OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow

High Nessus Plugin ID 10954


Arbitrary code may be run on the remote host.


You are running a version of OpenSSH older than OpenSSH 3.2.1.

A buffer overflow exists in the daemon if AFS is enabled on your system, or if the options KerberosTgtPassing or AFSTokenPassing are enabled. Even in this scenario, the vulnerability may be avoided by enabling UsePrivilegeSeparation.

Versions prior to 2.9.9 are vulnerable to a remote root exploit. Versions prior to 3.2.1 are vulnerable to a local root exploit.


Upgrade to version 3.2.1 or later.

Plugin Details

Severity: High

ID: 10954

File Name: openssh_afs.nasl

Version: $Revision: 1.27 $

Type: remote

Published: 2002/05/12

Modified: 2012/02/21

Dependencies: 12309, 10267

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2003/05/22

Reference Information

CVE: CVE-2002-0575

BID: 4560

OSVDB: 781