Detections
Analytics

AIX OpenSSH Advisory : openssh_advisory8.asc

medium Nessus Plugin ID 90942

Language:

Synopsis

The remote AIX host has a version of OpenSSH installed that is affected by multiple vulnerabilities.

Description

The remote AIX host has a version of OpenSSH installed that is affected by the following vulnerabilities :

 - A remote code execution vulnerability exists in the sshd server component of OpenSSH due to improper sanitization of X11 authentication credentials. An authenticated, remote attacker can exploit this vulnerability to inject arbitrary xauth commands.
 (CVE-2016-3115)

 - A security bypass vulnerability exists in the sshd server component of OpenSSH due to improper error handling. An authenticated, remote attacker can exploit this vulnerability, when an authentication cookie is generated during untrusted X11 forwarding, to gain access to the X server on the host system.
 (CVE-2016-1908)

Solution

A fix is available and can be downloaded from the IBM AIX website.

See Also

https://aix.software.ibm.com/aix/efixes/security/openssh_advisory8.asc

Plugin Details

Severity: Medium

ID: 90942

File Name: aix_openssh_advisory8.nasl

Version: 1.8

Type: local

Published: 5/6/2016

Updated: 4/21/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Vulnerability Information

CPE: cpe:/o:ibm:aix, cpe:/a:openbsd:openssh

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/3/2016

Vulnerability Publication Date: 1/14/2016

Reference Information

CVE: CVE-2016-1908, CVE-2016-3115