Family: Gain root remotely --> Category: infos
OpenSSH < 3.7.1 Vulnerability Scan
Vulnerability Scan Summary
Checks for the remote SSH version
Detailed Explanation for this Vulnerability Test
You are running a version of OpenSSH which is older than 3.7.1
Versions older than 3.7.1 are vulnerable to a flaw in the buffer management
functions which might allow a possible hacker to execute arbitrary commands on this
An exploit for this issue is rumored to exist.
Note that several distribution patched this hole without changing
the version number of OpenSSH. Since Nessus solely relied on the
banner of the remote SSH server to perform this check, this might
be a false positive.
If you are running a RedHat host, make sure that the command :
rpm -q openssh-server
openssh-server-3.1p1-13 (RedHat 7.x)
openssh-server-3.4p1-7 (RedHat 8.0)
openssh-server-3.5p1-11 (RedHat 9)
Solution : Upgrade to OpenSSH 3.7.1
See also : http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375452423794&w=2
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.