FrSIRT - Fedora Security Update Fixes OpenSSH Cookie Handling Security Issue / Exploit

French Security Incident Response Team

Français

English

Fedora Security Update Fixes OpenSSH Cookie Handling Security Issue

Date de Publication : 2007-10-17 © FrSIRT.COM
Titre : Fedora Security Update Fixes OpenSSH Cookie Handling Security Issue
Identifiant : FrSIRT/AVIS-2007-3515
CVE ID : CVE-2007-3102 - CVE-2007-4752
Risque : Bas (1/4) -

Exploitable à distance : Oui
Exploitable en local : Oui

En savoir plus

Description

Produits affectés

Solution

Références

Description Technique

Une vulnérabilité a été identifiée dans Fedora, elle pourrait être exploitée par des attaquants afin de contourner les mesures de sécurité [...]

Solution

Installer les mises à jour :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

c4bbdf05c3ec42791b33aed51106634c5ab4ea96 SRPMS/openssh-4.3p2-25.fc6.src.rpm
c4bbdf05c3ec42791b33aed51106634c5ab4ea96 noarch/openssh-4.3p2-25.fc6.src.rpm
eeafee7ed54d6acafc1853a390e05e73c896faf5 ppc/openssh-server-4.3p2-25.fc6.ppc.rpm
e1d4265aacda1e9b44298cb841a7460d12a8dea2 ppc/openssh-4.3p2-25.fc6.ppc.rpm
30a4319536c7c24c231b68724b7c476365da52e8 ppc/debug/openssh-debuginfo-4.3p2-25.fc6.ppc.rpm
3797e42e4517c34f227244650d540200db14e964 ppc/openssh-clients-4.3p2-25.fc6.ppc.rpm
20f99e79df0ba9cfdfb6756906e3ae376eb9c9d0 ppc/openssh-askpass-4.3p2-25.fc6.ppc.rpm
b36310f377ada7282c203cc701d981689fbeebd7 x86_64/openssh-4.3p2-25.fc6.x86_64.rpm
877916362094d3443b4b1847d85015287bd7e134 x86_64/openssh-clients-4.3p2-25.fc6.x86_64.rpm
8243870ab20446d750a309039a98016495d39940 x86_64/openssh-askpass-4.3p2-25.fc6.x86_64.rpm
a16ba2e453efeb80200139da46a8e747253e6241 x86_64/openssh-server-4.3p2-25.fc6.x86_64.rpm
34774711bb4e15f2c34b05fc6750d4179b21667d x86_64/debug/openssh-debuginfo-4.3p2-25.fc6.x86_64.rpm
12d01c6072fc4b00adb901915a10a2f7dbed0ead i386/openssh-askpass-4.3p2-25.fc6.i386.rpm
069c04e6f06ea70f1bd0d92c9716d2787fb7e8c9 i386/debug/openssh-debuginfo-4.3p2-25.fc6.i386.rpm
fffd8e803de28363b6e7f83baab23cde83d8b22f i386/openssh-4.3p2-25.fc6.i386.rpm
315c0f591789bc52146b42dc1b60ee947b2faddb i386/openssh-server-4.3p2-25.fc6.i386.rpm
b517d9b6f741afeb0cab1c75f100292851e8a702 i386/openssh-clients-4.3p2-25.fc6.i386.rpm

Historique

2007-10-17 : Version Initiale

Recevez les bulletins FrSIRT

Le service FrSIRT VNS permet aux professionnels de la sécurité (RSSI, DSI, administrateurs et consultants) de recevoir en temps-réel, par email, SMS et flux RSS/XML, des bulletins de vulnérabilités complets, détaillés et personnalisés.

Recherche

Newsletter

	Microsoft Visual Studio "Msmask32" Code Execution Vulnerability
	Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)
	Microsoft Windows Messenger Data Disclosure (MS08-050)
	Microsoft Windows Event System Code Execution (MS08-049)
	Microsoft Outlook and Mail Security Bypass Vulnerability (MS08-048)
	Microsoft Windows IPsec Policy Data Disclosure Vulnerability (MS08-047)
	Microsoft Windows MSCMS Code Execution Vulnerability (MS08-046)

	Apple Mac OS X Code Execution Vulnerabilities
	Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
	Apple Xcode Code Execution and Information Disclosure Vulnerabilities
	Apple TV Data Processing Remote Code Execution Vulnerabilities
	Apple Mac OS X Command Execution Vulnerabilities
	Apple Safari for Mac OS X Remote Code Execution Vulnerability
	Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability

	IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability
	IBM WebSphere Application Server Cross Site Scripting Vulnerability
	IBM DB2 CLR Stored Procedures Unspecified Vulnerability
	IBM Lotus Quickr Multiple Cross Site Scripting Vulnerabilities
	IBM WebSphere Portal Remote Authentication Bypass Vulnerability
	IBM Rational ClearQuest Login Page Cross Site Scripting Vulnerability
	IBM WebSphere Application Server Security Exposure Vulnerabilities