{"id":950,"date":"2017-03-28T15:37:09","date_gmt":"2017-03-28T20:37:09","guid":{"rendered":"https:\/\/cert.pa\/?p=950"},"modified":"2017-03-28T15:37:09","modified_gmt":"2017-03-28T20:37:09","slug":"csirt-panama-aviso-2017-03-se-libera-openssh-7-5-para-la-correccion-de-vulnerabilidades","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=950","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2017-03- Se libera OpenSSH 7.5 para la correcci\u00f3n de vulnerabilidades"},"content":{"rendered":"<p>CSIRT Panam\u00e1 Aviso 2017-03- Se libera OpenSSH 7.5 para la correcci\u00f3n de vulnerabilidades<br \/>\nGravedad: Alta<br \/>\nFecha de publicaci\u00f3n: Marzo 27, 2017<br \/>\nFecha de modificaci\u00f3n: Marzo 27, 2017<br \/>\n\u00daltima revisi\u00f3n: Revisi\u00f3n A.<\/p>\n<p>Sistemas Afectados<br \/>\nOpenSSH versiones 7.3<br \/>\nOpenSSH Portable en sftp-client en Cygwin<\/p>\n<p>I. Descripci\u00f3n<br \/>\nSe libera le nuevo OpenSSH versi\u00f3n 7.5 con la correcci\u00f3n de dos vulnerabilidades que podr\u00eda permitir el descifrado de mensajes en las contramedidas contra ataques de Padding Oracle en CBC (Cifrado por Bloques). Y el crear o modificar archivos en los sistemas afectados por OpenSSH portable y podr\u00eda permitir a un servidor remoto autenticado la escalada de directorios o directorios transversal.<\/p>\n<p>II. Impacto<br \/>\nComplejidad de acceso: Alta<br \/>\nAutenticaci\u00f3n: Requerida<br \/>\nTipo de impacto: Compromiso de datos privados y escalada de privilegios<\/p>\n<p>III. Referencia a soluciones, herramientas e informaci\u00f3n<br \/>\nhttp:\/\/www.openssh.com\/txt\/release-7.5<br \/>\nhttps:\/\/bugs.chromium.org\/p\/project-zero\/issues\/detail?id=1058&#038;can=1&#038;q=Openssh<\/p>\n<p>IV. Informaci\u00f3n de contacto<br \/>\nCSIRT PANAMA<br \/>\nComputer Security Incident Response Team Autoridad Nacional para la<br \/>\nInnovacion Gubernamental<br \/>\nE-Mail:   info@cert.pa<br \/>\nPhone:    +507 520-CERT (2378)<br \/>\nWeb:      https:\/\/www.cert.pa<br \/>\nTwitter:  @CSIRTPanama<br \/>\nFacebook: http:\/\/www.facebook.com\/CSIRTPanama<br \/>\nKey ID:   16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CSIRT Panam\u00e1 Aviso 2017-03- Se libera OpenSSH 7.5 para la correcci\u00f3n de vulnerabilidades Gravedad: Alta Fecha de publicaci\u00f3n: Marzo 27, 2017 Fecha de modificaci\u00f3n: Marzo 27, 2017 \u00daltima revisi\u00f3n: Revisi\u00f3n A. Sistemas Afectados OpenSSH versiones&#8230;<\/p>\n","protected":false},"author":4,"featured_media":951,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-950","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/950","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=950"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/950\/revisions"}],"predecessor-version":[{"id":952,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/950\/revisions\/952"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/951"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=950"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=950"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=950"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}