OpenSSH < 2.9.9p2 echo simulation Information Disclosure

This script is Copyright (C) 2011 Tenable Network Security, Inc.


Synopsis :

The remote SSH service is affected by an information disclosure
vulnerability.

Description :

According to its banner, the remote host is running a version of
OpenSSH earlier than 2.9.9p2. It therefore can potentially disclose
the fact that the 'echo simulation' countermeasure is in use because
the application sends an additional echo packet after the password and
carriage return is entered.

Note that this issue only exists when the 'echo simulation'
countermeasure is enabled.

Solution :

Upgrade to OpenSSH 2.9.9p2 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Misc.

Nessus Plugin ID: 44070 ()

Bugtraq ID:

CVE ID: CVE-2001-1382