PT-2006-7580 · Openssh+3 · Openssh+3

Josh Bressers

Publicado

1970-01-01

Atualizado

2024-07-08

CVE-2006-0225

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 4.2p1 OpenSSH version 3.1p1

Description The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely, allowing attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces. The vulnerability may lead to disruption of service and unauthorized access to sensitive data.

Recommendations For OpenSSH version 3.1p1, consider upgrading to a version later than 4.2p1 to resolve the issue. For OpenSSH versions prior to 4.2p1, upgrade to version 4.2p1 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the scp command until a patch is available. Avoid using filenames that contain shell metacharacters or spaces in the affected scp command until the issue is resolved.

Exploit

Correção

Double Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-415

Identificadores relacionados

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

BDU:2015-04226

BDU:2015-04227

BDU:2015-06465

BDU:2015-06467

BDU:2015-06469

BDU:2015-06471

BDU:2015-06473

BDU:2015-09497

CVE-2006-0225

HPSBUX02178

OPENSUSE-SU-2024:11124-1

RHSA-2006:0044

RHSA-2006:0298

RHSA-2006:0698

RHSA-2006_0044

Produtos afetados

Alt Linux

Hp-Ux

Openssh

Red Hat

PT-2006-7580 · Openssh+3 · Openssh+3

CVE-2006-0225

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 439