Detections
Analytics

SSH Secure Shell without PTY setsid() Function Privilege Escalation

high Nessus Plugin ID 11169

Synopsis

The remote SSH server is affected by a privilege escalation vulnerability.

Description

According to its banner, the version of SSH Secure Shell running on the remote host is between 2.0.13 and 3.2.1. There is a bug in such versions that may allow a non-interactive shell session, such as used in scripts, to obtain higher privileges due to a flaw in the way setsid() is used.

Solution

Upgrade to SSH Secure Shell 3.1.5 / 3.2.2 or later.

See Also

http://www.nessus.org/u?a7fe1d74

Plugin Details

Severity: High

ID: 11169

File Name: ssh_setsid.nasl

Version: 1.22

Type: remote

Family: Misc.

Published: 11/25/2002

Updated: 7/30/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 11/26/2002

Reference Information

CVE: CVE-2002-1644

BID: 6247