Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
Ask the Team  Mailing Lists  Advertising Info  Advisories  About SecuriTeam  Blogs Brought to you by: Suppliers of: Website Testing Tools Network Testing Tools Software Testing Tools SecuriTeam in Your Inbox New vulnerability? New tool? Tell us (Our PGP key). CanSecWest 2012 2nd Annual Cyber Security Hack In Paris	New version of OpenSSH released (Security patch) 18 Nov. 2000    Summary A security problem exists with all versions of OpenSSH prior to 2.3.0 with regards to the X11 forwarding and ssh-agent. A new version of OpenSSH deals with this security issue.   Credit: The information has been provided by Linux Mandrake Security Team, Debian security announce and TSL Team. Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    Details Protect your website! Use an External Vulnerability Scanner! Nothing to install. First report in 1 hour! www.beyondsecurity.com/vulnerability-scanner If agent or X11 forwarding is disabled in the SSH client configuration, the client does not request these features during session setup. However, when the SSH client receives an actual request asking for access to the ssh-agent, the client fails to check whether this feature has been negotiated during session setup. The client does not check whether the request complies with the client configuration and grants access to the SSH-agent. A similar problem exists in the X11 forwarding implementation. Patch: Debian GNU/Linux 2.2 alias potato Potato was released for Alpha, ARM, i386, M68k, PowerPC and Sparc. Packages for Sparc are not available at this moment; they will be announced later at http://security.debian.org/ Source archives: http://security.debian.org/dists/stable/updates/main/source/openssh_1.2.3-9.1.diff.gz http://security.debian.org/dists/stable/updates/main/source/openssh_1.2.3-9.1.dsc http://security.debian.org/dists/stable/updates/main/source/openssh_1.2.3.orig.tar.gz Architecture impendent archives: http://security.debian.org/dists/stable/updates/main/binary-all/ssh-askpass-ptk_1.2.3-9.1_all.deb Alpha architecture: http://security.debian.org/dists/stable/updates/main/binary-alpha/ssh-askpass-gnome_1.2.3-9.1_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/ssh_1.2.3-9.1_alpha.deb ARM architecture: http://security.debian.org/dists/stable/updates/main/binary-arm/ssh-askpass-gnome_1.2.3-9.1_arm.deb http://security.debian.org/dists/stable/updates/main/binary-arm/ssh_1.2.3-9.1_arm.deb Intel ia32 architecture: http://security.debian.org/dists/stable/updates/main/binary-i386/ssh-askpass-gnome_1.2.3-9.1_i386.deb http://security.debian.org/dists/stable/updates/main/binary-i386/ssh_1.2.3-9.1_i386.deb Motorola 680x0 architecture: http://security.debian.org/dists/stable/updates/main/binary-m68k/ssh-askpass-gnome_1.2.3-9.1_m68k.deb http://security.debian.org/dists/stable/updates/main/binary-m68k/ssh_1.2.3-9.1_m68k.deb PowerPC architecture: http://security.debian.org/dists/stable/updates/main/binary-powerpc/ssh-askpass-gnome_1.2.3-9.1_powerpc.deb http://security.debian.org/dists/stable/updates/main/binary-powerpc/ssh_1.2.3-9.1_powerpc.deb Mandrake: Linux-Mandrake 7.0: 7.0/RPMS/openssh-2.3.0p1-7.3mdk.i586.rpm 7.0/RPMS/openssh-askpass-2.3.0p1-7.3mdk.i586.rpm 7.0/RPMS/openssh-askpass-gnome-2.3.0p1-7.3mdk.i586.rpm 7.0/RPMS/openssh-clients-2.3.0p1-7.3mdk.i586.rpm 7.0/RPMS/openssh-server-2.3.0p1-7.3mdk.i586.rpm 7.0/SRPMS/openssh-2.3.0p1-7.3mdk.src.rpm Linux-Mandrake 7.1: 7.1/RPMS/openssh-2.3.0p1-7.3mdk.i586.rpm 7.1/RPMS/openssh-askpass-2.3.0p1-7.3mdk.i586.rpm 7.1/RPMS/openssh-askpass-gnome-2.3.0p1-7.3mdk.i586.rpm 7.1/RPMS/openssh-clients-2.3.0p1-7.3mdk.i586.rpm 7.1/RPMS/openssh-server-2.3.0p1-7.3mdk.i586.rpm 7.1/SRPMS/openssh-2.3.0p1-7.3mdk.src.rpm Linux-Mandrake 7.2: 7.2/RPMS/openssh-2.3.0p1-7.1mdk.i586.rpm 7.2/RPMS/openssh-askpass-2.3.0p1-7.1mdk.i586.rpm 7.2/RPMS/openssh-askpass-gnome-2.3.0p1-7.1mdk.i586.rpm 7.2/RPMS/openssh-clients-2.3.0p1-7.1mdk.i586.rpm 7.2/RPMS/openssh-server-2.3.0p1-7.1mdk.i586.rpm 7.2/SRPMS/openssh-2.3.0p1-7.1mdk.src.rpm Trustix: Get the packages from: http://www.trustix.net/download/Trustix/updates/1.1/RPMS/ Or: ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/ openssh-2.3.0p1-1tr.i586.rpm openssh-clients-2.3.0p1-1tr.i586.rpm openssh-server-2.3.0p1-1tr.i586.rpm  Comments: blog comments powered by Disqus	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews  Related Articles ProFTPD Response Pool Use-After-Free Code Execution Vulnerability Insight Control for Linux Multiple Vulnerabilities HP-UX Running NFS/ONCplus Denial of Service Vulnerability HP-UX Running BIND Denial of Service Vulnerability 2011 HP-UX Running XNTP Denial of Service Vulnerability HP-UX Denial of Service Vulnerability Webkit Detached Body Element Code Execution Vulnerability Mac OS X Compact Font Format Decoder Code Execution Vulnerability WebKit WBR Tag Removal Code Execution Vulnerability Webkit Undefined DOM Prototype Attach Code Execution Vulnerability Apple HFS Information Disclosure Vulnerability XPDF arbitrary Arbitrary Code Execution Vulnerabilities Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Code Execution Vulnerability Red Hat OpenJDK IcedTea6 ClassLoader Code Execution Vulnerability HP-UX Apache Running Tomcat Servlet Engine Remote Modification and Denial of Service Vulnerabilities  Featured Articles ProFTPD Response Pool Use-After-Free Code Execution Vulnerability HP Data Protector Notebook Extension LogClientInstallation SQL Injection Vulnerabilty GE Proficy Historian ihDataArchiver.exe Trusted Header Size Code Execution Vulnerability Novell ZENWorks Software Packaging Antique ActiveX Control Code Execution Vulnerability Adobe Reader U3D IFF RGBA Parsing Code Execution Vulnerability Adobe Reader U3D PCX Parsing Code Execution Vulnerability Cisco Unified Service Monitor brstart add_dm Code Execution Vulnerability
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs

Copyright © 1998-2011 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®