OpenSSH < 3.0.1 Multiple Flaws
Medium Nessus Plugin ID 10802
SynopsisThe remote host has an application that is affected by multiple vulnerabilities.
DescriptionAccording to its banner, the remote host appears to be running OpenSSH version 3.0.1 or older. Such versions are reportedly affected by multiple flaws :
- Provided KerberosV is enabled (disabled by default), it may be possible for an attacker to partially authenticate.
- It may be possible to crash the daemon due to a excessive memory clearing bug.
SolutionUpgrade to OpenSSH 3.0.1 or later.