This script is Copyright (C) 2001-2012 Tenable Network Security, Inc.
The remote version of OpenSSH contains multiple vulnerabilities.
According to its banner, the remote host appears to be running
OpenSSH version between 2.5.x and 2.9. Such versions reportedly
contain multiple vulnerabilities :
- sftp-server does not respect the 'command=' argument of
keys in the authorized_keys2 file. (CVE-2001-0816)
- sshd does not properly handle the 'from=' argument of
keys in the authorized_keys2 file. If a key of one type
(e.g. RSA) is followed by a key of another type (e.g.
DSA) then the options for the latter will be applied to
the former, including 'from=' restrictions. This problem
allows users to circumvent the system policy and login
from disallowed source IP addresses. (CVE-2001-1380)
See also :
Upgrade to OpenSSH 2.9.9
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 7.1
Public Exploit Available : true
Nessus Plugin ID: 10771 ()
Bugtraq ID: 33453369
CVE ID: CVE-2001-0816CVE-2001-1380
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.