Boletines de Vulnerabilidades

int(999)

Boletines de Vulnerabilidades

Vulnerabilidad de directorio transversal en el cliente scp OpenSSH
Clasificación de la vulnerabilidad
Propiedad	Valor
Nivel de Confianza	Oficial
Impacto	Ocultacion del rastro
Dificultad	Avanzado
Requerimientos del atacante	Acceso remoto sin cuenta a un servicio exotico
Información sobre el sistema
Propiedad	Valor
Fabricante afectado	Networking
Software afectado	OpenSSH scp Juniper Networks NetScreen IDP 3.0r2
Descripción
Se ha descubierto una vulnerabilidad de directorio transversal en la versión 3.0r2 y anteriores de todos los productos Juniper Networks NetScreen IDP. La vulnerabilidad reside en el cliente scp OpenSSH. La explotación de esta vulnerabilidad podría permitir a un servidor ssh malicioso sobrescribir archivos en el sistema de archivos del IDP si un usuario inicia una copia scp desde el servidor malicioso hasta el IDP y se dan las siguientes condiciones: - El usuario debe tener permisos de escritura en el archivo a sobrescribir por el servidor malicioso. - El usuario debe ejecutar el cliente scp desde el IDP e iniciar una copia scp desde el servidor malicioso. - La conexión al servidor ssh malicioso debe realizarse desde el IDP. - Una verificación de la "key fingerprint" del servidor ssh revelaría un intento de "spoofear" un servidor ssh legítimo.
Solución
Actualización de software Juniper Networks NetScreen openssh-3.1p1-14.idp2.i386.rpm openssh-client-3.1p1-14.idp2.i386.rpm openssh-server-3.1p1-14.idp2.i386.rpm http://www.juniper.net/support/ Red Hat Linux (rsh, openssh) Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux WS (v. 3) https://rhn.redhat.com/ Red Hat Linux (openssh) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Linux Advanced Workstation 2.1 Itanium Processor https://rhn.redhat.com/ Red Hat Linux (rsh) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Red Hat Linux (rsh) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Linux Advanced Workstation 2.1 Itanium Processor https://rhn.redhat.com/ Mandriva Linux Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/rsh-0.17-13.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/rsh-server-0.17-13.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/rsh-0.17-13.1.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/rsh-0.17-13.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/rsh-server-0.17-13.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/rsh-0.17-13.1.100mdk.src.rpm Mandrakelinux 10.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/rsh-0.17-13.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/rsh-server-0.17-13.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/rsh-0.17-13.1.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/rsh-0.17-13.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/rsh-server-0.17-13.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/rsh-0.17-13.1.101mdk.src.rpm Corporate Server 2.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/rsh-0.17-9.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/rsh-server-0.17-9.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/rsh-0.17-9.1.C21mdk.src.rpm 86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/rsh-0.17-9.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/rsh-server-0.17-9.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/rsh-0.17-9.1.C21mdk.src.rpm Corporate Server 3.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/rsh-0.17-13.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/rsh-server-0.17-13.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/rsh-0.17-13.1.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/rsh-0.17-13.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/rsh-server-0.17-13.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/rsh-0.17-13.1.C30mdk.src.rpm Mandrivalinux LE2005 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/rsh-0.17-13.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/rsh-server-0.17-13.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/rsh-0.17-13.1.102mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/rsh-0.17-13.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/rsh-server-0.17-13.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/rsh-0.17-13.1.102mdk.src.rpm Red Hat Linux (krb5) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Linux Advanced Workstation 2.1 Itanium Processor https://rhn.redhat.com/ Mandriva Linux (krb5) Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/ftp-client-krb5-1.3-6.6.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/ftp-server-krb5-1.3-6.6.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/krb5-server-1.3-6.6.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/krb5-workstation-1.3-6.6.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libkrb51-1.3-6.6.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/libkrb51-devel-1.3-6.6.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/telnet-client-krb5-1.3-6.6.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/telnet-server-krb5-1.3-6.6.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/krb5-1.3-6.6.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/ftp-client-krb5-1.3-6.6.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/ftp-server-krb5-1.3-6.6.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/krb5-server-1.3-6.6.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/krb5-workstation-1.3-6.6.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64krb51-1.3-6.6.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/lib64krb51-devel-1.3-6.6.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/telnet-client-krb5-1.3-6.6.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/telnet-server-krb5-1.3-6.6.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/krb5-1.3-6.6.100mdk.src.rpm Mandrakelinux 10.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/ftp-client-krb5-1.3.4-2.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/ftp-server-krb5-1.3.4-2.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/krb5-server-1.3.4-2.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/krb5-workstation-1.3.4-2.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libkrb53-1.3.4-2.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libkrb53-devel-1.3.4-2.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/telnet-client-krb5-1.3.4-2.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/telnet-server-krb5-1.3.4-2.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/krb5-1.3.4-2.3.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/ftp-client-krb5-1.3.4-2.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/ftp-server-krb5-1.3.4-2.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/krb5-server-1.3.4-2.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/krb5-workstation-1.3.4-2.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64krb53-1.3.4-2.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64krb53-devel-1.3.4-2.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/telnet-client-krb5-1.3.4-2.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/telnet-server-krb5-1.3.4-2.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/krb5-1.3.4-2.3.101mdk.src.rpm Corporate Server 2.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.10.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.10.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/krb5-devel-1.2.5-1.10.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/krb5-libs-1.2.5-1.10.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/krb5-server-1.2.5-1.10.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/krb5-workstation-1.2.5-1.10.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.10.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.10.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/krb5-1.2.5-1.10.C21mdk.src.rpm x86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.10.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.10.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/krb5-devel-1.2.5-1.10.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/krb5-libs-1.2.5-1.10.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/krb5-server-1.2.5-1.10.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/krb5-workstation-1.2.5-1.10.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.10.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.10.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/krb5-1.2.5-1.10.C21mdk.src.rpm Corporate Server 3.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/ftp-client-krb5-1.3-6.6.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/ftp-server-krb5-1.3-6.6.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/krb5-server-1.3-6.6.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/krb5-workstation-1.3-6.6.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libkrb51-1.3-6.6.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libkrb51-devel-1.3-6.6.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/telnet-client-krb5-1.3-6.6.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/telnet-server-krb5-1.3-6.6.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/krb5-1.3-6.6.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/ftp-client-krb5-1.3-6.6.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/ftp-server-krb5-1.3-6.6.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/krb5-server-1.3-6.6.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/krb5-workstation-1.3-6.6.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64krb51-1.3-6.6.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64krb51-devel-1.3-6.6.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/telnet-client-krb5-1.3-6.6.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/telnet-server-krb5-1.3-6.6.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/krb5-1.3-6.6.C30mdk.src.rpm Multi Network Firewall 2.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/libkrb51-1.3-6.6.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/SRPMS/krb5-1.3-6.6.M20mdk.src.rpm Mandrivalinux LE2005 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/ftp-client-krb5-1.3.6-6.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/ftp-server-krb5-1.3.6-6.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/krb5-server-1.3.6-6.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/krb5-workstation-1.3.6-6.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libkrb53-1.3.6-6.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libkrb53-devel-1.3.6-6.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/telnet-client-krb5-1.3.6-6.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/telnet-server-krb5-1.3.6-6.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/krb5-1.3.6-6.1.102mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/ftp-client-krb5-1.3.6-6.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/ftp-server-krb5-1.3.6-6.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/krb5-server-1.3.6-6.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/krb5-workstation-1.3.6-6.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64krb53-1.3.6-6.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64krb53-devel-1.3.6-6.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/telnet-client-krb5-1.3.6-6.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/telnet-server-krb5-1.3.6-6.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/krb5-1.3.6-6.1.102mdk.src.rpm SGI Advanced Linux Environment 3 / RPM / Patch 10227 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10227 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS SCO OpenServer 5.0.6 ftp://ftp.sco.com/pub/openserver5/opensrc/openssh-4.2p1/openssh42p1_vol.tar OpenServer 5.0.7 ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4_vol.tar
Identificadores estándar
Propiedad	Valor
CVE	CAN-2004-0175
BID
Recursos adicionales
Juniper Networks NetScreen Advisory 59739 http://www.juniper.net/support/security/alerts/adv59739.txt Red Hat Security Advisory RHSA-2005:074-10 https://rhn.redhat.com/errata/RHSA-2005-074.html Red Hat Security Advisory RHSA-2005:106-04 https://rhn.redhat.com/errata/RHSA-2005-106.html Red Hat Security Advisory RHSA-2005:481-03 https://rhn.redhat.com/errata/RHSA-2005-481.html Red Hat Security Advisory RHSA-2005:165-03 https://rhn.redhat.com/errata/RHSA-2005-165.html Red Hat Security Advisory RHSA-2005:495-02 https://rhn.redhat.com/errata/RHSA-2005-495.html Mandriva Security Advisories MDKSA-2005:100 http://www.mandriva.com/security/advisories?name=MDKSA-2005:100 Red Hat Security Advisory RHSA-2005:567-08 https://rhn.redhat.com/errata/RHSA-2005-567.html Red Hat Security Advisory RHSA-2005:562-10 https://rhn.redhat.com/errata/RHSA-2005-562.html Mandriva Security Advisories MDKSA-2005:119 http://www.mandriva.com/security/advisories?name=MDKSA-2005:119 SGI Security Advisory (20051002-01-U) ftp://patches.sgi.com/support/free/security/advisories/20051002-01-U.asc SCO Security Advisory (SCOSA-2006.11) ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt

Histórico de versiones
Versión	Comentario	Fecha
1.0	Aviso emitido	2004-09-06
1.1	CAN añadido	2004-11-03
1.2	Avisos emitidos por Red Hat (RHSA-2005:074-10, RHSA-2005:106-04)	2005-05-19
1.3	Aviso emitido por Red Hat (RHSA-2005:481-03)	2005-06-03
1.4	Aviso emitido por Red Hat (RHSA-2005:495-02)	2005-06-14
1.5	Aviso emitido por Mandriva (MDKSA-2005:100)	2005-06-15
1.6	Avisos emitidos por Red Hat (RHSA-2005:567-08, RHSA-2005:562-10)	2005-07-13
1.7	Aviso emitido por Mandriva (MDKSA-2005:119)	2005-07-14
1.8	Aviso emitido por SGI (20051002-01-U)	2005-10-21
1.9	Aviso emitido por SCO (SCOSA-2006.11)	2006-03-16

Boletines de Vulnerabilidades

Vulnerabilidad de directorio transversal en el cliente scp OpenSSH

Clasificación de la vulnerabilidad

Información sobre el sistema

Descripción

Solución

Identificadores estándar

Recursos adicionales

Histórico de versiones