Gentoo Security Advisory GLSA 200703-13 (net-misc/ssh) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200703-13.

Solution

This package is currently masked, there is no upgrade path for the 3.2.x version, and a license must be purchased in order to update to a non-vulnerable version. Because of this, we recommend unmerging this package: # emerge --ask --verbose --unmerge net-misc/ssh http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200703-13 http://bugs.gentoo.org/show_bug.cgi?id=168584

Insight

The SSH Secure Shell Server SFTP function is vulnerable to privilege escalation.

Severity

Classification

CVE CVE-2006-0705

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200409-29 (FreeRADIUS)
Gentoo Security Advisory GLSA 200410-07 (ed)
Gentoo Security Advisory GLSA 200408-09 (Roundup)
Gentoo Security Advisory GLSA 200411-25 (SquirrelMail)
Gentoo Security Advisory GLSA 200501-45 (gallery)

Take action and discover your vulnerabilities