OpenSSH < 4.2 Multiple Vulnerabilities

low Nessus Plugin ID 19592

Synopsis

The remote SSH server has multiple vulnerabilities.

Description

According to its banner, the version of OpenSSH installed on the remote host has the following vulnerabilities :

- X11 forwarding may be enabled unintentionally when multiple forwarding requests are made on the same session, or when an X11 listener is orphaned after a session goes away. (CVE-2005-2797)

- GSSAPI credentials may be delegated to users who log in using something other than GSSAPI authentication if 'GSSAPIDelegateCredentials' is enabled. (CVE-2005-2798)

- Attempting to log in as a nonexistent user causes the authentication process to hang, which could be exploited to enumerate valid user accounts.
Only OpenSSH on Mac OS X 10.4.x is affected.
(CVE-2006-0393)

- Repeatedly attempting to log in as a nonexistent user could result in a denial of service.
Only OpenSSH on Mac OS X 10.4.x is affected.
(CVE-2006-0393)

Solution

Upgrade to OpenSSH 4.2 or later. For OpenSSH on Mac OS X 10.4.x, apply Mac OS X Security Update 2006-004.

See Also

http://www.openssh.com/txt/release-4.2

https://lists.apple.com/archives/security-announce/2006/Aug/msg00000.html

https://support.apple.com/?artnum=304063

Plugin Details

Severity: Low

ID: 19592

File Name: openssh_42.nasl

Version: 1.21

Type: remote

Family: Misc.

Published: 9/7/2005

Updated: 3/27/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Required KB Items: installed_sw/OpenSSH

Exploit Ease: No known exploits are available

Patch Publication Date: 9/1/2005

Vulnerability Publication Date: 9/1/2005

Reference Information

CVE: CVE-2005-2797, CVE-2005-2798, CVE-2006-0393

BID: 14727, 14729, 19289