OpenSSH 2.5.x - 2.9 Multiple Vulnerabilities

This script is Copyright (C) 2001-2012 Tenable Network Security, Inc.

Synopsis :

The remote version of OpenSSH contains multiple vulnerabilities.

Description :

According to its banner, the remote host appears to be running
OpenSSH version between 2.5.x and 2.9. Such versions reportedly
contain multiple vulnerabilities :

- sftp-server does not respect the 'command=' argument of
keys in the authorized_keys2 file. (CVE-2001-0816)

- sshd does not properly handle the 'from=' argument of
keys in the authorized_keys2 file. If a key of one type
(e.g. RSA) is followed by a key of another type (e.g.
DSA) then the options for the latter will be applied to
the former, including 'from=' restrictions. This problem
allows users to circumvent the system policy and login
from disallowed source IP addresses. (CVE-2001-1380)

See also :

Solution :

Upgrade to OpenSSH 2.9.9

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 7.1
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 10771 ()

Bugtraq ID: 3345

CVE ID: CVE-2001-0816