The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6560-1 advisory.

    Fabian Bumer, Marcus Brinkmann, Jrg Schwenk discovered that the SSH protocol was vulnerable to a     prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension     negotiation messages could be truncated, possibly leading to certain algorithms and features being     downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate     this issue. (CVE-2023-48795)

    Luci Stanescu discovered that OpenSSH incorrectly added destination constraints when smartcard keys were     added to ssh-agent, contrary to expectations. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.
    (CVE-2023-28531)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : OpenSSH vulnerabilities (USN-6560-1)

critical Nessus Plugin ID 187105

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.0

Version 1.3 Sep 18, 2024, 8:52 AM CVSS metrics ("Cvssv4 threat vector" set to "CVSS:4.0/E:P") Plugin Feed: 202409180852
Version 1.2 Aug 28, 2024, 7:43 PM CVSS metrics ("Cvssv4 score" set to 9.3) CVSS metrics ("Cvssv4 vector" set to "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N") Detection (updated detection logic) Plugin metadata Plugin Feed: 202408281943
Version 1.1 Dec 22, 2023, 1:07 PM IAVM reference STIG Severity Plugin Feed: 202312221307
Version 1.0 Dec 20, 2023, 12:57 AM New Plugin Feed: 202312200057
Version 1.0 Dec 22, 2023, 10:57 AM IAVM reference STIG Severity (set to "II") Plugin Feed: 202312221057