SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   OpenSSH Vendors:   OpenSSH.org
OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
SecurityTracker Alert ID:  1017183
SecurityTracker URL:  http://securitytracker.com/id/1017183
CVE Reference:   CVE-2006-5794   (Links to External Site)
Updated:  Nov 15 2006
Original Entry Date:  Nov 8 2006
Impact:   Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.4 and prior versions
Description:   A vulnerability was reported in OpenSSH. The privilege separation monitor may not properly verify authentication.

The sshd privilege separation monitor may not properly detect incorrect signatures. As a result, the monitor may not properly control or restrict the unprivileged process.

The vendor notes that this security bug is not known to be exploitable in the absence of any other vulnerability.

The vulnerability resides in 'monitor.c'.

[Editor's note: This vulnerability does not affect sshd authentication itself.]

Impact:   The monitor may fail to properly control or restrict the unprivileged process in certain cases.
Solution:   The vendor has issued a fixed version (4.5 and 4.5p1), available at:

http://openssh.org/

The OpenSSH notice is available at:

http://openssh.org/txt/release-4.5

Vendor URL:  www.openssh.org/ (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 15 2006 (Red Hat Issues Fix) OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
Red Hat has released a fix for Red Hat Enterprise Linux 3 and 4.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC