Detections
Analytics

OpenSSH < 4.2 Multiple Vulnerabilities

low Nessus Plugin ID 19592

Language:

Synopsis

The remote SSH server has multiple vulnerabilities.

Description

According to its banner, the version of OpenSSH installed on the remote host has the following vulnerabilities :

 - X11 forwarding may be enabled unintentionally when multiple forwarding requests are made on the same session, or when an X11 listener is orphaned after a session goes away. (CVE-2005-2797)

 - GSSAPI credentials may be delegated to users who log in using something other than GSSAPI authentication if 'GSSAPIDelegateCredentials' is enabled. (CVE-2005-2798)

 - Attempting to log in as a nonexistent user causes the authentication process to hang, which could be exploited to enumerate valid user accounts.
 Only OpenSSH on Mac OS X 10.4.x is affected.
 (CVE-2006-0393)

 - Repeatedly attempting to log in as a nonexistent user could result in a denial of service.
 Only OpenSSH on Mac OS X 10.4.x is affected.
 (CVE-2006-0393)

Solution

Upgrade to OpenSSH 4.2 or later. For OpenSSH on Mac OS X 10.4.x, apply Mac OS X Security Update 2006-004.

See Also

http://www.openssh.com/txt/release-4.2

https://lists.apple.com/archives/security-announce/2006/Aug/msg00000.html

https://support.apple.com/?artnum=304063

Plugin Details

Severity: Low

ID: 19592

File Name: openssh_42.nasl

Version: 1.21

Type: remote

Family: Misc.

Published: 9/7/2005

Updated: 3/27/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Required KB Items: installed_sw/OpenSSH

Exploit Ease: No known exploits are available

Patch Publication Date: 9/1/2005

Vulnerability Publication Date: 9/1/2005

Reference Information

CVE: CVE-2005-2797, CVE-2005-2798, CVE-2006-0393

BID: 14727, 14729, 19289