OpenSSH < 4.0 known_hosts Plaintext Host Information Disclosure

This script is Copyright (C) 2011 Tenable Network Security, Inc.


Synopsis :

The remote SSH server is affected by an information disclosure
vulnerability.

Description :

According to its banner, the remote host is running a version of
OpenSSH prior to 4.0. Versions of OpenSSH earlier than 4.0 are
affected by an information disclosure vulnerability because the
application stores hostnames, IP addresses, and keys in plaintext in
the 'known_hosts' file. A local attacker, exploiting this flaw, could
gain access to sensitive information that could be used in subsequent
attacks.

See also :

http://www.openssh.org/txt/release-4.0
http://nms.csail.mit.edu/projects/ssh/
http://www.eweek.com/c/a/Security/Researchers-Reveal-Holes-in-Grid/

Solution :

Upgrade to OpenSSH 4.0 or later.

Risk factor :

Low / CVSS Base Score : 1.2
(CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N)

Family: Misc.

Nessus Plugin ID: 44075 ()

Bugtraq ID:

CVE ID: CVE-2005-2666
CVE-2007-4654
CVE-2004-2760