FreeBSD : FreeBSD -- Denial of service attack against sshd(8) (73e9a137-6007-11e6-a6c3-14dae9d210b8)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Although OpenSSH is not multithreaded, when OpenSSH is compiled with
Kerberos support, the Heimdal libraries bring in the POSIX thread
library as a dependency. Due to incorrect library ordering while
linking sshd(8), symbols in the C library which are shadowed by the
POSIX thread library may not be resolved correctly at run time.

Note that this problem is specific to the FreeBSD build system and
does not affect other operating systems or the version of OpenSSH
available from the FreeBSD ports tree. Impact : An incorrectly linked
sshd(8) child process may deadlock while handling an incoming
connection. The connection may then time out or be interrupted by the
client, leaving the deadlocked sshd(8) child process behind.
Eventually, the sshd(8) parent process stops accepting new
connections.

An attacker may take advantage of this by repeatedly connecting and
then dropping the connection after having begun, but not completed,
the authentication process.

See also :

http://www.nessus.org/u?cb62f09e

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 92911 ()

Bugtraq ID: 70913

CVE ID: CVE-2014-8475

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now