OpenSSH < 3.4 Multiple Remote Overflows

This script is Copyright (C) 2002-2012 Tenable Network Security, Inc.


Synopsis :

The remote host has an application that is affected multiple
vulnerabilities.

Description :

According to its banner, the remote host appears to be
running OpenSSH version 3.4 or older. Such versions are
reportedly affected by multiple flaws. An attacker may
exploit these vulnerabilities to gain a shell on the remote
system.

Note that several distributions patched this hole without
changing the version number of OpenSSH. Since Nessus solely
relied on the banner of the remote SSH server to perform this
check, this might be a false positive.

If you are running a RedHat host, make sure that the command :
rpm -q openssh-server

Returns :
openssh-server-3.1p1-6

See also :

http://www.openssh.com/txt/preauth.adv

Solution :

Upgrade to OpenSSH 3.4 or contact your vendor for a patch.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 11031 ()

Bugtraq ID: 5093

CVE ID: CVE-2002-0639
CVE-2002-0640