OpenSSH Legacy Certificate Signing Information Disclosure

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.

Synopsis :

Remote attackers may be able to access sensitive information.

Description :

According to the banner, OpenSSH 5.6 or 5.7 is running on the remote
host. These versions contain an information disclosure vulnerability.
This vulnerability may cause the contents of the stack to be copied
into an SSH certificate, which is visible to a remote attacker. This
information may lead to further attacks.

See also :

Solution :

Upgrade to OpenSSH 5.8 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 51920 ()

Bugtraq ID: 46155

CVE ID: CVE-2011-0539

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial