OpenSSH < 3.4 Multiple Remote Overflows

This script is Copyright (C) 2002-2012 Tenable Network Security, Inc.

Synopsis :

The remote host has an application that is affected multiple

Description :

According to its banner, the remote host appears to be
running OpenSSH version 3.4 or older. Such versions are
reportedly affected by multiple flaws. An attacker may
exploit these vulnerabilities to gain a shell on the remote

Note that several distributions patched this hole without
changing the version number of OpenSSH. Since Nessus solely
relied on the banner of the remote SSH server to perform this
check, this might be a false positive.

If you are running a RedHat host, make sure that the command :
rpm -q openssh-server

Returns :

See also :

Solution :

Upgrade to OpenSSH 3.4 or contact your vendor for a patch.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 11031 ()

Bugtraq ID: 5093

CVE ID: CVE-2002-0639

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now