SSA-18700 OpenSSH security problem fixed

High Nessus Plugin ID 18700


The remote host is missing a security update.


New openssh packages are available to fix security problems.

Here's the information from the Slackware 8.0 ChangeLog:

---------------------------- Thu Mar 7 12:00:18 PST 2002 patches/packages/openssh.tgz: Upgraded to openssh-3.1p1.

This fixes a security problem in the openssh package. All sites running OpenSSH should upgrade immediately.

All versions of OpenSSH between 2.0 and 3.0.2 contain an off-by-one error in the channel code. OpenSSH 3.1 and later are not affected. This bug can be exploited locally by an authenticated user logging into a vulnerable OpenSSH server or by a malicious SSH server attacking a vulnerable OpenSSH client. This bug was discovered by Joost Pol <[email protected]>

(* Security fix *)


Update the packages that are referenced in the security advisory.

Plugin Details

Severity: High

ID: 18700

File Name: Slackware_18700.nasl

Version: $Revision: 1.8 $

Published: 2005/07/13

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

Required KB Items: Host/Slackware/release, Host/Slackware/packages