Rapid7 Vulnerability & Exploit Database

ELSA-2008-0855 Critical: Enterprise Linux openssh security update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

ELSA-2008-0855 Critical: Enterprise Linux openssh security update

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

09/11/2007

Created

07/25/2018

Added

12/20/2011

Modified

07/04/2017

Description

Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.

Solution(s)

oracle-linux-upgrade-openssh
oracle-linux-upgrade-openssh-askpass
oracle-linux-upgrade-openssh-askpass-gnome
oracle-linux-upgrade-openssh-clients
oracle-linux-upgrade-openssh-server

References

https://attackerkb.com/topics/cve-2007-4752
APPLE-SA-2008-03-18
25628
30794
CVE - 2007-4752
CVE - 2008-3844
DSA-1576
Category II
V0017144
2008-T-0046
OVAL10809
OVAL5599
RHSA-2008:0855
http://oss.oracle.com/pipermail/el-errata/2008-August/000718.html
http://oss.oracle.com/pipermail/el-errata/2008-August/000719.html
36637
44747

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;