SSH RSAREF Library Multiple Functions Local Overflow
High Nessus Plugin ID 10269
SynopsisThe remote SSH server may allow execution of arbitrary code.
DescriptionThe remote SSH server is version 1.2.27 or earlier.
If this version was compiled against the RSAREF library, then it is likely to be vulnerable to a buffer overflow that a remote attacker could exploit to gain root privileges on the affected system.
To determine if you compiled ssh against the RSAREF library, type 'ssh
-V' on the remote host.
SolutionEither re-compile ssh to avoid using the RSAREF library or upgrade to SSH 2.x or later.