OpenSSH < 4.4 Multiple Vulnerabilities

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.


Synopsis :

The remote SSH server is affected by multiple vulnerabilities.

Description :

According to its banner, the version of OpenSSH installed on the
remote host is affected by multiple vulnerabilities :

- A race condition exists that may allow an
unauthenticated, remote attacker to crash the service
or, on portable OpenSSH, possibly execute code on the
affected host. Note that successful exploitation
requires that GSSAPI authentication be enabled.

- A flaw exists that may allow an attacker to determine
the validity of usernames on some platforms. Note that
this issue requires that GSSAPI authentication be
enabled.

- When SSH version 1 is used, an issue can be triggered
via an SSH packet that contains duplicate blocks that
could result in a loss of availability for the service.

- On Fedora Core 6 (and possibly other systems), an
unspecified vulnerability in the
linux_audit_record_event() function allows remote
attackers to inject incorrect information into
audit logs.

See also :

http://www.openssh.com/txt/release-4.4

Solution :

Upgrade to OpenSSH 4.4 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true