This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.
The remote Debian host is missing a security-related update.
- Versions of OpenSSH prior to 2.3.0 are vulnerable to a
remote arbitrary memory overwrite attack which may lead
to a root exploit.
- CORE-SDI has described a problem with regards to RSA key
exchange and a Bleichenbacher attack to gather the
session key from an ssh session.
Both of these issues have been corrected in our ssh package 1.2.3-9.2.
We recommend you upgrade your openssh package immediately.
See also :
Upgrade the affected ssh package.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 9.5
Public Exploit Available : true