OpenSSH Logic Error Lets Remote Authenticated Users Bypass PermitRootLogin Security Restrictions on the Target System : 8/25/2015 1:47:50 AM

Communicate with co-workers in real time. Used by Netflix, Dropbox & Salesforce. $0/unlimited users. Get started >>
From our sponsors
 

 

Vulnerability Databse
This module replaces the description field of a feed to the page it links to (in addition, it wipes out the content:encoded field), so you can get its full text.

OpenSSH Logic Error Lets Remote Authenticated Users Bypass PermitRootLogin Security Restrictions on the Target System
8/25/2015 12:00:00 AM

OpenSSH Logic Error Lets Remote Authenticated Users Bypass PermitRootLogin Security Restrictions on the Target System
SecurityTracker Alert ID:  1033361
SecurityTracker URL:  http://securitytracker.com/id/1033361
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 24 2015
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.0
Description:   A vulnerability was reported in OpenSSH. A remote authenticated user can bypass security restrictions.

A remote authenticated root user can bypass the 'PermitRootLogin=prohibit-password' security control and login to the target system via SSH.

The 'PermitRootLogin=without-password' directive is also affected.

Mantas Mikulenas reported this vulnerability.

Impact:   A remote authenticated root user can bypass certain PermitRootLogin security restrictions and login to the target system.
Solution:   The vendor has issued a fix (7.1).

The vendor's advisory is available at:

http://www.openssh.com/txt/release-7.1

Vendor URL:  www.openssh.com/txt/release-7.1 (Links to External Site)
Cause:   Access control error
Underlying OS:   Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 

You are receiving this email because you subscribed to this feed at feedmyinbox.com

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions

Diberdayakan oleh Blogger.