OpenSSH < 4.2 Multiple Vulnerabilities

This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.


Synopsis :

The remote SSH server has multiple vulnerabilities.

Description :

According to its banner, the version of OpenSSH installed on the
remote host has the following vulnerabilities :

- X11 forwarding may be enabled unintentionally when
multiple forwarding requests are made on the same session,
or when an X11 listener is orphaned after a session goes
away. (CVE-2005-2797)

- GSSAPI credentials may be delegated to users who
log in using something other than GSSAPI authentication
if 'GSSAPIDelegateCredentials' is enabled. (CVE-2005-2798)

- Attempting to log in as a nonexistent user causes
the authentication process to hang, which could
be exploited to enumerate valid user accounts.
Only OpenSSH on Mac OS X 10.4.x is affected.
(CVE-2006-0393)

- Repeatedly attempting to log in as a nonexistent
user could result in a denial of service.
Only OpenSSH on Mac OS X 10.4.x is affected.
(CVE-2006-0393)

See also :

http://www.openssh.com/txt/release-4.2
http://lists.apple.com/archives/security-announce/2006/Aug/msg00000.html
http://docs.info.apple.com/article.html?artnum=304063

Solution :

Upgrade to OpenSSH 4.2 or later. For OpenSSH on Mac OS X 10.4.x,
apply Mac OS X Security Update 2006-004.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N)
CVSS Temporal Score : 2.7
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 19592 ()

Bugtraq ID: 14727
14729
19289

CVE ID: CVE-2005-2797
CVE-2005-2798
CVE-2006-0393