Detections
Analytics

OpenSSH 2.5.x - 2.9 Multiple Vulnerabilities

high Nessus Plugin ID 10771

Language:

Synopsis

The remote version of OpenSSH contains multiple vulnerabilities.

Description

According to its banner, the remote host appears to be running OpenSSH version between 2.5.x and 2.9. Such versions reportedly contain multiple vulnerabilities :

 - sftp-server does not respect the 'command=' argument of keys in the authorized_keys2 file. (CVE-2001-0816)

 - sshd does not properly handle the 'from=' argument of keys in the authorized_keys2 file. If a key of one type (e.g. RSA) is followed by a key of another type (e.g. DSA) then the options for the latter will be applied to the former, including 'from=' restrictions. This problem allows users to circumvent the system policy and login from disallowed source IP addresses. (CVE-2001-1380)

Solution

Upgrade to OpenSSH 2.9.9

See Also

http://www.openbsd.org/advisories/ssh_option.txt

http://www.nessus.org/u?759da6a7

http://www.openssh.com/txt/release-2.9.9

Plugin Details

Severity: High

ID: 10771

File Name: openssh_adv_option.nasl

Version: 1.31

Type: remote

Family: Misc.

Published: 9/28/2001

Updated: 3/27/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Required KB Items: installed_sw/OpenSSH

Exploit Ease: No known exploits are available

Patch Publication Date: 9/26/2001

Vulnerability Publication Date: 9/26/2001

Reference Information

CVE: CVE-2001-0816, CVE-2001-1380

BID: 3345, 3369

CERT: 905795