OpenSSH < 1.2.2 sshd Local TCP Redirection Connection Masking Weakness

medium Nessus Plugin ID 17699

Synopsis

The SSH server running on the remote host allows connections to be redirected.

Description

According to its banner, the version of OpenSSH running on the remote host allows local users without shell access to redirect TCP connections with the IDENT 'root@localhost'. A local attacker could use this incorrect IDENT to bypass monitoring/logging.

Solution

Either upgrade to OpenSSH 1.2.2 or later or use one of the 'IMMUNE CONFIGURATIONS' referenced in the advisory titled 'sshd-restricted-users-incorrect-configuration'.

See Also

https://seclists.org/bugtraq/2000/Feb/200

https://seclists.org/bugtraq/2000/Feb/212

https://seclists.org/bugtraq/2000/Feb/231

Plugin Details

Severity: Medium

ID: 17699

File Name: openssh_122.nasl

Version: 1.6

Type: remote

Family: Misc.

Published: 11/18/2011

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.3

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Patch Publication Date: 1/26/2001

Vulnerability Publication Date: 1/25/2001

Reference Information

CVE: CVE-2000-0143