OpenSSH < 6.6 Multiple Vulnerabilities

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The SSH server on the remote host has multiple vulnerabilities.

Description :

According to its banner, the version of OpenSSH running on the remote
host is prior to version 6.6. It is, therefore, affected by the
following vulnerabilities :

- An error exists related to the function 'hash_buffer' in
the file 'schnorr.c' that could allow denial of service
attacks. Note that the J-PAKE protocol must be enabled
at compile time via the 'CFLAGS' variable '-DJPAKE' in
the file 'Makefile.inc' in order for the OpenSSL
installation to be vulnerable. This is not enabled by
default. Further note that only versions 5.3 through
6.5.x are affected by this issue. (CVE-2014-1692)

- An error exists related to the 'AcceptEnv' configuration
setting in 'sshd_config' and wildcards. An attacker can
bypass environment restrictions by using a specially
crafted request. (CVE-2014-2532)

See also :

http://www.openssh.com/txt/release-6.6
http://www.gossamer-threads.com/lists/openssh/dev/57663#57663

Solution :

Upgrade to OpenSSH 6.6 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 73079 ()

Bugtraq ID: 65230
66355

CVE ID: CVE-2014-1692
CVE-2014-2532