HP Secure Shell Discloses User Account Names to Remote Users
|
|
SecurityTracker Alert ID: 1018065 |
|
SecurityTracker URL: http://securitytracker.com/id/1018065
|
|
CVE Reference:
CVE-2007-2791
(Links to External Site)
|
Updated: May 12 2008
|
Original Entry Date: May 16 2007
|
Impact:
Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in HP Secure Shell on Tru64 UNIX. A remote user can determine valid user accounts on the target system.
A remote user can identify valid users.
HP credits Andrea Purificato with reporting this vulnerability.
|
Impact:
A remote user can determine valid users accounts on the target system.
|
Solution:
The vendor has issued the following Early Release Patch kits.
HP Tru64 UNIX Version v5.1B-4
Prerequisite: HP Tru64 UNIX v5.1B-4 PK6 (BL27)
Kit Name: T64KIT1001208-V51BB26-ES-20070427
Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001208-V51BB26-ES-20070427
HP Tru64 UNIX Version v5.1B-3
Prerequisite: HP Tru64 UNIX v5.1B-3 PK5 (BL26)
Kit Name: T64KIT1001205-V51BB27-ES-20070427
Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001205-V51BB27-ES-20070427
The HP advisory is available at:
http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01007552-1
|
Vendor URL: www2.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01007552-1 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
UNIX (Tru64)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 15 May 2007 22:59:56 -0400
Subject: HPSBTU02209 SSRT071323 rev.1 - HP Tru64 UNIX Running Secure Shell (SSH), Remote Unauthorized Identification of Valid Users
|
http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01007552-1
|
|
