Security question: are these vulnerabilities addressed?

To: debian-user@lists.debian.org
Subject: Security question: are these vulnerabilities addressed?
From: Scott Gifford <sgifford@suspectclass.com>
Date: Tue, 29 May 2007 16:11:08 -0400
Message-id: <[🔎] ly1wgzie5f.fsf@gfn.org>

Hello,

The managers of a facility where we house some Debian servers recently
ran a vunlerability scan against our up-to-date Sarge servers, and
reported vulnerabilities in the version of OpenSSH we were running.  I
assume that these issues have been fixed or do not apply to Debian's
OpenSSH, but I can't find any information to confirm this.

Can anybody confirm that these are not issues in Debian Sarge?

    CVE-2005-2798    OpenSSH GSSAPI Credential Disclosure
    CVE-2006-0225    OpenSSH Local SCP Shell Command Execution

They also reported this, which I couldn't really find any information
about:

    CVE-2004-0230    TCP Sequence Number Approximation Based Denial of Service 

Does anybody know if this is addressed in Sarge, or by the Linux
kernel at all?

Thanks!

---Scott.

Reply to:

Follow-Ups:
- Re: Security question: are these vulnerabilities addressed?
  - From: Kamaraju S Kusumanchi <kamaraju@bluebottle.com>

Prev by Date: Re: Is Etch Stable is really stable?
Next by Date: Re: Is Etch Stable is really stable?
Previous by thread: Re: File Notes
Next by thread: Re: Security question: are these vulnerabilities addressed?
Index(es):
- Date
- Thread