Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN34-1 : openssh information leakage Vulnerability Scan

Vulnerability Scan Summary
openssh information leakage

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- openssh-client
- openssh-server
- ssh
- ssh-askpass-gnome

Description : discovered two information leaks in the OpenSSH
server. When using password authentication, a possible hacker could
test whether a login name exists by measuring the time between
failed login attempts, i. e. the time after which the "password:"
prompt appears again.

A similar issue affects systems which do not allow root logins over
ssh ("PermitRootLogin no"). By measuring the time between login
attempts a possible hacker could check whether a given root password is
correct. This allowed determining weak root passwords using a brute
force attack.

Solution :

Upgrade to :
- openssh-client-3.8.1p1-11ubuntu3.1 (Ubuntu 4.10)
- openssh-server-3.8.1p1-11ubuntu3.1 (Ubuntu 4.10)
- ssh-3.8.1p1-11ubuntu3.1 (Ubuntu 4.10)
- ssh-askpass-gnome-3.8.1p1-11ubuntu3.1 (Ubuntu 4.10)

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.