OpenSSH < 3.7.1p2 Multiple Remote Vulnerabilities

This script is Copyright (C) 2003-2012 Tenable Network Security, Inc.


Synopsis :

The remote host has an application which may allow an
attacker to login potentially as root without password.

Description :

According to its banner, the remote host appears to be
running OpenSSH 3.7p1 or 3.7.1p1. These versions are
vulnerable to a flaw in the way they handle PAM
authentication when PrivilegeSeparation is disabled.

Successful exploitation of this issue may allow an
attacker to gain a shell on the remote host using a
null password.

Solution :

Upgrade to OpenSSH 3.7.1p2 or disable PAM support in sshd_config

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 11848 ()

Bugtraq ID: 8677

CVE ID: CVE-2003-0786
CVE-2003-0787