icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

SSH RSAREF Library Multiple Overflows

High

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running a version of SSH which is older (or as old as) 1.2.27. If this version was compiled against the RSAREF library (which can not be determined remotely), then it is very likely to be vulnerable to a buffer overflow that may allow an attacker to obtain a root shell on this host. To determine if SSH has been compiled against the RSAREF library, log into the remote host and type 'ssh -V'

Solution

Upgrade to SSH 2.x or do not use the RSAREF library.