LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated openssh packages fix X11 cookie Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A flaw in OpenSSH prior to 4.7 prevented ssh from properly handling when an untrusted cookie could not be created and used a trusted X11 cookie instead, which could allow attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted. The updated packages have been patched to correct these issue.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:236
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : openssh
 Date    : December 4, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 A flaw in OpenSSH prior to 4.7 prevented ssh from properly handling
 when an untrusted cookie could not be created and used a trusted X11
 cookie instead, which could allow attackers to violate intended policy
 and gain privileges by causing an X client to be treated as trusted.
 
 The updated packages have been patched to correct these issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 e04c3ab6175b622a65fe1a40fe52693f  2007.0/i586/openssh-4.5p1-0.2mdv2007.0.i586.rpm
 79ad72cdd5d02d29e1bc92a84853aa99  2007.0/i586/openssh-askpass-4.5p1-0.2mdv2007.0.i586.rpm
 d13252d924785d23495ceaa98c9dcc16  2007.0/i586/openssh-askpass-common-4.5p1-0.2mdv2007.0.i586.rpm
 2b21106f61185b6943425afa2d4a6098  2007.0/i586/openssh-askpass-gnome-4.5p1-0.2mdv2007.0.i586.rpm
 f36ce6d19951967248807d4acc259350  2007.0/i586/openssh-clients-4.5p1-0.2mdv2007.0.i586.rpm
 1a313da3c8131c0510ac7fc175b4ef9f  2007.0/i586/openssh-server-4.5p1-0.2mdv2007.0.i586.rpm 
 0e57aefb82391e7b1fbe92fb7e8d24d3  2007.0/SRPMS/openssh-4.5p1-0.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 2722de4c5806b442152bf6f229bc4efc  2007.0/x86_64/openssh-4.5p1-0.2mdv2007.0.x86_64.rpm
 a89e68e2e0271c02814b1406c1242057  2007.0/x86_64/openssh-askpass-4.5p1-0.2mdv2007.0.x86_64.rpm
 d2bc689960ccc27cfb542764fc472d4f  2007.0/x86_64/openssh-askpass-common-4.5p1-0.2mdv2007.0.x86_64.rpm
 3c6227baf2de94a774cef12cadc4d183  2007.0/x86_64/openssh-askpass-gnome-4.5p1-0.2mdv2007.0.x86_64.rpm
 360f13087ea6f63eaced8eb4fde23185  2007.0/x86_64/openssh-clients-4.5p1-0.2mdv2007.0.x86_64.rpm
 67c9ae2c8c25b6475e15c325a929a807  2007.0/x86_64/openssh-server-4.5p1-0.2mdv2007.0.x86_64.rpm 
 0e57aefb82391e7b1fbe92fb7e8d24d3  2007.0/SRPMS/openssh-4.5p1-0.2mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 a4dcfec27b0a3b81a749f10e435a0be2  2007.1/i586/openssh-4.6p1-1.1mdv2007.1.i586.rpm
 e4a784a3c12a303a6c018c363b207e1c  2007.1/i586/openssh-askpass-4.6p1-1.1mdv2007.1.i586.rpm
 972dd1ba1fc63d7ca3e3f7ba3513b81f  2007.1/i586/openssh-askpass-common-4.6p1-1.1mdv2007.1.i586.rpm
 bbd0e91b2950e0142d11df0343ce1af9  2007.1/i586/openssh-askpass-gnome-4.6p1-1.1mdv2007.1.i586.rpm
 360972495eeea43e15dc46fa4b46fd5c  2007.1/i586/openssh-clients-4.6p1-1.1mdv2007.1.i586.rpm
 3859f217f6180403ef0e9c9aee3f6b27  2007.1/i586/openssh-server-4.6p1-1.1mdv2007.1.i586.rpm 
 fd0d1245e9d80df411acfff848868e83  2007.1/SRPMS/openssh-4.6p1-1.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 c84ab8276ba205fc49c6fade4eeb4fc0  2007.1/x86_64/openssh-4.6p1-1.1mdv2007.1.x86_64.rpm
 564869cbbc4a53eb082a585fba2f91f7  2007.1/x86_64/openssh-askpass-4.6p1-1.1mdv2007.1.x86_64.rpm
 fcf1bd1893ebbf6c4d322a064ae73f4e  2007.1/x86_64/openssh-askpass-common-4.6p1-1.1mdv2007.1.x86_64.rpm
 ac83b2537b643d415f6077d30902cfe7  2007.1/x86_64/openssh-askpass-gnome-4.6p1-1.1mdv2007.1.x86_64.rpm
 479f39a1c7af953f86bcf5d34576a6be  2007.1/x86_64/openssh-clients-4.6p1-1.1mdv2007.1.x86_64.rpm
 cafc771d61a4d8a170e071ba789b3a90  2007.1/x86_64/openssh-server-4.6p1-1.1mdv2007.1.x86_64.rpm 
 fd0d1245e9d80df411acfff848868e83  2007.1/SRPMS/openssh-4.6p1-1.1mdv2007.1.src.rpm

 Corporate 3.0:
 f23aeae4f1581eb34b894e87dd8316ce  corporate/3.0/i586/openssh-4.3p1-0.4.C30mdk.i586.rpm
 3f37d58c43b5d6e8a81be5e2c06d5349  corporate/3.0/i586/openssh-askpass-4.3p1-0.4.C30mdk.i586.rpm
 a5d683a4b9d6d88b732985eae4976c83  corporate/3.0/i586/openssh-askpass-gnome-4.3p1-0.4.C30mdk.i586.rpm
 d3bede3976187ca6c9ed3cd853f50444  corporate/3.0/i586/openssh-clients-4.3p1-0.4.C30mdk.i586.rpm
 1fc0580c40b91c3d057db44eb56a640f  corporate/3.0/i586/openssh-server-4.3p1-0.4.C30mdk.i586.rpm 
 b352aac12da1f4363f053ad84c21cad8  corporate/3.0/SRPMS/openssh-4.3p1-0.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 1eaae01a333d19ecfe0f83aa677fef29  corporate/3.0/x86_64/openssh-4.3p1-0.4.C30mdk.x86_64.rpm
 89a6586cd975949b516af7ce7c33db7d  corporate/3.0/x86_64/openssh-askpass-4.3p1-0.4.C30mdk.x86_64.rpm
 3bd3c05fd5987ce3cb8e6c167291bad9  corporate/3.0/x86_64/openssh-askpass-gnome-4.3p1-0.4.C30mdk.x86_64.rpm
 87f1a7a82d27b4f3dec8c9acadad8e95  corporate/3.0/x86_64/openssh-clients-4.3p1-0.4.C30mdk.x86_64.rpm
 2647668c96642eac2d75f7b99ee6cafb  corporate/3.0/x86_64/openssh-server-4.3p1-0.4.C30mdk.x86_64.rpm 
 b352aac12da1f4363f053ad84c21cad8  corporate/3.0/SRPMS/openssh-4.3p1-0.4.C30mdk.src.rpm

 Corporate 4.0:
 030bbafc87663dede9e8bf21dc0d06fa  corporate/4.0/i586/openssh-4.3p1-0.5.20060mlcs4.i586.rpm
 4ba7690bee29194a46fbeae5ba0aa0c2  corporate/4.0/i586/openssh-askpass-4.3p1-0.5.20060mlcs4.i586.rpm
 a8835f6ae66a77b4f7ed336afe0b8427  corporate/4.0/i586/openssh-askpass-gnome-4.3p1-0.5.20060mlcs4.i586.rpm
 4579a47617a3cb39dfc8c8ce600fad97  corporate/4.0/i586/openssh-clients-4.3p1-0.5.20060mlcs4.i586.rpm
 5d4a6f91ad5199aa22e3fd68bc91e1bc  corporate/4.0/i586/openssh-server-4.3p1-0.5.20060mlcs4.i586.rpm 
 538f84577ba40e5e8694819dac96c9a5  corporate/4.0/SRPMS/openssh-4.3p1-0.5.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 64a174d447b1bdd4d208872761c93699  corporate/4.0/x86_64/openssh-4.3p1-0.5.20060mlcs4.x86_64.rpm
 a2e0aaa3f19ff1c4cd60eb532604e135  corporate/4.0/x86_64/openssh-askpass-4.3p1-0.5.20060mlcs4.x86_64.rpm
 395878603e050cc933b1881cc816e6bd  corporate/4.0/x86_64/openssh-askpass-gnome-4.3p1-0.5.20060mlcs4.x86_64.rpm
 b91a4ee6303eb5b2fdccd2dbafbf8489  corporate/4.0/x86_64/openssh-clients-4.3p1-0.5.20060mlcs4.x86_64.rpm
 b9e82cd190d6a267fabdf2811574ee7e  corporate/4.0/x86_64/openssh-server-4.3p1-0.5.20060mlcs4.x86_64.rpm 
 538f84577ba40e5e8694819dac96c9a5  corporate/4.0/SRPMS/openssh-4.3p1-0.5.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 71dac329eac3c804698a1baf0717fc9e  mnf/2.0/i586/openssh-4.3p1-0.4.M20mdk.i586.rpm
 3e795210f939969b244221a716ef9c4b  mnf/2.0/i586/openssh-askpass-4.3p1-0.4.M20mdk.i586.rpm
 c864e4f11bc5ef7b44dbeba9252fdea6  mnf/2.0/i586/openssh-askpass-gnome-4.3p1-0.4.M20mdk.i586.rpm
 2be73ab0fc2e6f4139112107f46f68ae  mnf/2.0/i586/openssh-clients-4.3p1-0.4.M20mdk.i586.rpm
 3f4920bdbff70c3616c897d42524f379  mnf/2.0/i586/openssh-server-4.3p1-0.4.M20mdk.i586.rpm 
 d6dc4b60683bf87868733497ceb2b69c  mnf/2.0/SRPMS/openssh-4.3p1-0.4.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.