OpenSSH < 3.0.2 Multiple Vulnerabilities
High Nessus Plugin ID 10823
SynopsisThe SSH service running on the remote host has multiple vulnerabilities.
DescriptionYou are running a version of OpenSSH which is older than 3.0.2.
Versions prior than 3.0.2 have the following vulnerabilities :
- When the UseLogin feature is enabled, a local user could export environment variables, resulting in command execution as root. The UseLogin feature is disabled by default. (CVE-2001-0872)
- A local information disclosure vulnerability.
Only FreeBSD hosts are affected by this issue.
SolutionUpgrade to OpenSSH 3.0.2 or apply the patch for prior versions. (Available at: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH)