OpenSSH < 6.9 Multiple Vulnerabilities

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The SSH server running on the remote host is affected by multiple
vulnerabilities.

Description :

According to its banner, the version of OpenSSH running on the remote
host is prior to 6.9. It is, therefore, affected by the following
vulnerabilities :

- A flaw exists within the x11_open_helper() function in
the 'channels.c' file that allows connections to be
permitted after 'ForwardX11Timeout' has expired. A
remote attacker can exploit this to bypass timeout
checks and XSECURITY restrictions. (CVE-2015-5352)

- Various issues were addressed by fixing the weakness in
agent locking by increasing the failure delay, storing
the salted hash of the password, and using a timing-safe
comparison function.

- An out-of-bounds read error exists when handling
incorrect pattern lengths. A remote attacker can exploit
this to cause a denial of service or disclose sensitive
information in the memory.

- An out-of-bounds read error exists when parsing the
'EscapeChar' configuration option.

See also :

http://www.openssh.com/txt/release-6.9
http://www.nessus.org/u?725c4682

Solution :

Upgrade to OpenSSH 6.9 or later.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 84638 ()

Bugtraq ID: 75525

CVE ID: CVE-2015-5352

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now