Rapid7 Vulnerability & Exploit Database

RHSA-2009:1287: openssh security, bug fix, and enhancement update

Back to Search

RHSA-2009:1287: openssh security, bug fix, and enhancement update

Severity
3
CVSS
(AV:N/AC:H/Au:N/C:P/I:N/A:N)
Published
11/19/2008
Created
07/25/2018
Added
09/12/2009
Modified
07/04/2017

Description

OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. Thesepackages include the core files necessary for both the OpenSSH client andserver.A flaw was found in the SSH protocol. An attacker able to perform aman-in-the-middle attack may be able to obtain a portion of plain text froman arbitrary ciphertext block when a CBC mode cipher was used to encryptSSH communication. This update helps mitigate this attack: OpenSSH clientsand servers now prefer CTR mode ciphers to CBC mode, and the OpenSSH servernow reads SSH packets up to their full possible length when corruption isdetected, rather than reporting errors early, reducing the possibility ofsuccessful plain text recovery. (CVE-2008-5161)This update also fixes the following bug:In addition, this update adds the following enhancements:All OpenSSH users are advised to upgrade to these updated packages, whichcontain backported patches to resolve these issues and add theseenhancements. After installing this update, the OpenSSH server daemon(sshd) will be restarted automatically.

Solution(s)

  • redhat-upgrade-openssh
  • redhat-upgrade-openssh-askpass
  • redhat-upgrade-openssh-clients
  • redhat-upgrade-openssh-server

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;