OpenSSH SSHFP Record Verification Weakness

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

A secure shell client on the remote host could be used to bypass host
verification methods.

Description :

According to its banner, the version of OpenSSH running on the remote
host is 6.1 through 6.6.

It is, therefore, affected by a host verification bypass vulnerability
related to SSHFP and certificates that could allow a malicious SSH
server to cause the supplied client to inappropriately trust the
server.

See also :

http://thread.gmane.org/gmane.network.openssh.devel/20679
https://tools.ietf.org/html/rfc4255
http://seclists.org/oss-sec/2014/q1/663

Solution :

Update to version 6.7 or later or apply the vendor patch.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 78655 ()

Bugtraq ID: 66459

CVE ID: CVE-2014-2653

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now