SSH with Kerberos NFS Share Ticket Disclosure

This script is Copyright (C) 2000-2011 Tenable Network Security, Inc.


Synopsis :

The remote SSH server does not properly protect the kerberos tickets of
the users.

Description :

The remote host is running a version of SSH which is older than (or as old as)
version 1.2.27.

There is a flaw in the remote version of this software which allows an attacker
to eavesdrop the kerberos tickets of legitimate users of this service, as sshd
will set their environment variable KRB5CCNAME to 'none' when they log in.
As a result, kerberos tickets will be stored in the current working directory
of the user, as 'none'.

In certain cases, this may allow an attacker to obtain the tickets.

Solution :

Upgrade to the newest version of SSH.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 2.1
(CVSS2#E:F/RL:OF/RC:C)

Family: Misc.

Nessus Plugin ID: 10472 ()

Bugtraq ID: 1426

CVE ID: CVE-2000-0575