exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2007.236

Mandriva Linux Security Advisory 2007.236
Posted Dec 6, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw in OpenSSH prior to 4.7 prevented ssh from properly handling when an untrusted cookie could not be created and used a trusted X11 cookie instead, which could allow attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.

tags | advisory
systems | linux, mandriva
advisories | CVE-2007-4752
SHA-256 | b9a5ce7c195cf23dc93bea4b0e8421b2c3846ed1d22327a5e165ead7aa461f41

Mandriva Linux Security Advisory 2007.236

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:236
http://www.mandriva.com/security/
_______________________________________________________________________

Package : openssh
Date : December 4, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A flaw in OpenSSH prior to 4.7 prevented ssh from properly handling
when an untrusted cookie could not be created and used a trusted X11
cookie instead, which could allow attackers to violate intended policy
and gain privileges by causing an X client to be treated as trusted.

The updated packages have been patched to correct these issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
e04c3ab6175b622a65fe1a40fe52693f 2007.0/i586/openssh-4.5p1-0.2mdv2007.0.i586.rpm
79ad72cdd5d02d29e1bc92a84853aa99 2007.0/i586/openssh-askpass-4.5p1-0.2mdv2007.0.i586.rpm
d13252d924785d23495ceaa98c9dcc16 2007.0/i586/openssh-askpass-common-4.5p1-0.2mdv2007.0.i586.rpm
2b21106f61185b6943425afa2d4a6098 2007.0/i586/openssh-askpass-gnome-4.5p1-0.2mdv2007.0.i586.rpm
f36ce6d19951967248807d4acc259350 2007.0/i586/openssh-clients-4.5p1-0.2mdv2007.0.i586.rpm
1a313da3c8131c0510ac7fc175b4ef9f 2007.0/i586/openssh-server-4.5p1-0.2mdv2007.0.i586.rpm
0e57aefb82391e7b1fbe92fb7e8d24d3 2007.0/SRPMS/openssh-4.5p1-0.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
2722de4c5806b442152bf6f229bc4efc 2007.0/x86_64/openssh-4.5p1-0.2mdv2007.0.x86_64.rpm
a89e68e2e0271c02814b1406c1242057 2007.0/x86_64/openssh-askpass-4.5p1-0.2mdv2007.0.x86_64.rpm
d2bc689960ccc27cfb542764fc472d4f 2007.0/x86_64/openssh-askpass-common-4.5p1-0.2mdv2007.0.x86_64.rpm
3c6227baf2de94a774cef12cadc4d183 2007.0/x86_64/openssh-askpass-gnome-4.5p1-0.2mdv2007.0.x86_64.rpm
360f13087ea6f63eaced8eb4fde23185 2007.0/x86_64/openssh-clients-4.5p1-0.2mdv2007.0.x86_64.rpm
67c9ae2c8c25b6475e15c325a929a807 2007.0/x86_64/openssh-server-4.5p1-0.2mdv2007.0.x86_64.rpm
0e57aefb82391e7b1fbe92fb7e8d24d3 2007.0/SRPMS/openssh-4.5p1-0.2mdv2007.0.src.rpm

Mandriva Linux 2007.1:
a4dcfec27b0a3b81a749f10e435a0be2 2007.1/i586/openssh-4.6p1-1.1mdv2007.1.i586.rpm
e4a784a3c12a303a6c018c363b207e1c 2007.1/i586/openssh-askpass-4.6p1-1.1mdv2007.1.i586.rpm
972dd1ba1fc63d7ca3e3f7ba3513b81f 2007.1/i586/openssh-askpass-common-4.6p1-1.1mdv2007.1.i586.rpm
bbd0e91b2950e0142d11df0343ce1af9 2007.1/i586/openssh-askpass-gnome-4.6p1-1.1mdv2007.1.i586.rpm
360972495eeea43e15dc46fa4b46fd5c 2007.1/i586/openssh-clients-4.6p1-1.1mdv2007.1.i586.rpm
3859f217f6180403ef0e9c9aee3f6b27 2007.1/i586/openssh-server-4.6p1-1.1mdv2007.1.i586.rpm
fd0d1245e9d80df411acfff848868e83 2007.1/SRPMS/openssh-4.6p1-1.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
c84ab8276ba205fc49c6fade4eeb4fc0 2007.1/x86_64/openssh-4.6p1-1.1mdv2007.1.x86_64.rpm
564869cbbc4a53eb082a585fba2f91f7 2007.1/x86_64/openssh-askpass-4.6p1-1.1mdv2007.1.x86_64.rpm
fcf1bd1893ebbf6c4d322a064ae73f4e 2007.1/x86_64/openssh-askpass-common-4.6p1-1.1mdv2007.1.x86_64.rpm
ac83b2537b643d415f6077d30902cfe7 2007.1/x86_64/openssh-askpass-gnome-4.6p1-1.1mdv2007.1.x86_64.rpm
479f39a1c7af953f86bcf5d34576a6be 2007.1/x86_64/openssh-clients-4.6p1-1.1mdv2007.1.x86_64.rpm
cafc771d61a4d8a170e071ba789b3a90 2007.1/x86_64/openssh-server-4.6p1-1.1mdv2007.1.x86_64.rpm
fd0d1245e9d80df411acfff848868e83 2007.1/SRPMS/openssh-4.6p1-1.1mdv2007.1.src.rpm

Corporate 3.0:
f23aeae4f1581eb34b894e87dd8316ce corporate/3.0/i586/openssh-4.3p1-0.4.C30mdk.i586.rpm
3f37d58c43b5d6e8a81be5e2c06d5349 corporate/3.0/i586/openssh-askpass-4.3p1-0.4.C30mdk.i586.rpm
a5d683a4b9d6d88b732985eae4976c83 corporate/3.0/i586/openssh-askpass-gnome-4.3p1-0.4.C30mdk.i586.rpm
d3bede3976187ca6c9ed3cd853f50444 corporate/3.0/i586/openssh-clients-4.3p1-0.4.C30mdk.i586.rpm
1fc0580c40b91c3d057db44eb56a640f corporate/3.0/i586/openssh-server-4.3p1-0.4.C30mdk.i586.rpm
b352aac12da1f4363f053ad84c21cad8 corporate/3.0/SRPMS/openssh-4.3p1-0.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
1eaae01a333d19ecfe0f83aa677fef29 corporate/3.0/x86_64/openssh-4.3p1-0.4.C30mdk.x86_64.rpm
89a6586cd975949b516af7ce7c33db7d corporate/3.0/x86_64/openssh-askpass-4.3p1-0.4.C30mdk.x86_64.rpm
3bd3c05fd5987ce3cb8e6c167291bad9 corporate/3.0/x86_64/openssh-askpass-gnome-4.3p1-0.4.C30mdk.x86_64.rpm
87f1a7a82d27b4f3dec8c9acadad8e95 corporate/3.0/x86_64/openssh-clients-4.3p1-0.4.C30mdk.x86_64.rpm
2647668c96642eac2d75f7b99ee6cafb corporate/3.0/x86_64/openssh-server-4.3p1-0.4.C30mdk.x86_64.rpm
b352aac12da1f4363f053ad84c21cad8 corporate/3.0/SRPMS/openssh-4.3p1-0.4.C30mdk.src.rpm

Corporate 4.0:
030bbafc87663dede9e8bf21dc0d06fa corporate/4.0/i586/openssh-4.3p1-0.5.20060mlcs4.i586.rpm
4ba7690bee29194a46fbeae5ba0aa0c2 corporate/4.0/i586/openssh-askpass-4.3p1-0.5.20060mlcs4.i586.rpm
a8835f6ae66a77b4f7ed336afe0b8427 corporate/4.0/i586/openssh-askpass-gnome-4.3p1-0.5.20060mlcs4.i586.rpm
4579a47617a3cb39dfc8c8ce600fad97 corporate/4.0/i586/openssh-clients-4.3p1-0.5.20060mlcs4.i586.rpm
5d4a6f91ad5199aa22e3fd68bc91e1bc corporate/4.0/i586/openssh-server-4.3p1-0.5.20060mlcs4.i586.rpm
538f84577ba40e5e8694819dac96c9a5 corporate/4.0/SRPMS/openssh-4.3p1-0.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
64a174d447b1bdd4d208872761c93699 corporate/4.0/x86_64/openssh-4.3p1-0.5.20060mlcs4.x86_64.rpm
a2e0aaa3f19ff1c4cd60eb532604e135 corporate/4.0/x86_64/openssh-askpass-4.3p1-0.5.20060mlcs4.x86_64.rpm
395878603e050cc933b1881cc816e6bd corporate/4.0/x86_64/openssh-askpass-gnome-4.3p1-0.5.20060mlcs4.x86_64.rpm
b91a4ee6303eb5b2fdccd2dbafbf8489 corporate/4.0/x86_64/openssh-clients-4.3p1-0.5.20060mlcs4.x86_64.rpm
b9e82cd190d6a267fabdf2811574ee7e corporate/4.0/x86_64/openssh-server-4.3p1-0.5.20060mlcs4.x86_64.rpm
538f84577ba40e5e8694819dac96c9a5 corporate/4.0/SRPMS/openssh-4.3p1-0.5.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
71dac329eac3c804698a1baf0717fc9e mnf/2.0/i586/openssh-4.3p1-0.4.M20mdk.i586.rpm
3e795210f939969b244221a716ef9c4b mnf/2.0/i586/openssh-askpass-4.3p1-0.4.M20mdk.i586.rpm
c864e4f11bc5ef7b44dbeba9252fdea6 mnf/2.0/i586/openssh-askpass-gnome-4.3p1-0.4.M20mdk.i586.rpm
2be73ab0fc2e6f4139112107f46f68ae mnf/2.0/i586/openssh-clients-4.3p1-0.4.M20mdk.i586.rpm
3f4920bdbff70c3616c897d42524f379 mnf/2.0/i586/openssh-server-4.3p1-0.4.M20mdk.i586.rpm
d6dc4b60683bf87868733497ceb2b69c mnf/2.0/SRPMS/openssh-4.3p1-0.4.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHVe7/mqjQ0CJFipgRAkuEAJ9py2q4Zyl6ibUECYFtAwyD1SdEQgCeNWQw
kl/z1GUtJ30yBEVaxF9Dp2k=
=mAsp
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close