SecurityLex.Org
  Home My IP SecCon Glossary Vulnerability Tests Sans/FBI Top 20 Top 10 Ipfilter Recent Vulnerabilities Today's news Web Host Check 

VulnTests
SecureScout Testcase
eEye Retina RTH
Nessus Plugin ID
nCircle Sans CVE's
Dragonsoft Vuln ID
CVE Entries
Search CVSS vectors 
CVSS Base score between    and
Access Vector Confidentiality Impact
Access Complexity Integrity Impact
Authentification Availability Impact
Impact Bias

Your search for "24589" returned:
Nessus Plugin ID: 24589Name: MDKSA-2006:204: openssh
CVE References: CVE-2006-5794 (cve.mitre.org, nvd.nist.gov
SANS/FBI TOP20 Reference:
Group/Family: Mandriva Local Security Checks
Risk: High
Description: Synopsis :

The remote host is missing the patch for the advisory MDKSA-2006:204 (openssh).

Description :

A vulnerability in the privilege separation functionality in OpenSSH
was discovered, caused by an incorrect checking for bad signatures in
sshd's privsep monitor. As a result, the monitor and the unprivileged
process can get out sync. The OpenSSH team indicated that this bug is
not known to be exploitable in the abence of additional
vulnerabilities.
Updated packages have been patched to correct this issue, and Mandriva
Linux 2007 has received the latest version of OpenSSH.

See also :

http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:204

Solution :

Apply the newest security patches from Mandriva.

/ CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Created: 2007-03-07 19:58:41Last Changed: 2009-06-16 16:48:38
 
 The Complete Lexicon to Security