OpenSSH LoginGraceTime / MaxStartups DoS

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote SSH service is susceptible to a remote denial of service
attack.

Description :

According to its banner, a version of OpenSSH earlier than version 6.2
is listening on this port. The default configuration of OpenSSH
installs before 6.2 could allow a remote attacker to bypass the
LoginGraceTime and MaxStartups thresholds by periodically making a large
number of new TCP connections and thereby prevent legitimate users from
gaining access to the service.

Note that this plugin has not tried to exploit the issue or detect
whether the remote service uses a vulnerable configuration. Instead, it
has simply checked the version of OpenSSH running on the remote host.

See also :

http://www.openwall.com/lists/oss-security/2013/02/06/5
http://openssh.org/txt/release-6.2
http://tools.cisco.com/security/center/viewAlert.x?alertId=28883

Solution :

Upgrade to OpenSSH 6.2 and review the associated server configuration
settings.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Denial of Service

Nessus Plugin ID: 67140 ()

Bugtraq ID: 58162

CVE ID: CVE-2010-5107

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial