Author: jmm-guest Date: 2006-10-01 10:21:06 +0000 (Sun, 01 Oct 2006) New Revision: 4790 Modified: data/CVE/list Log: my analysis of the latest openssh issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-10-01 09:14:24 UTC (rev 4789) +++ data/CVE/list 2006-10-01 10:21:06 UTC (rev 4790) @@ -41,7 +41,10 @@ CVE-2006-5052 (Unspecified vulnerability in portable OpenSSH before 4.4, when running ...) TODO: check CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote ...) - TODO: check + - openssh <unfixed> (unimportant) + - openssh-krb5 <unfixed> (high) + NOTE: From my analysis only openssh with Kerberos support should be vulnerable + NOTE: However, we''ll fix openssh as well just to make sure CVE-2006-5050 (Directory traversal vulnerability in httpd in Rob Landley BusyBox ...) TODO: check CVE-2006-5049 (Unspecified vulnerability in Classifieds (com_classifieds) component ...) @@ -296,10 +299,15 @@ TODO: check CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and ...) TODO: check -CVE-2006-4925 +CVE-2006-4925 [openssh GSSAPI information leak) RESERVED + - openssh <unfixed> (low) + - openssh-krb5 <unfixed> (low) + [sarge] - openssh <not-affected> + [sarge] - openssh-krb5 <not-affected> CVE-2006-4924 (sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, ...) - openssh <unfixed> (low; bug #389995) + - openssh-krb5 <unfixed> (low) CVE-2006-4923 (Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat ...) NOT-FOR-US: eSyndiCat Portal System CVE-2006-4922 (Unrestricted file upload vulnerability in ...)