Detections
Analytics
SSH RSAREF Library Multiple Overflows (deprecated)
high Nessus Network Monitor Plugin ID 1972
Synopsis
The remote host is vulnerable to a buffer overflow.Description
The remote host is running a version of SSH which is older (or as old as) 1.2.27. If this version was compiled against the RSAREF library (which can not be determined remotely), then it is very likely to be vulnerable to a buffer overflow that may allow an attacker to obtain a root shell on this host. To determine if SSH has been compiled against the RSAREF library, log into the remote host and type 'ssh -V'Solution
Upgrade to SSH 2.x or do not use the RSAREF library.See Also
http://archives.neohapsis.com/archives/bugtraq/1999-q4/0169.html
Plugin Details
Severity: High
ID: 1972
Family: SSH
Published: 8/20/2004
Updated: 3/6/2019
Nessus ID: 10269
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: High
Base Score: 7.4
Temporal Score: 7.2
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X
Reference Information
CVE: CVE-1999-0834
BID: 843