Download
| Alert*
oval:org.secpod.oval:def:602337
The Qualys Security team discovered two vulnerabilities in the roaming code of the OpenSSH client . SSH roaming enables a client, in case an SSH connection breaks unexpectedly, to resume it at a later time, provided the server also supports it. The OpenSSH server doesn"t support roaming, but the Ope ... oval:org.secpod.oval:def:1600390 An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory of a successfully authenticated OpenSSH client.A buffer overflow flaw was found in the way the OpenSSH client roaming featu ... oval:org.secpod.oval:def:110118 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:110088 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:89045316 This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client"s private key through the roaming feature - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflo ... oval:org.secpod.oval:def:33669 The host is installed with Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.4 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle OpenSSH client while roaming. Successful exploitation could allow remote attacke ... oval:org.secpod.oval:def:702916 openssh: secure shell for secure access to remote machines OpenSSH could be made to expose sensitive information over the network. oval:org.secpod.oval:def:501741 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak port ... oval:org.secpod.oval:def:32659 The host is installed with OpenSSH before 7.1p2 and is prone to denial of service vulnerability. A flaw is present in resend_bytes function in roaming_common.c in the client, which fails to validate the pathnames passed to its functions. Successful exploitation could allow remote servers to obtain s ... oval:org.secpod.oval:def:52667 openssh: secure shell for secure access to remote machines OpenSSH could be made to expose sensitive information over the network. oval:org.secpod.oval:def:33656 The host is missing a security update according to Apple advisory, APPLE-SA-2016-03-21-5. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code, dis ... oval:org.secpod.oval:def:33777 The host is missing a patch containing security fixes, which affects the following package(s):openssh.base.server and openssh.base.client oval:org.secpod.oval:def:1800137 OpenSSH clients between versions 5.4 and 7.1 are vulnerable to information disclosure that may allow a malicious server to retrieve information including under some circumstances, user"s private keys. This may be mitigated by adding the undocumented config option UseRoaming no to ssh_config. This bu ... oval:org.secpod.oval:def:1501299 An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client. oval:org.secpod.oval:def:203811 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak port ... oval:org.secpod.oval:def:400633 This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client"s private key through the roaming feature - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflo ... |