Detections
Analytics
OpenSSH < 5.7 Multiple Vulnerabilities
medium Nessus Network Monitor Plugin ID 6300
Synopsis
The remote SSH service may be affected by multiple vulnerabilities.Description
Versions of OpenSSH server before 5.7 may be affected by the following vulnerabilities :- A security bypass vulnerability because OpenSSH does not properly validate the public parameters in the J-PAKE protocol. This could allow an attacker to authenticate without the shared secret. Note that this issue is only exploitable when OpenSSH is built with J-PAKE support, which is currently experimental and disabled by default. (CVE-2010-4478)
- The auth_parse options function in auth-options.c in sshd provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages. (CVE-2012-0841)
Note: NNM has solely relied on the banner of the SSH client to perform this check. Any backported patches or workarounds such as recompiling or edited configurations are not observable through the banner.
Solution
Upgrade to OpenSSH version 5.7 or later.See Also
http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5
Plugin Details
Severity: Medium
ID: 6300
Family: SSH
Published: 2/1/2012
Updated: 3/6/2019
Nessus ID: 44081
Risk Information
VPR
Risk Factor: Medium
Score: 6.3
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 5.6
Temporal Score: 4.9
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:openbsd:openssh
Patch Publication Date: 9/12/2010
Vulnerability Publication Date: 9/12/2010
Reference Information
CVE: CVE-2010-4478, CVE-2012-0814