Detections
Analytics

AIX OpenSSH Advisory: openssh_advisory.asc

low Nessus Plugin ID 73557

Language:

Synopsis

The remote AIX host is running a vulnerable version of OpenSSH.

Description

The version of OpenSSH running on the remote host is affected by the following vulnerabilities :

 - X11 man-in-the-middle attack:
 When attempting to bind(2) to a port that has previously been bound with SO_REUSEADDR set, most operating systems check that either the effective user-id matches the previous bind (common on BSD-derived systems) or that the bind addresses do not overlap. When the sshd_config(5) option X11UseLocalhost has been set to 'no' - an attacker may establish a more-specific bind, which will be used in preference to sshd's wildcard listener. (CVE-2008-3259)

 - Plaintext Recovery Attack Against SSH:
 If exploited, this attack can potentially allow an attacker to recover up to 32 bits of plaintext from an arbitrary block of ciphertext from a connection secured using the SSH protocol in the standard configuration.
 If OpenSSH is used in the standard configuration, then the attacker's success probability for recovering 32 bits of plaintext is 2^{-18}. A variant of the attack against OpenSSH in the standard configuration can verifiably recover 14 bits of plaintext with probability 2^{-14}. The success probability of the attack for other implementations of SSH is not known. (CVE-2008-5161)

Solution

A fix is available for AIX versions 5.3 and 6.1, and it can be downloaded from the OpenSSH sourceforge website for the AIX release.
There is no fix for AIX version 5.2.

See Also

https://aix.software.ibm.com/aix/efixes/security/openssh_advisory.asc

http://www.openssh.org/txt/cbc.adv

http://www.openssh.com/txt/release-5.1

https://sourceforge.net/projects/openssh-aix/files/

Plugin Details

Severity: Low

ID: 73557

File Name: aix_openssh_advisory.nasl

Version: 1.11

Type: local

Published: 4/16/2014

Updated: 4/21/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 2.3

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/o:ibm:aix

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Exploit Ease: No known exploits are available

Patch Publication Date: 6/10/2010

Vulnerability Publication Date: 7/21/2008

Reference Information

CVE: CVE-2008-3259, CVE-2008-5161

BID: 30339, 32319

CWE: 200

CERT: 958563