SSH CRC-32 Compensation Attack Remote Overflow

critical Nessus Plugin ID 10607

Synopsis

It is possible to execute arbitrary code on the remote host.

Description

The remote host is running a version of SSH that is older than version 1.2.32, or a version of OpenSSH that is older than 2.3.0.

The remote version of this software is vulnerable to a flaw known as a 'CRC-32 compensation attack' that could allow an attacker to gain a root shell on this host.

Solution

Upgrade to version 1.2.32 of SSH which solves this problem, or to version 2.3.0 of OpenSSH.

Plugin Details

Severity: Critical

ID: 10607

File Name: ssh_crc32.nasl

Version: 1.39

Type: remote

Family: Misc.

Published: 2/9/2001

Updated: 7/30/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2/8/2001

Reference Information

CVE: CVE-2001-0144

BID: 2347