Rapid7 Vulnerability & Exploit Database

RHSA-2001:033: Updated openssh packages available

Back to Search

RHSA-2001:033: Updated openssh packages available

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
08/22/2001
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated openssh packages are now available for Red Hat Linux 7. These packages reduce the amount of information a passive attacker can deduce from observing an encrypted session.

Weaknesses in the SSH protocols can be used by a passive attacker to deduce information about passwords entered over an encrypted connection. This information can be used to reduce the number of possible solutions which need to be tested to perform a brute-force attack. This reduces the amount of time and resources required to mount such an attack successfully. OpenSSH 2.5.1 and 2.5.2 include modifications which, while not completely resolving this problem, reduce the risks by changing certain server behaviors to make passive analysis more difficult.

Solution(s)

  • redhat-upgrade-openssh
  • redhat-upgrade-openssh-askpass
  • redhat-upgrade-openssh-askpass-gnome
  • redhat-upgrade-openssh-clients
  • redhat-upgrade-openssh-server

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;