OpenSSH Local SCP Shell Command Execution Vulnerability CVE ID: CVE-2006-0225
Red Hat backports security fixes which may cause a vulnerability scanner to report a false positive. You can verify the version of SSH that SSIM is using with this command: rpm -qa | grep -i ssh Which results in this output: openssh-3.9p1-8.RHEL4.17.1 openssh-server-3.9p1-8.RHEL4.17.1 openssh-clients-3.9p1-8.RHEL4.17.1 This version of SSH is newer then the version that Red Hat backported the security fixes to. For each of the reported issues: OpenSSH Signal Handling Vulnerability CVE ID: CVE-2006-5051, CVE-2006-4924 Backported to: openssh-3.9p1-8.RHEL4.17 OpenSSH GSSAPI Credential Disclosure Vulnerability CVE ID: CVE-2005-2798 Backported to: openssh-3.9p1-8.RHEL4.9 OpenSSH Local SCP Shell Command Execution Vulnerability CVE ID: CVE-2006-0225 We were not able to locate Red Hat documentation for this issue. The issue can be verified by using these steps: mkdir anydir touch foo\ bar scp foo\ bar anydir If you do not receive an error, then you are running with code that fixes this vulnerability.
Imported Document ID: TECH86000
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe