This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
The version of the FreeBSD kernel running on the remote host is prior
to 10.3-RELEASE-p21, 11.0 prior to 11.0-RELEASE-p12, or 11.1 prior to
11.1-RELEASE-p1. It, therefore, affected by a flaw in built-in
password authentication in OpenSSH. An unauthenticated, remote
attacker can exploit this issue by sending very long passwords when
PasswordAuthentication is enabled by the system administrator,
resulting in a denial of service condition.
Note that this issue only affects hosts with PasswordAuthentication
enabled in /etc/ssh/sshd_config (the default FreeBSD configuration).
You may workaround this issue by disabling PasswordAuthentication and
See also :
Upgrade to FreeBSD version 10.3-RELEASE-p21 / 11.0-RELEASE-p12 /
11.1-RELEASE-p1 or later. Alternatively, apply the workaround
referenced in the advisory to disable PasswordAuthentication.
Risk factor :
High / CVSS Base Score : 7.8