Detections
Analytics

OpenSSH < 2.5.2 / 2.5.2p2 Multiple Information Disclosure Vulnerabilities

medium Nessus Plugin ID 44068

Language:

Synopsis

Remote attackers may be able to infer information about traffic inside an SSH session.

Description

According to its banner, the remote host appears to be running a version of OpenSSH earlier than 2.5.2 / 2.5.2p2. It, therefore, reportedly contains weaknesses in its implementation of the SSH protocol, both versions 1 and 2. These weaknesses could allow an attacker to sniff password lengths, and ranges of length (this could make brute-force password guessing easier), determine whether RSA or DSA authentication is being used, the number of authorized_keys in RSA authentication and/or the length of shell commands.

Solution

Upgrade to OpenSSH 2.5.2 / 2.5.2p2 or later.

See Also

https://www.openwall.com/articles/SSH-Traffic-Analysis

http://www.openssh.com/txt/release-2.5.2p2

Plugin Details

Severity: Medium

ID: 44068

File Name: openssh_252.nasl

Version: 1.11

Type: remote

Family: Misc.

Published: 10/4/2011

Updated: 3/27/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Required KB Items: installed_sw/OpenSSH

Exploit Ease: No known exploits are available

Patch Publication Date: 3/19/2001

Vulnerability Publication Date: 3/19/2001

Reference Information

CVE: CVE-2001-0361, CVE-2001-0572

BID: 2344, 49473

CWE: 310

CERT: 596827