20020527 OpenSSH 3.2.3 released (fwd)

bsd-sshd-authentication-error(9215)

20020522 004: SECURITY FIX: May 22, 2002

5113

4803

According to its banner, the version of OpenSSH running on the remote host is older than 3.2.3.  It therefore may be affected by an authentication bypass issue.  On systems using YP with netgroups, sshd authenticates users via ACL by checking for the requested username and password.  Under certain conditions when doing ACL checks, it may instead use the password entry of a different user for authentication. This means unauthorized users could authenticate successfully, and authorized users could be locked out.

The version of SunSSH running on the remote host has an information disclosure vulnerability.  A design flaw in the SSH specification could allow a man-in-the-middle attacker to recover up to 32 bits of plaintext from an SSH-protected connection in the standard configuration.  An attacker could exploit this to gain access to sensitive information.

Note that this version of SunSSH is also prone to several additional issues but Nessus did not test for them.

ID	Name	Product	Family	Severity
44072	OpenSSH < 3.2.3 YP Netgroups Authentication Bypass	Nessus	Gain a shell remotely	high
55992	SunSSH < 1.1.1 / 1.3 CBC Plaintext Disclosure	Nessus	Misc.	critical

CVE-2002-0765

HIGH

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

critical