OpenSSH 2.5.x - 2.9 Multiple Vulnerabilities

High Nessus Plugin ID 10771

Synopsis

The remote version of OpenSSH contains multiple vulnerabilities.

Description

According to its banner, the remote host appears to be running OpenSSH version between 2.5.x and 2.9. Such versions reportedly contain multiple vulnerabilities :

- sftp-server does not respect the 'command=' argument of keys in the authorized_keys2 file. (CVE-2001-0816)

- sshd does not properly handle the 'from=' argument of keys in the authorized_keys2 file. If a key of one type (e.g. RSA) is followed by a key of another type (e.g. DSA) then the options for the latter will be applied to the former, including 'from=' restrictions. This problem allows users to circumvent the system policy and login from disallowed source IP addresses. (CVE-2001-1380)

Solution

Upgrade to OpenSSH 2.9.9

See Also

http://www.openbsd.org/advisories/ssh_option.txt

http://www.nessus.org/u?2bb81c0a

http://www.openssh.com/txt/release-2.9.9

Plugin Details

Severity: High

ID: 10771

File Name: openssh_adv_option.nasl

Version: 1.29

Type: remote

Family: Misc.

Published: 2001/09/28

Modified: 2018/07/16

Dependencies: 10267

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2001/09/26

Vulnerability Publication Date: 2001/09/26

Reference Information

CVE: CVE-2001-0816, CVE-2001-1380

BID: 3345, 3369

CERT: 905795