[OpenPKG-SA-2006.003] OpenPKG Security Advisory (openssh)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [OpenPKG-SA-2006.003] OpenPKG Security Advisory (openssh)
From: OpenPKG <openpkg@xxxxxxxxxxx>
Date: Sat, 18 Feb 2006 13:33:42 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: The OpenPKG Project, http://www.openpkg.org/
Reply-to: openpkg@xxxxxxxxxxx
User-agent: Mutt/1.5.11 OpenPKG/2.5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory                            The OpenPKG Project
http://www.openpkg.org/security.html              http://www.openpkg.org
openpkg-security@xxxxxxxxxxx                         openpkg@xxxxxxxxxxx
OpenPKG-SA-2006.003                                          18-Feb-2006
________________________________________________________________________

Package:             openssh
Vulnerability:       arbitrary shell command excecution
OpenPKG Specific:    no

Affected Releases:   Affected Packages:        Corrected Packages:
OpenPKG CURRENT      <= openssh-4.2p1-20060101 >= openssh-4.3p1-20060201
OpenPKG 2.5          <= openssh-4.2p1-2.5.1    >= openssh-4.2p1-2.5.2
OpenPKG 2.4          <= openssh-4.1p1-2.4.1    >= openssh-4.1p1-2.4.2
OpenPKG 2.3          <= openssh-3.9p1-2.3.0    >= openssh-3.9p1-2.3.1

Description:
  Ulrich Drepper discovered [0] a weakness in OpenSSH [1] version 4.2p1
  and earlier, caused due to the insecure use of the system(3) function
  in scp(1) when performing copy operations using filenames that are
  supplied by the user from the command line. This can be exploited to
  execute shell commands with privileges of the user running scp(1). The
  Common Vulnerabilities and Exposures (CVE) project assigned the id
  CVE-2006-0225 [2] to the problem.
________________________________________________________________________

References:
  [0] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168167 
  [1] http://www.openssh.com/
  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225
________________________________________________________________________

For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@xxxxxxxxxxx>" (ID 63C4CB9F) of the
OpenPKG project which you can retrieve from http://pgp.openpkg.org and
hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/
for details on how to verify the integrity of this advisory.
________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg@xxxxxxxxxxx>

iD8DBQFD9xQTgHWT4GPEy58RAmGhAJwPqGodxa5SWCErCK85VrzAhYMPUACfXeXy
h8vuY68O3h7SD1LpSCP/oHE=
=POPO
-----END PGP SIGNATURE-----

Prev by Date: [OpenPKG-SA-2006.002] OpenPKG Security Advisory (sudo)
Next by Date: RCblog exploit [fun]
Previous by thread: [OpenPKG-SA-2006.002] OpenPKG Security Advisory (sudo)
Next by thread: RCblog exploit [fun]
Index(es):
- Date
- Thread