SunSSH < 1.1.1 / 1.3 CBC Plaintext Disclosure

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The SSH service running on the remote host has an information
disclosure vulnerability.

Description :

The version of SunSSH running on the remote host has an information
disclosure vulnerability. A design flaw in the SSH specification
could allow a man-in-the-middle attacker to recover up to 32 bits of
plaintext from an SSH-protected connection in the standard
configuration. An attacker could exploit this to gain access to
sensitive information.

Note that this version of SunSSH is also prone to several additional
issues but Nessus did not test for them.

See also :

http://www.nessus.org/u?4984aeb9
http://www.nessus.org/u?b679208a
http://blogs.oracle.com/janp/entry/on_sunssh_versioning

Solution :

Upgrade to SunSSH 1.1.1 / 1.3 or later

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true