OpenSSH < 2.9.9p2 echo simulation Information Disclosure

This script is Copyright (C) 2011 Tenable Network Security, Inc.


Synopsis :

The remote SSH service is affected by an information disclosure
vulnerability.

Description :

According to its banner, the remote host is running a version of
OpenSSH earlier than 2.9.9p2. It therefore can potentially disclose
the fact that the 'echo simulation' countermeasure is in use because
the application sends an additional echo packet after the password and
carriage return is entered.

Note that this issue only exists when the 'echo simulation'
countermeasure is enabled.

Solution :

Upgrade to OpenSSH 2.9.9p2 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Misc.

Nessus Plugin ID: 44070 ()

Bugtraq ID:

CVE ID: CVE-2001-1382

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial