OpenPKG Security Advisory
OpenPKG-SA-2006.003
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2006.003 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2006.003 Advisory Published: 2010-02-09 20:12 UTC Issue Id (internal): OpenPKG-SI-20060218.03 Issue First Created: 2006-02-18 Issue Last Modified: 2006-12-07 Issue Revision: 06
Subject Name: OpenSSH Subject Summary: Secure Shell (SSH) Subject Home: http://www.openssh.com/ Subject Versions: * <= 4.2p1 Vulnerability Id: CVE-2006-0225 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: local system Attack Impact: arbitrary code execution Description: Ulrich Drepper discovered [0] a weakness in OpenSSH [1] version 4.2p1 and earlier, caused due to the insecure use of the system(3) function in scp(1) when performing copy operations using filenames that are supplied by the user from the command line. This can be exploited to execute shell commands with privileges of the user running scp(1). References: [0] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168167 [1] http://www.openssh.com/
Primary Package Name: openssh Primary Package Home: http://openpkg.org/go/package/openssh Affected Distribution: Affected Branch: Affected Package: OpenPKG Community 2.3-SOLID openssh-3.9p1-2.3.0 OpenPKG Community 2.4-SOLID openssh-4.1p1-2.4.1 OpenPKG Community 2.5-SOLID openssh-4.2p1-2.5.1 OpenPKG Community CURRENT openssh-4.2p1-20060101 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community 2.3-SOLID openssh-3.9p1-2.3.1 OpenPKG Community 2.4-SOLID openssh-4.1p1-2.4.2 OpenPKG Community 2.5-SOLID openssh-4.2p1-2.5.2 OpenPKG Community CURRENT openssh-4.3p1-20060201
