7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
CentOS Errata and Security Advisory CESA-2017:0641
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.
Security Fix(es):
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2017-March/030138.html
Affected packages:
openssh
openssh-askpass
openssh-clients
openssh-ldap
openssh-server
pam_ssh_agent_auth
Upstream details at:
https://access.redhat.com/errata/RHSA-2017:0641
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | openssh | < 5.3p1-122.el6 | openssh-5.3p1-122.el6.i686.rpm |
CentOS | 6 | i686 | openssh-askpass | < 5.3p1-122.el6 | openssh-askpass-5.3p1-122.el6.i686.rpm |
CentOS | 6 | i686 | openssh-clients | < 5.3p1-122.el6 | openssh-clients-5.3p1-122.el6.i686.rpm |
CentOS | 6 | i686 | openssh-ldap | < 5.3p1-122.el6 | openssh-ldap-5.3p1-122.el6.i686.rpm |
CentOS | 6 | i686 | openssh-server | < 5.3p1-122.el6 | openssh-server-5.3p1-122.el6.i686.rpm |
CentOS | 6 | i686 | pam_ssh_agent_auth | < 0.9.3-122.el6 | pam_ssh_agent_auth-0.9.3-122.el6.i686.rpm |
CentOS | 6 | x86_64 | openssh | < 5.3p1-122.el6 | openssh-5.3p1-122.el6.x86_64.rpm |
CentOS | 6 | x86_64 | openssh-askpass | < 5.3p1-122.el6 | openssh-askpass-5.3p1-122.el6.x86_64.rpm |
CentOS | 6 | x86_64 | openssh-clients | < 5.3p1-122.el6 | openssh-clients-5.3p1-122.el6.x86_64.rpm |
CentOS | 6 | x86_64 | openssh-ldap | < 5.3p1-122.el6 | openssh-ldap-5.3p1-122.el6.x86_64.rpm |
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%