Lucene search
Tenable4632.PRMHistoryAug 20, 2008 - 12:00 a.m.
Attachmate Reflection for Secure IT UNIX Server < 7.0 SP1 Multiple Vulnerabilities
2008-08-2000:00:00
Tenable
www.tenable.com
24
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
EPSS
0.146
Percentile
95.9%
The version of Attachmate Reflection for Secure IT UNIX Server installed on the remote host is lower than 7.0 SP1 and thus reportedly affected by several issues :
- There is an inherited vulnerability in OpenSSL when parsing malformed ASN.1 structures leading to a denial of service vulnerability (CVE-2006-2937).
- There is an inherited vulnerability in OpenSSL when parsing parasitic public keys leading to a denial of service vulnerability (CVE-2006-2940).
- There is an inherited vulnerability in OpenSSL when performing Montgomery multiplication, leading to a side-channel attack vulnerability (CVE-2007-3108).
- There is an inherited vulnerability in OpenSSH with the execution of the ~/.ssh2/rc session file (CVE-2008-1657).
- There is an issue with the security of forwarded X11 connections, leading to possible hijacking. (CVE-2008-1483)
- There are multiple unspecified other vulnerabilities.
Binary data 4632.prm| Vendor | Product | Version | CPE |
|---|---|---|---|
| attachmate | reflection | cpe:/a:attachmate:reflection |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1657
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6021
support.attachmate.com/techdocs/2374.html#Security_Updates_in_7.0_SP1
Related
nessus
nessus
Attachmate Reflection for Secure IT UNIX server < 7.0 SP1 Multiple Vulnerabilities
2008-08-20 00:00:00
openSUSE 10 Security Update : openssh (openssh-5149)
2008-04-11 00:00:00
AIX OpenSSH Advisory : ssh_advisory.asc
2014-04-16 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200804-03 (openssh)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200804-03 (openssh)
2008-09-24 00:00:00
Solaris Update for Kernel 122301-42
2009-09-23 00:00:00
gentoo
gentoo
OpenSSH: Privilege escalation
2008-04-05 00:00:00
AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities
2006-12-11 00:00:00
OpenSSL: Multiple vulnerabilities
2006-10-24 00:00:00
ubuntu
ubuntu
openssl vulnerabilities
2006-09-29 00:00:00
OpenSSH vulnerability
2008-04-01 00:00:00
OpenSSL vulnerability
2006-10-05 00:00:00
slackware
slackware
[slackware-security] openssl
2006-09-29 07:57:13
[slackware-security] openssh
2008-04-04 20:06:28
centos
centos
openssl, openssl096b security update
2006-09-29 03:35:21
openssl, openssl095a, openssl096 security update
2006-10-02 01:43:05
debian
debian
[SECURITY] [DSA 1185-1] New openssl packages fix denial of service
2006-09-28 17:28:09
[SECURITY] [DSA 1185-2] New openssl packages fix arbitrary code execution
2006-10-02 19:33:19
redhat
redhat
(RHSA-2006:0695) openssl security update
2006-09-28 00:00:00
suse
suse
remote denial of service in openssl
2006-09-28 16:40:53
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 0.9.7g-alt5
2006-09-27 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 0.9.7g-alt5
2006-09-27 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.7g-alt5
2006-09-27 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-06:23.openssl
2006-09-28 00:00:00
FreeBSD-SA-08:05.openssh
2008-04-17 00:00:00
osv
osv
openssl
2006-09-28 00:00:00
f5
f5
SOL6734 - Local OpenSSL vulnerabilities VU#547300 and VU#386964, CAN-2006-3738, CAN-2006-2940, CAN-2006-2937, CAN-2006-4343
2007-05-16 00:00:00
K6734 : Local OpenSSL vulnerabilities VU#547300 and VU#386964, CAN-2006-3738, CAN-2006-2940, CAN-2006-2937, CAN-2006-4343
2013-03-27 00:00:00
SOL15086 - OpenSSH vulnerability CVE-2008-1657
2014-03-18 00:00:00
nvd
nvd
cve
cve
debiancve
debiancve
prion
prion
Session fixation
2008-04-02 18:44:00
Design/Logic Flaw
2008-03-24 23:44:00
Design/Logic Flaw
2007-08-08 01:17:00
ubuntucve
ubuntucve
cvelist
cvelist
securityvulns
securityvulns
rPSA-2007-0155-1 openssl openssl-scripts
2007-08-13 00:00:00
rPSA-2008-0120-1 gnome-ssh-askpass openssh openssh-client openssh-server
2008-03-25 00:00:00
OpenSSH privilege escalation
2008-03-25 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2006-2937
2006-09-28 00:00:00
Vulnerability in OpenSSL CVE-2006-2940
2006-09-28 00:00:00
cert
cert
OpenSSL may fail to properly parse invalid ASN.1 structures
2006-09-28 00:00:00
RSA key reconstruction vulnerability
2007-08-01 00:00:00
oraclelinux
oraclelinux
Important openssl security update
2006-11-30 00:00:00
seebug
seebug
OpenSSH X连接会话劫持漏洞
2008-04-18 00:00:00
OpenSSL本地密钥信息泄露漏洞
2007-08-03 00:00:00
checkpoint_security
checkpoint_security
Check Point response to OpenSSL vulnerability CVE-2007-3108
2007-10-16 22:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: openssl-0.9.8b-14.fc6
2007-08-13 21:49:38
[SECURITY] Fedora 7 Update: openssl-0.9.8b-14.fc7
2007-08-06 17:57:54
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
EPSS
0.146
Percentile
95.9%
Related for 4632.PRM