OpenSSH < 2.5.2 / 2.5.2p2 Multiple Information Disclosure Vulnerabilities

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

Remote attackers may be able to infer information about traffic
inside an SSH session.

Description :

According to its banner, the remote host appears to be running a
version of OpenSSH earlier than 2.5.2 / 2.5.2p2. It, therefore,
reportedly contains weaknesses in its implementation of the SSH
protocol, both versions 1 and 2. These weaknesses could allow an
attacker to sniff password lengths, and ranges of length (this could
make brute-force password guessing easier), determine whether RSA or
DSA authentication is being used, the number of authorized_keys in RSA
authentication and/or the length of shell commands.

See also :

http://www.openwall.com/articles/SSH-Traffic-Analysis
http://www.openssh.com/txt/release-2.5.2p2

Solution :

Upgrade to OpenSSH 2.5.2 / 2.5.2p2 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 44068 ()

Bugtraq ID: 2344
49473

CVE ID: CVE-2001-0361
CVE-2001-0572