|
|
Family: Misc. --> Category: infos
OpenSSH < 4.4 Multiple GSSAPI Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks version number of OpenSSH
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote SSH server is affected by multiple vulnerabilities.
Description :
According to its banner, the version of OpenSSH installed on the
remote host contains a race condition that may allow an
unauthenticated remote attacker to crash the service or, on portable
OpenSSH, possibly execute code on the affected host. In addition,
another flaw exists that may allow a possible hacker to acertain the
validity of usernames on some platforms.
Note that successful exploitation of these issues requires that GSSAPI
authentication be enabled.
See also :
http://www.openssh.com/txt/release-4.4
Solution :
Upgrade to OpenSSH 4.4 or later.
Threat Level:
Medium / CVSS Base Score : 5.6
(AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
