OpenSSH < 3.6.2 Reverse DNS Lookup Bypass

This script is Copyright (C) 2003-2014 Tenable Network Security, Inc.

Synopsis :

The remote host has an application that is affected by DNS
lookup bypass vulnerability.

Description :

According to its banner, the remote host appears to be running
OpenSSH-portable version 3.6.1 or older.

There is a flaw in such version that could allow an attacker to
bypass the access controls set by the administrator of this server.

OpenSSH features a mechanism that can restrict the list of
hosts a given user can log from by specifying a pattern
in the user key file (ie: * would let a user
connect only from the local network).

However there is a flaw in the way OpenSSH does reverse DNS lookups.
If an attacker configures a DNS server to send a numeric IP address
when a reverse lookup is performed, this mechanism could be

Solution :

Upgrade to OpenSSH 3.6.2 or later.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 11712 ()

Bugtraq ID: 7831

CVE ID: CVE-2003-0386

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now