Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Misc. --> Category: infos

OpenSSH Reverse DNS Lookup bypass Vulnerability Scan

Vulnerability Scan Summary
Checks for the remote SSH version

Detailed Explanation for this Vulnerability Test

You are running OpenSSH-portable 3.6.1 or older.

There is a flaw in this version which may allow a possible hacker to
bypass the access controls set by the administrator of this server.

OpenSSH features a mechanism which can restrict the list of
hosts a given user can log from by specifying a pattern
in the user key file (ie: * would let a user
connect only from the local network).

However there is a flaw in the way OpenSSH does reverse DNS lookups.
If a possible hacker configures his DNS server to send a numeric IP address
when a reverse lookup is performed, he may be able to circumvent
this mechanism.

Solution : Upgrade to OpenSSH 3.6.2 when it comes out
Threat Level: Low

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.