RHEL 2.1 : openssh (RHSA-2003:224)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated OpenSSH packages are now available. These updates close an
information leak caused by sshd's interaction with the PAM system.

OpenSSH is a suite of network connectivity tools that can be used to
establish encrypted connections between systems on a network and can
provide interactive login sessions and port forwarding, among other
functions.

When configured to allow password-based or challenge-response
authentication, sshd (the OpenSSH server) uses PAM (Pluggable
Authentication Modules) to verify the user's password. Under certain
conditions, OpenSSH versions prior to 3.6.1p1 reject an invalid
authentication attempt without first attempting authentication using
PAM.

If PAM is configured with its default failure delay, the amount of
time sshd takes to reject an invalid authentication request varies
widely enough that the timing variations could be used to deduce
whether or not an account with a specified name existed on the server.
This information could then be used to narrow the focus of an attack
against some other system component.

These updates contain backported fixes that cause sshd to always
attempt PAM authentication when performing password and
challenge-response authentication for clients.

See also :

https://www.redhat.com/security/data/cve/CVE-2003-0190.html
http://rhn.redhat.com/errata/RHSA-2003-224.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12407 ()

Bugtraq ID:

CVE ID: CVE-2003-0190
CVE-2003-1562