AIX OpenSSH Advisory : ssh_advisory.asc

medium Nessus Plugin ID 73565

Synopsis

The remote AIX host is running a vulnerable version of OpenSSH.

Description

The version of OpenSSH running on the remote host is affected by the following vulnerabilities :

- OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs. (CVE-2008-1483)

- OpenSSH before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file. (CVE-2008-1657)

Solution

A fix is available and can be downloaded from the OpenSSH sourceforge website for the AIX release.

See Also

https://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc

https://sourceforge.net/projects/openssh-aix/files/

Plugin Details

Severity: Medium

ID: 73565

File Name: aix_ssh_advisory.nasl

Version: 1.13

Type: local

Published: 4/16/2014

Updated: 4/21/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.1

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:ibm:aix

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Exploit Ease: No known exploits are available

Patch Publication Date: 5/21/2008

Vulnerability Publication Date: 1/29/2008

Reference Information

CVE: CVE-2008-1483, CVE-2008-1657

BID: 28444, 28531

CWE: 264