OpenSSH < 4.0 known_hosts Plaintext Host Information Disclosure

This script is Copyright (C) 2011 Tenable Network Security, Inc.


Synopsis :

The remote SSH server is affected by an information disclosure
vulnerability.

Description :

According to its banner, the remote host is running a version of
OpenSSH prior to 4.0. Versions of OpenSSH earlier than 4.0 are
affected by an information disclosure vulnerability because the
application stores hostnames, IP addresses, and keys in plaintext in
the 'known_hosts' file. A local attacker, exploiting this flaw, could
gain access to sensitive information that could be used in subsequent
attacks.

See also :

http://www.openssh.org/txt/release-4.0
http://nms.csail.mit.edu/projects/ssh/
http://www.eweek.com/c/a/Security/Researchers-Reveal-Holes-in-Grid/

Solution :

Upgrade to OpenSSH 4.0 or later.

Risk factor :

Low / CVSS Base Score : 1.2
(CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N)

Family: Misc.

Nessus Plugin ID: 44075 ()

Bugtraq ID:

CVE ID: CVE-2005-2666
CVE-2007-4654
CVE-2004-2760

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial