Oval Definition:	oval:org.mitre.oval:tst:32453
Comment: openssh-server is earlier than 0:3.6.1p2-33.30.9 Type: rpminfo_test Namespace: linux Check_Existence: at_least_one_exists Check: at least one State Operator: AND References Object: oval:org.mitre.oval:obj:14544 State: oval:org.mitre.oval:ste:10067 Referencing Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:9894 V OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address. 2013-04-29 oval:org.mitre.oval:def:9962 V scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. 2013-04-29
BACK