SSH with Kerberos NFS Share Ticket Disclosure

Low Nessus Plugin ID 10472


The remote SSH server does not properly protect the kerberos tickets of the users.


The remote host is running a version of SSH which is older than (or as old as) version 1.2.27.

There is a flaw in the remote version of this software which allows an attacker to eavesdrop the kerberos tickets of legitimate users of this service, as sshd will set their environment variable KRB5CCNAME to 'none' when they log in. As a result, kerberos tickets will be stored in the current working directory of the user, as 'none'.

In certain cases, this may allow an attacker to obtain the tickets.


Upgrade to the newest version of SSH.

Plugin Details

Severity: Low

ID: 10472

File Name: ssh_kerberos.nasl

Version: $Revision: 1.27 $

Type: remote

Family: Misc.

Published: 2000/07/16

Modified: 2011/03/16

Dependencies: 10267

Risk Information

Risk Factor: Low


Base Score: 2.6

Temporal Score: 2.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Vulnerability Publication Date: 2000/06/30

Reference Information

CVE: CVE-2000-0575

BID: 1426

OSVDB: 371