ssh security holes

[gboyce at badbelly.com (gboyce)]

Well, I'd be more concerned about the fact that they're running an 
unsupported version of solaris which will not longer recieve any sort of 
security patches.  I'm guessing the version of openssh was added manually 
rather than through a vendor package.

As for Openssh specific issues:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225

The first is a privledge escalation for a user on a system where 
GSSAPIDelegateCredentials is enabled.

The second is more of a bug than a vulnerability, but could theoretically 
be used by a local user to gain priveledges if an something/someone is 
using scp to copy local files around.

On Tue, 5 Sep 2006, Stephen Adler wrote:

> Solaris.... 5.6 Generic_105181-39
>
> gboyce wrote:
>> On Tue, 5 Sep 2006, Stephen Adler wrote:
>> 
>>> Guys,
>>> 
>>> I'm working with a company who has an old version of ssh installed,
>>>
>>>  OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004
>>> 
>>> Is there a way to find out if this version of ssh has any vulnerabilities?
>>> 
>>> Steve.
>> 
>> Your best bet is to look for security fixes released by the particular 
>> vendor.  Is this system running Redhat?  Debian?
>> 
>> -- 
>> Greg
>> 
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://olduvai.blu.org/mailman/listinfo/discuss
>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.