Gentoo Linux Security Advisory 201405-6 - Multiple vulnerabilities have been found in OpenSSH, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 6.6_p1-r1 are affected.
fe1b9df26b1a25aa71eeff1f99186e2674ad6030343ed863a7fff0e2837a9529EMC VPLEX GeoSynchrony versions 4.0 through 5.2.1 suffer from path traversal, timeout validity, session fixation, and various other vulnerabilities.
865ebcefce882874598ff43ecc2a95087b307183385a9a725bb5ad0baf892e95Mandriva Linux Security Advisory 2013-022 - The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory. The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service by periodically making many new TCP connections. The updated packages have been patched to correct these issues.
bee473f9707063a23fbf49f1f2986f75bfe44988e5231b688428c1c9f062130b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed