AIX OpenSSH Advisory : openssh_advisory8.asc

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote AIX host has a version of OpenSSH installed that is
affected by multiple vulnerabilities.

Description :

The remote AIX host has a version of OpenSSH installed that is
affected by the following vulnerabilities :

- A remote code execution vulnerability exists in the
sshd server component of OpenSSH due to improper
sanitization of X11 authentication credentials. An
authenticated, remote attacker can exploit this
vulnerability to inject arbitrary xauth commands.
(CVE-2016-3115)

- A security bypass vulnerability exists in the sshd
server component of OpenSSH due to improper error
handling. An authenticated, remote attacker can exploit
this vulnerability, when an authentication cookie is
generated during untrusted X11 forwarding, to gain
access to the X server on the host system.
(CVE-2016-1908)

See also :

http://aix.software.ibm.com/aix/efixes/security/openssh_advisory8.asc

Solution :

A fix is available and can be downloaded from the IBM AIX website.

Risk factor :

Medium / CVSS Base Score : 5.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N)
CVSS Temporal Score : 4.5
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: AIX Local Security Checks

Nessus Plugin ID: 90942 ()

Bugtraq ID:

CVE ID: CVE-2016-1908
CVE-2016-3115

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now