Need Help to Fix CVE-2008-1483, CVE-2008-5161, CVE-2015-5600 and CVE-2015-6565

abhi dhiman abhi.dhiman83 at gmail.com
Wed Mar 16 00:54:09 AEDT 2016


Thanks a lot guys for the pointers.

Regards
Abhishek
On 14-Mar-2016 11:30 pm, "Philip Hands" <phil at hands.com> wrote:

> abhi dhiman <abhi.dhiman83 at gmail.com> writes:
>
> > Hi All,
> >
> > Actually I am working with the OpenSSH version 6.2p which is vulnerable
> to
> > above mentioned vulnerabilities.
>
> Are you sure?
>
> I was going to suggest that you take a look at Debian's packages, such
> as the 6.0p1 package from "wheezy", but looking at the changelog, I only
> see mention of CVE-2008-1483:
>
>
> http://metadata.ftp-master.debian.org/changelogs/main/o/openssh/openssh_6.0p1-4+deb7u3_changelog
>
> Likewise for 6.6p1:
>
>
> http://metadata.ftp-master.debian.org/changelogs/main/o/openssh/openssh_6.6p1-4~bpo70+1_changelog
>
> Note that CVE-2008-1483 was fixed in Debian's 4.7p1-5 package, in 22 Mar
> 2008, so I'm wondering who would have supplied a vulnerable version of
> 6.2p (release in 2012).
>
> It looks to me as though it was fixed in 4.9, so I'm very doubtful
> about the assertion that 6.2 is vulnerable.
>
> As for CVE-2015-6565, this:
>
>   https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6565
>
> claims that versions 6.8 and 6.9 are vulnerable, so again not 6.2.
>
> I'll leave you to look at the other two.
>
> Cheers, Phil.
> --
> |)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
> |-|  http://www.hands.com/    http://ftp.uk.debian.org/
> |(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,    GERMANY
>


More information about the openssh-unix-dev mailing list