OpenSSH < 4.2 Multiple Vulnerabilities

This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.

Synopsis :

The remote SSH server has multiple vulnerabilities.

Description :

According to its banner, the version of OpenSSH installed on the
remote host has the following vulnerabilities :

- X11 forwarding may be enabled unintentionally when
multiple forwarding requests are made on the same session,
or when an X11 listener is orphaned after a session goes
away. (CVE-2005-2797)

- GSSAPI credentials may be delegated to users who
log in using something other than GSSAPI authentication
if 'GSSAPIDelegateCredentials' is enabled. (CVE-2005-2798)

- Attempting to log in as a nonexistent user causes
the authentication process to hang, which could
be exploited to enumerate valid user accounts.
Only OpenSSH on Mac OS X 10.4.x is affected.

- Repeatedly attempting to log in as a nonexistent
user could result in a denial of service.
Only OpenSSH on Mac OS X 10.4.x is affected.

See also :

Solution :

Upgrade to OpenSSH 4.2 or later. For OpenSSH on Mac OS X 10.4.x,
apply Mac OS X Security Update 2006-004.

Risk factor :

Low / CVSS Base Score : 3.5
CVSS Temporal Score : 2.7
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 19592 ()

Bugtraq ID: 14727

CVE ID: CVE-2005-2797