OpenSSH < 3.0.2 Multiple Vulnerabilities

This script is copyright (C) 2001-2011 by EMAZE Networks S.p.A.


Synopsis :

The SSH service running on the remote host has multiple
vulnerabilities.

Description :

You are running a version of OpenSSH which is older than 3.0.2.
Versions prior than 3.0.2 have the following vulnerabilities :

- When the UseLogin feature is enabled, a local user
could export environment variables, resulting in
command execution as root. The UseLogin feature is
disabled by default. (CVE-2001-0872)

- A local information disclosure vulnerability.
Only FreeBSD hosts are affected by this issue.
(CVE-2001-1029)

See also :

http://archives.neohapsis.com/archives/bugtraq/2001-09/0173.html
http://www.freebsd.org/releases/4.4R/errata.html
http://www.nessus.org/u?f85ed76c

Solution :

Upgrade to OpenSSH 3.0.2 or apply the patch for prior
versions. (Available at: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH)

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 10823 ()

Bugtraq ID: 3614

CVE ID: CVE-2001-0872
CVE-2001-1029