This script is Copyright (C) 2014 Tenable Network Security, Inc.
The SSH server on the remote host has multiple vulnerabilities.
According to its banner, the version of OpenSSH running on the remote
host is prior to version 6.6. It is, therefore, affected by the
following vulnerabilities :
- An error exists related to the function 'hash_buffer' in
the file 'schnorr.c' that could allow denial of service
attacks. Note that the J-PAKE protocol must be enabled
at compile time via the 'CFLAGS' variable '-DJPAKE' in
the file 'Makefile.inc' in order for the OpenSSL
installation to be vulnerable. This is not enabled by
default. Further note that only versions 5.3 through
6.5.x are affected by this issue. (CVE-2014-1692)
- An error exists related to the 'AcceptEnv' configuration
setting in 'sshd_config' and wildcards. An attacker can
bypass environment restrictions by using a specially
crafted request. (CVE-2014-2532)
See also :
Upgrade to OpenSSH 6.6 or later.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false
Nessus Plugin ID: 73079 ()
Bugtraq ID: 6523066355
CVE ID: CVE-2014-1692CVE-2014-2532
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.