Vulnerability & Exploit Database

Back to search

RHSA-2013:0519: openssh security, bug fix and enhancement update

Severity CVSS Published Added Modified
6 (AV:L/AC:H/Au:N/C:C/I:C/A:C) February 21, 2013 February 21, 2013 July 04, 2017

Description

OpenSSH is OpenBSD's Secure Shell (SSH) protocol implementation. Thesepackages include the core files necessary for the OpenSSH client andserver.Due to the way the pam_ssh_agent_auth PAM module was built in Red HatEnterprise Linux 6, the glibc's error() function was called rather than theintended error() function in pam_ssh_agent_auth to report errors. As thesetwo functions expect different arguments, it was possible for an attackerto cause an application using pam_ssh_agent_auth to crash, discloseportions of its memory or, potentially, execute arbitrary code.(CVE-2012-5536)Note that the pam_ssh_agent_auth module is not used in Red Hat EnterpriseLinux 6 by default.This update also fixes the following bugs:This update also adds the following enhancements:All users of openssh are advised to upgrade to these updated packages,which fix these issues and add these enhancements. After installing thisupdate, the OpenSSH server daemon (sshd) will be restarted automatically.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

redhat-upgrade-openssh

Related Vulnerabilities