OpenSSH 2.5.x - 2.9 Multiple Vulnerabilities

high Nessus Plugin ID 10771
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 5.3

Synopsis

The remote version of OpenSSH contains multiple vulnerabilities.

Description

According to its banner, the remote host appears to be running OpenSSH version between 2.5.x and 2.9. Such versions reportedly contain multiple vulnerabilities :

- sftp-server does not respect the 'command=' argument of keys in the authorized_keys2 file. (CVE-2001-0816)

- sshd does not properly handle the 'from=' argument of keys in the authorized_keys2 file. If a key of one type (e.g. RSA) is followed by a key of another type (e.g. DSA) then the options for the latter will be applied to the former, including 'from=' restrictions. This problem allows users to circumvent the system policy and login from disallowed source IP addresses. (CVE-2001-1380)

Solution

Upgrade to OpenSSH 2.9.9

See Also

http://www.openbsd.org/advisories/ssh_option.txt

http://www.nessus.org/u?759da6a7

http://www.openssh.com/txt/release-2.9.9

Plugin Details

Severity: High

ID: 10771

File Name: openssh_adv_option.nasl

Version: 1.30

Type: remote

Family: Misc.

Published: 9/28/2001

Updated: 11/15/2018

Dependencies: ssh_detect.nasl

Risk Information

Risk Factor: High

VPR Score: 5.3

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Exploit Ease: No known exploits are available

Patch Publication Date: 9/26/2001

Vulnerability Publication Date: 9/26/2001

Reference Information

CVE: CVE-2001-0816, CVE-2001-1380

BID: 3345, 3369

CERT: 905795