OpenSSH Legacy Certificate Signing Information Disclosure

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.

Synopsis :

Remote attackers may be able to access sensitive information.

Description :

According to the banner, OpenSSH 5.6 or 5.7 is running on the remote
host. These versions contain an information disclosure vulnerability.
This vulnerability may cause the contents of the stack to be copied
into an SSH certificate, which is visible to a remote attacker. This
information may lead to further attacks.

See also :

Solution :

Upgrade to OpenSSH 5.8 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 51920 ()

Bugtraq ID: 46155

CVE ID: CVE-2011-0539

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now