Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 086-1 (ssh-nonfree, ssh-socks)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to ssh-nonfree, ssh-socks announced via advisory DSA 086-1.
Insight
Insight
We have received reports that the SSH CRC-32 compensation attack detector vulnerability is being actively exploited. This is the same integer type error previously corrected for OpenSSH in DSA-027-1. OpenSSH (the Debian ssh package) was fixed at that time, but ssh-nonfree and ssh-socks were not. Though packages in the non-free section of the archive are not officially supported by the Debian project, we are taking the unusal step of releasing updated ssh-nonfree/ssh-socks packages for those users who have not yet migrated to OpenSSH. However, we do recommend that our users migrate to the regularly supported, DFSG-free ssh package as soon as possible. ssh 1.2.3-9.3 is the OpenSSH package available in Debian 2.2r4. The fixed ssh-nonfree/ssh-socks packages are available in version 1.2.27-6.2 for use with Debian 2.2 (potato) and version 1.2.27-8 for use with the Debian unstable/testing distribution. Note that the new ssh-nonfree/ssh-socks packages remove the setuid bit from the ssh binary, disabling rhosts-rsa authentication. If you need this functionality, run chmod u+s /usr/bin/ssh1 after installing the new package.
Solution
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20086-1