Scientific Linux 4.x: Advisory 2007-05-01 Low: OpenSSH Security Threat

May 14, 2007 •

LinuxSecurity Advisories

1 - 2 min read

Scientific Large Esm H500

Topics Covered

security advisory security issue bug fix low severity openssh network threat Scientific Linux

Low: openssh security and bug fix update

Date: Mon, 14 May 2007 15:53:18 -0500
Reply-To: Connie Sieh 
Sender: Security Errata for Scientific Linux
 
From: Connie Sieh 
Subject: Security ERRATA for openssh on SL4.x i386/x86_64
Comments: To: scientific 

Synopsis: Low: openssh security and bug fix update
Issue date: 2007-05-01
CVE Names: CVE-2005-2666

OpenSSH stores hostnames, IP addresses, and keys in plaintext in the
known_hosts file. A local attacker that has already compromised a user's
SSH account could use this information to generate a list of additional
targets that are likely to have the same password or key. (CVE-2005-2666)

SRPMS:
 	openssh-3.9p1-8.RHEL4.20.src.rpm

i386:
 	openssh-3.9p1-8.RHEL4.20.i386.rpm
 	openssh-askpass-3.9p1-8.RHEL4.20.i386.rpm
 	openssh-askpass-gnome-3.9p1-8.RHEL4.20.i386.rpm
 	openssh-clients-3.9p1-8.RHEL4.20.i386.rpm
 	openssh-server-3.9p1-8.RHEL4.20.i386.rpm

x86_64:
 	openssh-3.9p1-8.RHEL4.20.x86_64.rpm
 	openssh-askpass-3.9p1-8.RHEL4.20.x86_64.rpm
 	openssh-askpass-gnome-3.9p1-8.RHEL4.20.x86_64.rpm
 	openssh-clients-3.9p1-8.RHEL4.20.x86_64.rpm
 	openssh-server-3.9p1-8.RHEL4.20.x86_64.rpm

-Connie Sieh
-Troy Dawson

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here