OpenSSH LoginGraceTime / MaxStartups DoS

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.

Synopsis :

The remote SSH service is susceptible to a remote denial of service

Description :

According to its banner, a version of OpenSSH earlier than version 6.2
is listening on this port. The default configuration of OpenSSH
installs before 6.2 could allow a remote attacker to bypass the
LoginGraceTime and MaxStartups thresholds by periodically making a large
number of new TCP connections and thereby prevent legitimate users from
gaining access to the service.

Note that this plugin has not tried to exploit the issue or detect
whether the remote service uses a vulnerable configuration. Instead, it
has simply checked the version of OpenSSH running on the remote host.

See also :

Solution :

Upgrade to OpenSSH 6.2 and review the associated server configuration

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false

Family: Denial of Service

Nessus Plugin ID: 67140 ()

Bugtraq ID: 58162

CVE ID: CVE-2010-5107

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now