Security question: are these vulnerabilities addressed?
Hello,
The managers of a facility where we house some Debian servers recently
ran a vunlerability scan against our up-to-date Sarge servers, and
reported vulnerabilities in the version of OpenSSH we were running. I
assume that these issues have been fixed or do not apply to Debian's
OpenSSH, but I can't find any information to confirm this.
Can anybody confirm that these are not issues in Debian Sarge?
CVE-2005-2798 OpenSSH GSSAPI Credential Disclosure
CVE-2006-0225 OpenSSH Local SCP Shell Command Execution
They also reported this, which I couldn't really find any information
about:
CVE-2004-0230 TCP Sequence Number Approximation Based Denial of Service
Does anybody know if this is addressed in Sarge, or by the Linux
kernel at all?
Thanks!
---Scott.
Reply to: