SSH ssh-keygen with Secure-RPC SUN-DES-1 Phrase Recovery

This script is Copyright (C) 2003-2011 Xue Yong Zhi


Synopsis :

The remote SSH server might allow a local user to recover a SUN-DES-1
passphrase.

Description :

The remote host is running a version of SSH Communications Security
SSH comprised between versions 1.2.27 and 1.2.30.

With Secure-RPC, this version can allow local attackers to recover a
SUN-DES-1 magic phrase generated by another user, which the attacker
can use to decrypt that user's private key file.

Solution :

Download and install the newest version of this software.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 2.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 11340 ()

Bugtraq ID: 2222

CVE ID: CVE-2001-0259