Rapid7 Vulnerability & Exploit Database

RHSA-2001:041: Updated openssh packages available

Back to Search

RHSA-2001:041: Updated openssh packages available

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
03/30/2001
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated openssh packages are now available for Red Hat Linux 7. These packages fix an error in the supplied init script and PAM configuration file.

The init script supplied with a previous openssh update used the daemon() shell function to start the sshd daemon. This function will not start the server if a process of the same name is already executing. As a result, attempts to start the sshd server will always fail if any users are logged in remotely. The PAM configuration file included in the previous update did not include a reference to the pam_limits module, which enforces user resource limits.

Solution(s)

  • redhat-upgrade-openssh
  • redhat-upgrade-openssh-askpass
  • redhat-upgrade-openssh-askpass-gnome
  • redhat-upgrade-openssh-clients
  • redhat-upgrade-openssh-server

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;