OpenSSH < 5.9 Multiple DoS

This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.


Synopsis :

The SSH server on the remote host has multiple denial of service
vulnerabilities.

Description :

According to its banner, the version of OpenSSH running on the remote
host is prior to version 5.9. Such versions are affected by multiple
denial of service vulnerabilities :

- A denial of service vulnerability exists in the
gss-serv.c 'ssh_gssapi_parse_ename' function. A remote
attacker may be able to trigger this vulnerability if
gssapi-with-mic is enabled to create a denial of service
condition via a large value in a certain length field.
(CVE-2011-5000)

- On FreeBSD, NetBSD, OpenBSD, and other products, a
remote, authenticated attacker could exploit the
remote_glob() and process_put() functions to cause a
denial of service (CPU and memory consumption).
(CVE-2010-4755)

See also :

http://cxsecurity.com/research/89
http://site.pi3.com.pl/adv/ssh_1.txt

Solution :

Upgrade to OpenSSH 5.9 or later.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVSS Temporal Score : 3.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Denial of Service

Nessus Plugin ID: 17703 ()

Bugtraq ID: 54114

CVE ID: CVE-2010-4755
CVE-2011-5000