OpenSSH < 4.0 known_hosts Plaintext Host Information Disclosure

low Nessus Plugin ID 44075

Synopsis

The remote SSH server is affected by an information disclosure vulnerability.

Description

According to its banner, the remote host is running a version of OpenSSH prior to 4.0. Versions of OpenSSH earlier than 4.0 are affected by an information disclosure vulnerability because the application stores hostnames, IP addresses, and keys in plaintext in the 'known_hosts' file. A local attacker, exploiting this flaw, could gain access to sensitive information that could be used in subsequent attacks.

Solution

Upgrade to OpenSSH 4.0 or later.

See Also

https://www.openssh.com/txt/release-4.0

http://nms.csail.mit.edu/projects/ssh/

http://www.eweek.com/c/a/Security/Researchers-Reveal-Holes-in-Grid/

Plugin Details

Severity: Low

ID: 44075

File Name: openssh_40.nasl

Version: 1.9

Type: remote

Family: Misc.

Published: 10/4/2011

Updated: 3/27/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Low

Base Score: 1.2

Vector: CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Required KB Items: installed_sw/OpenSSH

Patch Publication Date: 3/9/2005

Vulnerability Publication Date: 8/23/2005

Reference Information

CVE: CVE-2004-2760, CVE-2005-2666, CVE-2007-4654

CWE: 16, 255, 399