SSH Multiple Remote Vulnerabilities

medium Nessus Plugin ID 11195

Synopsis

It may be possible to crash the SSH server on the remote host.

Description

According to its banner, the remote SSH server is affected by one or more of the following vulnerabilities :

- CVE-2002-1357 (incorrect length)

- CVE-2002-1358 (lists with empty elements/empty strings)

- CVE-2002-1359 (large packets and large fields)

- CVE-2002-1360 (string fields with zeros)

The impact of successful exploitation of these vulnerabilities varies across products. In some cases, remote attackers will be able to execute arbitrary code with the privileges of the SSH process (usually root), although for the products currently tested, the maximum impact is believed to be just a denial of service.

Solution

Contact the vendor for an update.

See Also

http://www.rapid7.com/advisories/R7-0009.txt

https://seclists.org/vulnwatch/2002/q4/88

Plugin Details

Severity: Medium

ID: 11195

File Name: ssh_multivulns_16122002.nasl

Version: 1.27

Type: remote

Family: Misc.

Published: 12/20/2002

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 12/16/2002

Exploitable With

Metasploit (PuTTY Buffer Overflow)

Reference Information

CVE: CVE-2002-1357, CVE-2002-1358, CVE-2002-1359, CVE-2002-1360

CWE: 119, 20

CERT-CC: CA-2002-36