NewStart CGSL MAIN 6.06 : openssh Multiple Vulnerabilities (NS-SA-2025-0210)

critical Nessus Plugin ID 266250

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version MAIN 6.06, has openssh packages installed that are affected by multiple vulnerabilities:

- The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. (CVE-2016-1908)

- Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. (CVE-2006-5051)

- scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. (CVE-2006-0225)

- sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. (CVE-2006-4924)

- Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist. (CVE-2006-5794)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL openssh packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

https://security.gd-linux.com/notice/NS-SA-2025-0210

https://security.gd-linux.com/info/CVE-2006-0225

https://security.gd-linux.com/info/CVE-2006-4924

https://security.gd-linux.com/info/CVE-2006-5051

https://security.gd-linux.com/info/CVE-2006-5794

https://security.gd-linux.com/info/CVE-2007-3102

https://security.gd-linux.com/info/CVE-2010-4755

https://security.gd-linux.com/info/CVE-2010-5107

https://security.gd-linux.com/info/CVE-2014-2532

https://security.gd-linux.com/info/CVE-2014-2653

https://security.gd-linux.com/info/CVE-2014-9278

https://security.gd-linux.com/info/CVE-2015-5600

https://security.gd-linux.com/info/CVE-2015-8325

https://security.gd-linux.com/info/CVE-2016-0777

https://security.gd-linux.com/info/CVE-2016-1908

https://security.gd-linux.com/info/CVE-2016-6210

https://security.gd-linux.com/info/CVE-2018-20685

https://security.gd-linux.com/info/CVE-2021-41617

Plugin Details

Severity: Critical

ID: 266250

File Name: newstart_cgsl_NS-SA-2025-0210_openssh.nasl

Version: 1.1

Type: local

Published: 9/30/2025

Updated: 9/30/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2006-5051

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2016-1908

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_main:openssh, cpe:/o:zte:cgsl_main:6, p-cpe:/a:zte:cgsl_main:openssh-clients, p-cpe:/a:zte:cgsl_main:openssh-server

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/30/2025

Vulnerability Publication Date: 1/24/2006

Reference Information

CVE: CVE-2006-0225, CVE-2006-4924, CVE-2006-5051, CVE-2006-5794, CVE-2007-3102, CVE-2010-4755, CVE-2010-5107, CVE-2014-2532, CVE-2014-2653, CVE-2014-9278, CVE-2015-5600, CVE-2015-8325, CVE-2016-0777, CVE-2016-1908, CVE-2016-6210, CVE-2018-20685, CVE-2021-41617

IAVA: 2021-A-0474-S