SSH (SSF Derivative) Detection

This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.


Synopsis :

The remote version of the SSH server is not maintained
any more.

Description :

According to its banner, the remote SSH server is the
SSF derivative.

SSF had been written to be compliant with restrictive
laws on cryptography in some European countries, France
especially.

These regulations have been softened and OpenSSH received
a formal authorisation from the French administration in
2002 and the development of SSF has been discontinued.

SSF is based on an old version of OpenSSH and it implements
an old version of the protocol. As it is not maintained any
more, it might be vulnerable to dangerous flaws.

See also :

http://ccweb.in2p3.fr/secur/ssf/
http://perso.univ-rennes1.fr/bernard.perrot/SSF/

Solution :

Remove SSF and install an up-to-date version of OpenSSH.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

Family: Service detection

Nessus Plugin ID: 31421 ()

Bugtraq ID:

CVE ID: