Detections
Analytics

OracleVM 3.2 : openssh (OVMSA-2016-0030)

medium Nessus Plugin ID 89020

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - change default value of MaxStartups - CVE-2010-5107 (John Haxby)

- improve RNG seeding from /dev/random (#681291,#708056)

 - make ssh(1)'s ConnectTimeout option apply to both the TCP connection and SSH banner exchange (#750725)

 - use IPV6_V6ONLY for sshd inet6 listening socket (#640857)

 - add LANGUAGE to the sent/accepted evvironment (#710229)

 - ssh-copy-id copies now id_rsa.pub by default (#731930)

 - repairs man pages (#731925)

 - set cloexec on accept socket (#642935)

 - add umask to sftp (#720598)

 - enable lastolg for big uids (#706315)

 - enable selinux domain transition to passwd_t (#689406)

 - enable pubkey auth in the fips mode (#674747)

 - improve resseding the prng from /dev/urandom or /dev/random respectively (#681291)

 - periodically ressed the prng from /dev/urandom or /dev/random respectively (#681291)

 - change cipher preferences (#661716)

 - change cipher preferences (#661716)

 - enable to run sshd as non root user (#661669)

 - reenable rekeying (#659242)

 - add nss keys to key audit patch (#632402)

 - key audit patch (#632402)

 - supply forced command documentation (#532559)

 - compile in the OpenSSL engine support

 - record lastlog with big uid (#616396)

 - add OpenSSL engine support (#594815)

 - backport forced command directive (#532559)

 - stderr does not more disturb sftp (#576765)

Solution

Update the affected openssh / openssh-clients / openssh-server packages.

See Also

http://www.nessus.org/u?41282881

Plugin Details

Severity: Medium

ID: 89020

File Name: oraclevm_OVMSA-2016-0030.nasl

Version: 2.5

Type: local

Published: 2/29/2016

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:openssh, p-cpe:/a:oracle:vm:openssh-clients, p-cpe:/a:oracle:vm:openssh-server, cpe:/o:oracle:vm_server:3.2

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/24/2016

Vulnerability Publication Date: 3/7/2013

Reference Information

CVE: CVE-2010-5107

BID: 58162