OpenSSH sshd Privilege Separation Monitor 未明漏洞

漏洞信息详情

OpenSSH sshd Privilege Separation Monitor 未明漏洞

• CNNVD编号：CNNVD-200611-134
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2006-5794
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2006-11-08
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-11-09
  
• 厂        商：
  
  openbsd
• 漏洞来源：
  The vendor disclos…

OpenSSH的4.5之前版本中的sshd Privilege Separation Monitor存在未明漏洞，导致系统对已经成功的认证的验证更弱，可能让攻击者绕过认证。注：自20061108起，认为此问题只有利用未授权过程中的漏洞才能被利用，而这种过程还未知存在与否。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Turbolinux Turbolinux 10 F…

Turbolinux openssh-3.8p1-11.i586.rpm Turbolinux 10 Desktop, Turbolinux 10 F…, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u

pdates/RPMS/openssh-3.8p1-11.i586.rpm

Turbolinux openssh-askpass-3.8p1-11.i586.rpm Turbolinux 10 Desktop, Turbolinux 10 F…, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u

pdates/RPMS/openssh-askpass-3.8p1-11.i586.rpm

Turbolinux openssh-clients-3.8p1-11.i586.rpm Turbolinux 10 Desktop, Turbolinux 10 F…, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u

pdates/RPMS/openssh-clients-3.8p1-11.i586.rpm

Turbolinux openssh-server-3.8p1-11.i586.rpm Turbolinux 10 Desktop, Turbolinux 10 F…, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u

pdates/RPMS/openssh-server-3.8p1-11.i586.rpm

OpenSSH OpenSSH 4.4

OpenSSH openssh-4.5.tar.gz

ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/openssh-4.5.tar.gz

Turbolinux Home

Turbolinux openssh-askpass-3.8p1-11.i586.rpm Turbolinux 10 Desktop, Turbolinux 10 F…, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u

pdates/RPMS/openssh-askpass-3.8p1-11.i586.rpm

Turbolinux openssh-clients-3.8p1-11.i586.rpm Turbolinux 10 Desktop, Turbolinux 10 F…, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u

pdates/RPMS/openssh-clients-3.8p1-11.i586.rpm

Turbolinux openssh-server-3.8p1-11.i586.rpm Turbolinux 10 Desktop, Turbolinux 10 F…, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u

pdates/RPMS/openssh-server-3.8p1-11.i586.rpm

Turbolinux Turbolinux FUJI

Turbolinux openssh-4.1p1-6.i686.rpm Turbolinux FUJI

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

Turbolinux openssh-askpass-4.1p1-6.i686.rpm Turbolinux FUJI

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

Turbolinux openssh-clients-4.1p1-6.i686.rpm Turbolinux FUJI

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

Turbolinux openssh-server-4.1p1-6.i686.rpm Turbolinux FUJI

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

Turbolinux Appliance Server 2.0

Turbolinux openssh-3.9p1-10.i586.rpm Turbolinux Appliance Server 2.0

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

Turbolinux openssh-askpass-3.9p1-10.i586.rpm Turbolinux Appliance Server 2.0

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

Turbolinux openssh-clients-3.9p1-10.i586.rpm Turbolinux Appliance Server 2.0

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

Turbolinux openssh-server-3.9p1-10.i586.rpm Turbolinux Appliance Server 2.0

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

TurboLinux Personal

Turbolinux openssh-3.8p1-11.i586.rpm Turbolinux 10 Desktop, Turbolinux 10 F…, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u

pdates/RPMS/openssh-3.8p1-11.i586.rpm

Turbolinux openssh-askpass-3.8p1-11.i586.rpm Turbolinux 10 Desktop, Turbolinux 10 F…, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u

pdates/RPMS/openssh-askpass-3.8p1-11.i586.rpm

Turbolinux openssh-clients-3.8p1-11.i586.rpm Turbolinux 10 Desktop, Turbolinux 10 F…, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u

pdates/RPMS/openssh-clients-3.8p1-11.i586.rpm

Turbolinux openssh-server-3.8p1-11.i586.rpm Turbolinux 10 Desktop, Turbolinux 10 F…, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u

pdates/RPMS/openssh-server-3.8p1-11.i586.rpm

Turb

来源: BID

名称: 20956

链接:http://www.securityfocus.com/bid/20956

来源: VUPEN

名称: ADV-2006-4399

链接:http://www.frsirt.com/english/advisories/2006/4399

来源: SECUNIA

名称: 22773

链接:http://secunia.com/advisories/22773

来源: SECUNIA

名称: 22771

链接:http://secunia.com/advisories/22771

来源: www.openssh.org

链接:http://www.openssh.org/txt/release-4.5

来源: sourceforge.net

链接:http://sourceforge.net/project/shownotes.php?release_id=461854&group_id=69227

来源: issues.rpath.com

链接:https://issues.rpath.com/browse/RPL-766

来源: XF

名称: openssh-separation-verificaton-weakness(30120)

链接:http://xforce.iss.net/xforce/xfdb/30120

来源: www.vmware.com

链接:http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html

来源: www.vmware.com

链接:http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html

来源: BUGTRAQ

名称: 20061109 rPSA-2006-0207-1 openssh openssh-client openssh-server

链接:http://www.securityfocus.com/archive/1/archive/1/451100/100/0/threaded

来源: OPENPKG

名称: OpenPKG-SA-2006.032

链接:http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.032-openssh.html

来源: SUSE

名称: SUSE-SR:2006:026

链接:http://www.novell.com/linux/security/advisories/2006_26_sr.html

来源: MANDRIVA

名称: MDKSA-2006:204

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:204

来源: VUPEN

名称: ADV-2006-4400

链接:http://www.frsirt.com/english/advisories/2006/4400

来源:support.avaya.com

链接:http://support.avaya.com/elmodocs2/security/ASA-2007-048.htm

来源: sourceforge.net

链接:http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227

来源: SECTRACK

名称: 1017183

链接:http://securitytracker.com/id?1017183

来源: SECUNIA

名称: 24055

链接:http://secunia.com/advisories/24055

来源: SECUNIA

名称: 23680

链接:http://secunia.com/advisories/23680

来源: SECUNIA

名称: 23513

链接:http://secunia.com/advisories/23513

来源: SECUNIA

名称: 22932

链接:http://secunia.com/advisories/22932

来源: SECUNIA

名称: 22872

链接:http://secunia.com/advisories/22872

来源: SECUNIA

名称: 22814

链接:http://secunia.com/advisories/22814

来源: SECUNIA

名称: 22778

链接:http://secunia.com/advisories/22778

来源: SECUNIA

名称: 22772

链接:http://secunia.com/advisories/22772

来源: REDHAT

名称: RHSA-2006:0738

链接:http://rhn.redhat.com/errata/RHSA-2006-0738.html

来源: MANDRIVA

名称: MDKSA-2006:204

链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:204

来源: SGI

名称: 20061201-01-P

链接:ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc