SSH RSAREF Library Multiple Functions Local Overflow

High Nessus Plugin ID 10269


The remote SSH server may allow execution of arbitrary code.


The remote SSH server is version 1.2.27 or earlier.

If this version was compiled against the RSAREF library, then it is likely to be vulnerable to a buffer overflow that a remote attacker could exploit to gain root privileges on the affected system.

To determine if you compiled ssh against the RSAREF library, type 'ssh
-V' on the remote host.


Either re-compile ssh to avoid using the RSAREF library or upgrade to SSH 2.x or later.

See Also

Plugin Details

Severity: High

ID: 10269

File Name: ssh_overflow.nasl

Version: $Revision: 1.32 $

Type: remote

Family: Misc.

Published: 1999/11/11

Modified: 2016/11/03

Dependencies: 10267

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1999/12/01

Reference Information

CVE: CVE-1999-0834

BID: 843

OSVDB: 213