OpenSSH LoginGraceTime / MaxStartups DoS

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote SSH service is susceptible to a remote denial of service
attack.

Description :

According to its banner, a version of OpenSSH earlier than version 6.2
is listening on this port. The default configuration of OpenSSH
installs before 6.2 could allow a remote attacker to bypass the
LoginGraceTime and MaxStartups thresholds by periodically making a large
number of new TCP connections and thereby prevent legitimate users from
gaining access to the service.

Note that this plugin has not tried to exploit the issue or detect
whether the remote service uses a vulnerable configuration. Instead, it
has simply checked the version of OpenSSH running on the remote host.

See also :

http://www.openwall.com/lists/oss-security/2013/02/06/5
http://openssh.org/txt/release-6.2
http://tools.cisco.com/security/center/viewAlert.x?alertId=28883

Solution :

Upgrade to OpenSSH 6.2 and review the associated server configuration
settings.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Denial of Service

Nessus Plugin ID: 67140 ()

Bugtraq ID: 58162

CVE ID: CVE-2010-5107