This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The SSH server on the remote host has multiple denial of service
According to its banner, the version of OpenSSH running on the remote
host is prior to version 5.9. Such versions are affected by multiple
denial of service vulnerabilities :
- A denial of service vulnerability exists in the
gss-serv.c 'ssh_gssapi_parse_ename' function. A remote
attacker may be able to trigger this vulnerability if
gssapi-with-mic is enabled to create a denial of service
condition via a large value in a certain length field.
- On FreeBSD, NetBSD, OpenBSD, and other products, a
remote, authenticated attacker could exploit the
remote_glob() and process_put() functions to cause a
denial of service (CPU and memory consumption).
See also :
Upgrade to OpenSSH 5.9 or later.
Risk factor :
Medium / CVSS Base Score : 4.0
CVSS Temporal Score : 3.5
Public Exploit Available : true