CVE-2004-0175
CVSS4.3
发布时间 :2004-08-18 00:00:00
修订时间 :2011-03-07 21:15:13
NMCOPS    

[原文]Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.


[CNNVD]OpenSSH SCP客户端文件破坏漏洞(CNNVD-200408-194)

        
        OpenSSH是一种开放源码的SSH协议的实现,初始版本用于OpenBSD平台,现在已经被移植到多种Unix/Linux类操作系统下。
        OpenSSH scp客户端不正确处理部分文件名中的特殊字符,远程恶意服务器可以运行scp客户端用户权限在工作目录外建立恶意文件。
        目前没有详细漏洞细节提供。
        

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-22 [对路径名的限制不恰当(路径遍历)]

- CPE (受影响的平台与产品)

cpe:/a:openbsd:openssh:3.3OpenBSD OpenSSH 3.3
cpe:/a:openbsd:openssh:3.0p1OpenBSD OpenSSH 3.0 p1
cpe:/a:openbsd:openssh:3.1p1OpenBSD OpenSSH 3.1 p1
cpe:/a:openbsd:openssh:3.0.2OpenBSD OpenSSH 3.0.2
cpe:/a:openbsd:openssh:3.0.1OpenBSD OpenSSH 3.0.1
cpe:/a:openbsd:openssh:3.0OpenBSD OpenSSH 3.0
cpe:/a:openbsd:openssh:3.1OpenBSD OpenSSH 3.1
cpe:/a:openbsd:openssh:3.4OpenBSD OpenSSH 3.4
cpe:/a:openbsd:openssh:3.2.2p1OpenBSD OpenSSH 3.2.2 p1
cpe:/a:openbsd:openssh:3.2.3p1OpenBSD OpenSSH 3.2.3 p1
cpe:/a:openbsd:openssh:3.2OpenBSD OpenSSH 3.2
cpe:/a:openbsd:openssh:3.3p1OpenBSD OpenSSH 3.3 p1
cpe:/a:openbsd:openssh:3.0.2p1OpenBSD OpenSSH 3.0.2p1
cpe:/a:openbsd:openssh:3.4p1OpenBSD OpenSSH 3.4 p1
cpe:/a:openbsd:openssh:3.0.1p1OpenBSD OpenSSH 3.0.1 p1

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10184Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0175
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0175
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-194
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/9986
(VENDOR_ADVISORY)  BID  9986
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147
(UNKNOWN)  CONFIRM  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147
http://xforce.iss.net/xforce/xfdb/16323
(UNKNOWN)  XF  openssh-scp-file-overwrite(16323)
http://www.redhat.com/support/errata/RHSA-2005-567.html
(UNKNOWN)  REDHAT  RHSA-2005:567
http://www.redhat.com/support/errata/RHSA-2005-562.html
(UNKNOWN)  REDHAT  RHSA-2005:562
http://www.redhat.com/support/errata/RHSA-2005-495.html
(UNKNOWN)  REDHAT  RHSA-2005:495
http://www.redhat.com/support/errata/RHSA-2005-481.html
(UNKNOWN)  REDHAT  RHSA-2005:481
http://www.redhat.com/support/errata/RHSA-2005-165.html
(UNKNOWN)  REDHAT  RHSA-2005:165
http://www.redhat.com/support/errata/RHSA-2005-106.html
(UNKNOWN)  REDHAT  RHSA-2005:106
http://www.redhat.com/support/errata/RHSA-2005-074.html
(UNKNOWN)  REDHAT  RHSA-2005:074
http://www.osvdb.org/9550
(UNKNOWN)  OSVDB  9550
http://www.novell.com/linux/security/advisories/2004_09_kernel.html
(UNKNOWN)  SUSE  SuSE-SA:2004:009
http://www.mandriva.com/security/advisories?name=MDVSA-2008:191
(UNKNOWN)  MANDRIVA  MDVSA-2008:191
http://www.mandriva.com/security/advisories?name=MDKSA-2005:100
(UNKNOWN)  MANDRIVA  MDKSA-2005:100
http://www.juniper.net/support/security/alerts/adv59739.txt
(UNKNOWN)  CONFIRM  http://www.juniper.net/support/security/alerts/adv59739.txt
http://www.ciac.org/ciac/bulletins/o-212.shtml
(UNKNOWN)  CIAC  O-212
http://secunia.com/advisories/19243
(UNKNOWN)  SECUNIA  19243
http://secunia.com/advisories/17135
(UNKNOWN)  SECUNIA  17135
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000831
(UNKNOWN)  CONECTIVA  CLSA-2004:831
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt
(UNKNOWN)  SCO  SCOSA-2006.11

- 漏洞信息

OpenSSH SCP客户端文件破坏漏洞
中危 输入验证
2004-08-18 00:00:00 2006-03-28 00:00:00
远程  
        
        OpenSSH是一种开放源码的SSH协议的实现,初始版本用于OpenBSD平台,现在已经被移植到多种Unix/Linux类操作系统下。
        OpenSSH scp客户端不正确处理部分文件名中的特殊字符,远程恶意服务器可以运行scp客户端用户权限在工作目录外建立恶意文件。
        目前没有详细漏洞细节提供。
        

- 公告与补丁

        厂商补丁:
        Conectiva
        ---------
        Conectiva已经为此发布了一个安全公告(CLSA-2004:831)以及相应补丁:
        CLSA-2004:831:openssh
        链接:
        http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000831

        补丁下载:
        OpenSSH OpenSSH 3.4 p1:
        Conectiva Upgrade openssh-3.4p1-263.i586.rpm
        ftp://ul.conectiva.com.br/updates/1.0/RPMS.core/openssh-3.4p1-263.i586.rpm

- 漏洞信息 (F69916)

Mandriva Linux Security Advisory 2008-191 (PacketStormID:F69916)
2008-09-12 00:00:00
Mandriva  mandriva.com
advisory,arbitrary,protocol
linux,mandriva
CVE-2004-0175
[点击下载]

Mandriva Linux Security Advisory - A vulnerability in the rcp protocol was discovered that allows a server to instruct a client to write arbitrary files outside of the current directory, which could potentially be a security concern if a user used rcp to copy files from a malicious server. This issue was originally corrected in MDKSA-2005:100, but the patch had not been applied to the development tree, so released packages after that date did not have the fix applied. This update also corrects an issue where rexecd did not honor settings in /etc/security/limits if pam_limits was in use.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:191
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : rsh
 Date    : September 11, 2008
 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability in the rcp protocol was discovered that allows a
 server to instruct a client to write arbitrary files outside of the
 current directory, which could potentially be a security concern if
 a user used rcp to copy files from a malicious server (CVE-2004-0175).
 
 This issue was originally corrected in MDKSA-2005:100, but the patch
 had not been applied to the development tree, so released packages
 after that date did not have the fix applied.
 
 This update also corrects an issue where rexecd did not honor settings
 in /etc/security/limits if pam_limits was in use.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0175
 https://bugzilla.redhat.com/show_bug.cgi?id=68590
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2007.1:
 a3bf28ff1dc07d8713888ee1f1382024  2007.1/i586/rsh-0.17-16.1mdv2007.1.i586.rpm
 513c15856dd4901db92847716e8cc5c9  2007.1/i586/rsh-0.17-16.2mdv2007.1.i586.rpm
 0bda4c8275438aba830147738d112f38  2007.1/i586/rsh-server-0.17-16.1mdv2007.1.i586.rpm
 831cda9d01305157332ee6f91e88a972  2007.1/i586/rsh-server-0.17-16.2mdv2007.1.i586.rpm 
 68395f18b4f702212e0c0b8d73ac8038  2007.1/SRPMS/rsh-0.17-16.1mdv2007.1.src.rpm
 c273b9f2f51361da96480769bc62015a  2007.1/SRPMS/rsh-0.17-16.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 3de4d626e0e0ead8424500d25328ce94  2007.1/x86_64/rsh-0.17-16.1mdv2007.1.x86_64.rpm
 9ff487165a7b700e0e8a5a1ff74179d2  2007.1/x86_64/rsh-0.17-16.2mdv2007.1.x86_64.rpm
 256f36046dafb5d57ac81d0a24411f5e  2007.1/x86_64/rsh-server-0.17-16.1mdv2007.1.x86_64.rpm
 8bbdcd06877d544b104569bc0eaf6907  2007.1/x86_64/rsh-server-0.17-16.2mdv2007.1.x86_64.rpm 
 68395f18b4f702212e0c0b8d73ac8038  2007.1/SRPMS/rsh-0.17-16.1mdv2007.1.src.rpm
 c273b9f2f51361da96480769bc62015a  2007.1/SRPMS/rsh-0.17-16.2mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 a91da5e10b8006722fce0a09e0bfef15  2008.0/i586/rsh-0.17-18.1mdv2008.0.i586.rpm
 e77db30c79d167843438ffc0cfe5509f  2008.0/i586/rsh-0.17-19.2mdv2008.0.i586.rpm
 c419c51b51f38ac2c90ba7574805e9ad  2008.0/i586/rsh-server-0.17-18.1mdv2008.0.i586.rpm
 3c51a42b545a38e62bfce83a47b39aae  2008.0/i586/rsh-server-0.17-19.2mdv2008.0.i586.rpm 
 dbe0eb2c6e2233603414283fb5413fd2  2008.0/SRPMS/rsh-0.17-18.1mdv2008.0.src.rpm
 526237a6706e9f4e721fe1b221fbc6d3  2008.0/SRPMS/rsh-0.17-19.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 f9001749fdfa9b991691f58afbfce44b  2008.0/x86_64/rsh-0.17-18.1mdv2008.0.x86_64.rpm
 962b032ccd8a1d7bf37750f3cd6b2e7b  2008.0/x86_64/rsh-0.17-19.2mdv2008.0.x86_64.rpm
 b82364666acef8100f13fedf4777987d  2008.0/x86_64/rsh-server-0.17-18.1mdv2008.0.x86_64.rpm
 4425b6cc587000479b1d50beac2bdb09  2008.0/x86_64/rsh-server-0.17-19.2mdv2008.0.x86_64.rpm 
 dbe0eb2c6e2233603414283fb5413fd2  2008.0/SRPMS/rsh-0.17-18.1mdv2008.0.src.rpm
 526237a6706e9f4e721fe1b221fbc6d3  2008.0/SRPMS/rsh-0.17-19.2mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 359825e357b4502c1c9904195672b07b  2008.1/i586/rsh-0.17-20.2mdv2008.1.i586.rpm
 f60fde2bf2109af7624efb4fdd3d78c4  2008.1/i586/rsh-server-0.17-20.2mdv2008.1.i586.rpm 
 57ab0c55c8ee48128203c05065a28f70  2008.1/SRPMS/rsh-0.17-20.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 0b33b3c5f17a5f5eb5dcce96351d829b  2008.1/x86_64/rsh-0.17-20.2mdv2008.1.x86_64.rpm
 7666424c88a16f25a8232c48cc18996e  2008.1/x86_64/rsh-server-0.17-20.2mdv2008.1.x86_64.rpm 
 57ab0c55c8ee48128203c05065a28f70  2008.1/SRPMS/rsh-0.17-20.2mdv2008.1.src.rpm

 Corporate 3.0:
 380d215dd4fa611f1a4d7b83700c671a  corporate/3.0/i586/rsh-0.17-13.2.C30mdk.i586.rpm
 86f1143669f45283661f6c784745d4be  corporate/3.0/i586/rsh-server-0.17-13.2.C30mdk.i586.rpm 
 a386f0f4d17f4ff09f30d48835a0a51f  corporate/3.0/SRPMS/rsh-0.17-13.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 06659efd8a9d5785bfae6cf5158a88da  corporate/3.0/x86_64/rsh-0.17-13.2.C30mdk.x86_64.rpm
 908ec4112a361f5c462b6e05fc59eee1  corporate/3.0/x86_64/rsh-server-0.17-13.2.C30mdk.x86_64.rpm 
 a386f0f4d17f4ff09f30d48835a0a51f  corporate/3.0/SRPMS/rsh-0.17-13.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIyZ69mqjQ0CJFipgRAsq/AJ94/TuUst85fz+wawrs+ZYCKNVi7wCfdN66
zehdlzYZOxtaTxGiEUGNflI=
=Qh73
-----END PGP SIGNATURE-----
    

- 漏洞信息

9550
OpenSSH scp Traversal Arbitrary File Overwrite
Local Access Required Input Manipulation
Loss of Integrity, Loss of Availability
Vendor Verified

- 漏洞描述

OpenSSH contains a flaw that may allow a context-dependent attacker to overwrite arbitrary files on a remote system. The issue is due to the scp utility not properly sanitizing file copy requests which could allow a remote server to overwrite arbitrary files on the target system.

- 时间线

2004-04-06 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 3.4p1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

RCP, OpenSSH SCP Client File Corruption Vulnerability
Input Validation Error 9986
Yes No
2004-03-26 12:00:00 2008-09-15 07:40:00
This issue was announced in a Conectiva advisory. The discoverer of this issue is currently unknown.

- 受影响的程序版本

Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux Appliance Server 1.0 Hosting Edition
Trustix Secure Linux 2.2
Trustix Secure Linux 2.1
Trustix Secure Enterprise Linux 2.0
SGI ProPack 3.0 SP6
SGI ProPack 3.0
SGI IRIX 6.5.24 m
SGI IRIX 6.5.23 m
SGI IRIX 6.5.22 m
SGI IRIX 6.5.21 m
SGI IRIX 6.5.21 f
SGI IRIX 6.5.20 m
SGI IRIX 6.5.20 f
SGI Advanced Linux Environment 3.0
SCO Open Server 5.0.7
SCO Open Server 5.0.6 a
SCO Open Server 5.0.6
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
OpenSSH OpenSSH 3.4 p1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux Enterprise Edition 1.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ FreeBSD FreeBSD 5.0
+ FreeBSD FreeBSD 4.7 -RELEASE
+ FreeBSD FreeBSD 4.7
+ IBM AIX 5.1 L
+ IBM AIX 4.3.3
+ Immunix Immunix OS 7+
+ RedHat Linux 8.0
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0
+ Slackware Linux 8.1
OpenSSH OpenSSH 3.4
OpenSSH OpenSSH 3.3 p1
OpenSSH OpenSSH 3.3
+ Openwall Openwall GNU/*/Linux (Owl)-current
OpenSSH OpenSSH 3.2.3 p1
OpenSSH OpenSSH 3.2.2 p1
+ Apple Mac OS X 10.1.5
+ Apple Mac OS X 10.1.4
+ Apple Mac OS X 10.1.3
+ Apple Mac OS X 10.1.2
+ Apple Mac OS X 10.1.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X 10.0.4
+ Apple Mac OS X 10.0.3
+ Apple Mac OS X 10.0.2
+ Apple Mac OS X 10.0.1
+ Apple Mac OS X 10.0
OpenSSH OpenSSH 3.2
+ OpenBSD OpenBSD 3.1
OpenSSH OpenSSH 3.1 p1
+ Juniper Networks NetScreen-IDP 10 3.0 r2
+ Juniper Networks NetScreen-IDP 10 3.0 r1
+ Juniper Networks NetScreen-IDP 10 3.0
+ Juniper Networks NetScreen-IDP 100 3.0 r2
+ Juniper Networks NetScreen-IDP 100 3.0 r1
+ Juniper Networks NetScreen-IDP 100 3.0
+ Juniper Networks NetScreen-IDP 1000 3.0 r2
+ Juniper Networks NetScreen-IDP 1000 3.0 r1
+ Juniper Networks NetScreen-IDP 1000 3.0
+ Juniper Networks NetScreen-IDP 500 3.0 r2
+ Juniper Networks NetScreen-IDP 500 3.0 r1
+ Juniper Networks NetScreen-IDP 500 3.0
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.3
+ RedHat Linux 7.2
+ RedHat Linux 7.1
+ RedHat Linux for iSeries 7.1
+ RedHat Linux for pSeries 7.1
+ Slackware Linux 8.1
+ Sun Linux 5.0.7
+ Sun Solaris 9
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
OpenSSH OpenSSH 3.1
OpenSSH OpenSSH 3.0.2 p1
OpenSSH OpenSSH 3.0.2
- Debian Linux 3.0
+ FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07
+ FreeBSD FreeBSD 4.5 -RELEASE
+ OpenPKG OpenPKG 1.0
+ Openwall Openwall GNU/*/Linux 0.1 -stable
+ S.u.S.E. Linux 8.0
OpenSSH OpenSSH 3.0.1 p1
OpenSSH OpenSSH 3.0.1
OpenSSH OpenSSH 3.0 p1
OpenSSH OpenSSH 3.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
Mandriva Linux Mandrake 2008.1 x86_64
Mandriva Linux Mandrake 2008.1
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
Mandriva Linux Mandrake 2007.1 x86_64
Mandriva Linux Mandrake 2007.1
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Integrated Management 2.1
Avaya Integrated Management
Avaya CVLAN
Avaya Converged Communications Server 2.0
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.2.8
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.4
Apple Mac OS X 10.2.8

- 漏洞讨论

A vulnerability has been reported in the 'rcp' and OpenSSH 'scp' utilities. This issue may permit a malicious scp server to corrupt files on a client system when files are copied.

This issue is similar to BID 1742.

- 漏洞利用


Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

Vendor upgrades are available. Please see the referenced vendor advisories for details on obtaining and applying the appropriate updates.


Apple Mac OS X 10.2.8

Apple Mac OS X Server 10.2.8

Apple Mac OS X Server 10.3.4

Apple Mac OS X 10.3.4

Apple Mac OS X Server 10.3.5

Apple Mac OS X 10.3.5

OpenSSH OpenSSH 3.1 p1
  • Juniper Networks openssh-client-3.1p1-14.idp2.i386.rpm

  • Juniper Networks openssh-server-3.1p1-14.idp2.i386.rpm


OpenSSH OpenSSH 3.4 p1

SCO Open Server 5.0.6 a

SCO Open Server 5.0.6

SCO Open Server 5.0.7

SGI IRIX 6.5.20 f

SGI IRIX 6.5.20 m

SGI IRIX 6.5.22 m

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站