漏洞信息详情
LSH 访问验证错误
- CNNVD编号:CNNVD-200601-284
- 危害等级: 低危
![图片[1]-LSH 访问验证错误-一一网](https://www.proyy.com/skycj/data/images/2021-04-27/fa6998ac850c38cb90c47a02e5a8652c.png)
- CVE编号:
CVE-2006-0353
- 漏洞类型:
信息泄露
- 发布时间:
2006-01-22
- 威胁类型:
本地
- 更新时间:
2006-05-01
- 厂 商:
gnu - 漏洞来源:
Discovered by Stef… -
漏洞简介
lsh 2.0.1的lshd中的unix_random.c会泄漏与随机生成器相关的文件描述符,本地用户可以通过截断种子文件从而阻止服务器启动,使系统拒绝服务,或者获取可用来破解密钥的敏感种子信息。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
LSH LSH 2.0.1
Debian lsh-client_2.0.1-3sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2. 0.1-3sarge1_alpha.deb
Debian lsh-client_2.0.1-3sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2. 0.1-3sarge1_arm.deb
Debian lsh-client_2.0.1-3sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2. 0.1-3sarge1_hppa.deb
Debian lsh-client_2.0.1-3sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2. 0.1-3sarge1_i386.deb
Debian lsh-client_2.0.1-3sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2. 0.1-3sarge1_ia64.deb
Debian lsh-client_2.0.1-3sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2. 0.1-3sarge1_m68k.deb
Debian lsh-client_2.0.1-3sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2. 0.1-3sarge1_mips.deb
Debian lsh-client_2.0.1-3sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2. 0.1-3sarge1_mipsel.deb
Debian lsh-client_2.0.1-3sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2. 0.1-3sarge1_powerpc.deb
Debian lsh-client_2.0.1-3sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2. 0.1-3sarge1_s390.deb
Debian lsh-client_2.0.1-3sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2. 0.1-3sarge1_sparc.deb
Debian lsh-server_2.0.1-3sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2. 0.1-3sarge1_alpha.deb
Debian lsh-server_2.0.1-3sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2. 0.1-3sarge1_arm.deb
Debian lsh-server_2.0.1-3sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2. 0.1-3sarge1_hppa.deb
Debian lsh-server_2.0.1-3sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2. 0.1-3sarge1_i386.deb
Debian lsh-server_2.0.1-3sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2. 0.1-3sarge1_ia64.deb
Debian lsh-server_2.0.1-3sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2. 0.1-3sarge1_m68k.deb
Debian lsh-server_2.0.1-3sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2. 0.1-3sarge1_mips.deb
Debian lsh-server_2.0.1-3sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2. 0.1-3sarge1_mipsel.deb
Debian lsh-server_2.0.1-3sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2. 0.1-3sarge1_powerpc.deb
Debian lsh-server_2.0.1-3sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2. 0.1-3sarge1_s390.deb
Debian lsh-utils-doc_2.0.1-3sarge1_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils-doc _2.0.1-3sarge1_all.deb
Debian lsh-utils/lsh-server_2.0.1-3sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2. 0.1-3sarge1_sparc.deb
Debian lsh-utils/lsh-utils_2.0.1-3sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
参考网址
来源: BID
名称: 16357
链接:http://www.securityfocus.com/bid/16357
来源: VUPEN
名称: ADV-2006-0301
链接:http://www.frsirt.com/english/advisories/2006/0301
来源: DEBIAN
名称: DSA-956
链接:http://www.debian.org/security/2006/dsa-956
来源: SECUNIA
名称: 18623
链接:http://secunia.com/advisories/18623
来源: SECUNIA
名称: 18564
链接:http://secunia.com/advisories/18564
来源: XF
名称: lsh-file-descriptor-leak(24263)
链接:http://xforce.iss.net/xforce/xfdb/24263
来源: OSVDB
名称: 22695
来源: MLIST
名称: [lsh-bugs] SECURITY: lshd leaks fd:s to user shells
链接:http://lists.lysator.liu.se/pipermail/lsh-bugs/2006q1/000467.html
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
