This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
The SSH server running on the remote host is affected by multiple
According to its banner, the version of OpenSSH running on the remote
host is prior to 7.0. It is, therefore, affected by the following
- A security bypass vulnerability exists in the
kbdint_next_device() function in file auth2-chall.c that
allows the circumvention of MaxAuthTries during
keyboard-interactive authentication. A remote attacker
can exploit this issue to force the same authentication
method to be tried thousands of times in a single pass
by using a crafted keyboard-interactive 'devices'
string, thus allowing a brute-force attack or causing a
denial of service. (CVE-2015-5600)
- A security bypass vulnerability exists in sshd due to
improper handling of username data in
MONITOR_REQ_PAM_INIT_CTX requests. A local attacker can
exploit this, by sending a MONITOR_REQ_PWNAM request, to
conduct an impersonation attack. Note that this issue
only affects Portable OpenSSH. (CVE-2015-6563)
- A privilege escalation vulnerability exists due to a
use-after-free error in sshd that is triggered when
handling a MONITOR_REQ_PAM_FREE_CTX request. A local
attacker can exploit this to gain elevated privileges.
Note that this issue only affects Portable OpenSSH.
- A local command execution vulnerability exists in sshd
due to setting insecure world-writable permissions for
TTYs. A local attacker can exploit this, by injecting
crafted terminal escape sequences, to execute commands
for logged-in users. (CVE-2015-6565)
See also :
Upgrade to OpenSSH 7.0 or later.
Risk factor :
High / CVSS Base Score : 8.5
CVSS Temporal Score : 7.0
Public Exploit Available : true