Debian DSA-027-1 : OpenSSH - remote exploit

This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.

Synopsis :

The remote Debian host is missing a security-related update.

Description :

- Versions of OpenSSH prior to 2.3.0 are vulnerable to a
remote arbitrary memory overwrite attack which may lead
to a root exploit.
- CORE-SDI has described a problem with regards to RSA key
exchange and a Bleichenbacher attack to gather the
session key from an ssh session.

Both of these issues have been corrected in our ssh package 1.2.3-9.2.
We recommend you upgrade your openssh package immediately.

See also :

Solution :

Upgrade the affected ssh package.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 9.5
Public Exploit Available : true

Family: Debian Local Security Checks

Nessus Plugin ID: 14864 (debian_DSA-027.nasl)

Bugtraq ID: 2344

CVE ID: CVE-2001-0144

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now