|
|
OpenSSH反向DNS查询绕过访问控制漏洞
发布时间:2003-06-05
更新时间:2003-06-05
严重程度:中
威胁程度:其它
错误类型:设计错误
利用方式:服务器模式
BUGTRAQ ID:7831
受影响系统OpenSSH OpenSSH 3.0 p1
OpenSSH OpenSSH 3.0
OpenSSH OpenSSH 3.0.1 p1
OpenSSH OpenSSH 3.0.1
OpenSSH OpenSSH 3.0.2 p1
+Guardian Digital Engarde Secure Linux 1.0.1
OpenSSH OpenSSH 3.0.2
-Debian Linux 3.0
+FreeBSD FreeBSD 4.5 -RELEASE
+FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07
+OpenPKG OpenPKG 1.0
+Openwall Openwall GNU/*/Linux 0.1 -stable
+S.u.S.E. Linux 8.0
OpenSSH OpenSSH 3.1 p1
+Slackware Linux 8.1
+Sun Solaris 9.0
+Trustix Secure Linux 1.1
+Trustix Secure Linux 1.2
+Trustix Secure Linux 1.5
OpenSSH OpenSSH 3.1
OpenSSH OpenSSH 3.2
+OpenBSD OpenBSD 3.1
OpenSSH OpenSSH 3.2.2 p1
+Apple MacOS X 10.0
+Apple MacOS X 10.0.1
+Apple MacOS X 10.0.2
+Apple MacOS X 10.0.3
+Apple MacOS X 10.0.4
+Apple MacOS X 10.1
+Apple MacOS X 10.1
+Apple MacOS X 10.1.1
+Apple MacOS X 10.1.2
+Apple MacOS X 10.1.3
+Apple MacOS X 10.1.4
+Apple MacOS X 10.1.5
OpenSSH OpenSSH 3.2.3 p1
OpenSSH OpenSSH 3.3 p1
+Conectiva Linux 6.0
+Conectiva Linux 7.0
+Conectiva Linux 8.0
OpenSSH OpenSSH 3.3
+Openwall Openwall GNU/*/Linux (Owl)-current
OpenSSH OpenSSH 3.4 p1
+Conectiva Linux 6.0
+Conectiva Linux 7.0
+Conectiva Linux 8.0
+FreeBSD FreeBSD 4.7
+FreeBSD FreeBSD 4.7 -RELEASE
+FreeBSD FreeBSD 5.0
+Slackware Linux 8.1
OpenSSH OpenSSH 3.4
OpenSSH OpenSSH 3.5
OpenSSH OpenSSH 3.6.1 p2
OpenSSH OpenSSH 3.6.1 p1
OpenSSH OpenSSH 3.6.1 详细描述
OpenSSH对于访问控制的实现上存在漏洞,当一个主机提供数字IP地址进行连接时可能绕过OpenSSH服务器对于访问来源的限制。
解决方案
厂商还未提供解决方案。
相关信息
Mike Harding <mvh@welkyn.com>
OpenSSH remote clent address restriction circumvention
http://archives.neohapsis.com/archives/bugtraq/2003-06/0038.html
|
