010-4478
CVE-2010-4755
CVE-2010-5107
CVE-2011-5000
CVE-2012-0814
CVE-2014-2532

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now