Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Gain root remotely --> Category: infos

OpenSSH < 2.1.1 UseLogin feature Vulnerability Scan


Vulnerability Scan Summary
Checks for the remote OpenSSH version

Detailed Explanation for this Vulnerability Test

You are running a version of OpenSSH which is older than 2.1.1.

If the UseLogin option is enabled, then sshd does not switch to the
uid of the user logging in. Instead, sshd relies on login(1) to do
the job. However, if the user specifies a command for remote
execution, login(1) cannot be used and sshd fails to set the correct
user id, so the command is run with the same privilege as sshd
(usually root rights).

*** Note that Nessus did not acertain whether the UseLogin
*** option was activated or not, so this message may
*** be a false alarm

Solution : Upgrade to OpenSSH 2.1.1 or make sure
that the option UseLogin is set to no in sshd_config

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.