SuSE 10 Security Update : OpenSSH (ZYPP Patch Number 2184)

High Nessus Plugin ID 29538

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

Several security problems were fixed in OpenSSH :

- A denial of service problem has been fixed in OpenSSH which could be used to cause lots of CPU consumption on a remote openssh server. (CVE-2006-4924)

- If a remote attacker is able to inject network traffic this could be used to cause a client connection to close. (CVE-2006-4925)

- Fixed an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. This vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote.
(CVE-2006-5051)

- Fixed a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. (CVE-2006-5052)

Solution

Apply ZYPP patch number 2184.

See Also

http://support.novell.com/security/cve/CVE-2006-4924.html

http://support.novell.com/security/cve/CVE-2006-4925.html

http://support.novell.com/security/cve/CVE-2006-5051.html

http://support.novell.com/security/cve/CVE-2006-5052.html

Plugin Details

Severity: High

ID: 29538

File Name: suse_openssh-2184.nasl

Version: 1.15

Type: local

Agent: unix

Published: 2007/12/13

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2006/10/19

Reference Information

CVE: CVE-2006-4924, CVE-2006-4925, CVE-2006-5051, CVE-2006-5052

CWE: 362, 399