Detections
Analytics

MiracleLinux 4 : openssh-5.3p1-104.AXS4 (AXSA:2014-596:02)

medium Nessus Plugin ID 291469

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-596:02 advisory.

 Description :
 SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel.
 OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features.
 This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both.
 Security issues fixed with this release:
 CVE-2014-2532 sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
 CVE-2014-2653 The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
 Fixed bugs:
 * Based on the SP800-131A information security standard, the generation of a digital signature using the Digital Signature Algorithm (DSA) with the key size of 1024 bits and RSA with the key size of less than 2048 bits is disallowed after the year 2013. With this update, fixed it.
 * Previously, the openssh utility incorrectly set the oom_adj value to -17 for all of its children processes. This behavior was incorrect because the children processes were supposed to have this value set to 0. With this update, fixed it.
 * Previously, if the sshd service failed to verify the checksum of an installed FIPS module using the fipscheck library, the information about this failure was only provided at the standard error output of sshd. So, the user could not notice this message and be uninformed when a system had not been properly configured for FIPS mode. With this update, fixed it.
 * When keys provided by the pkcs11 library were removed from the ssh agent using the ssh-add -e command, the user was prompted to enter a PIN. With this update, fixed it.
 Enhancements:
 * With this update, ControlPersist has been added to OpenSSH. The option in conjunction with the ControlMaster configuration directive specifies that the master connection remains open in the background after the initial client connection has been closed.
 * When the sshd daemon is configured to force the internal SFTP session, and the user attempts to use a connection other than SFTP, the appropriate message is logged to the /var/log/secure file.
 * Support for Elliptic Curve Cryptography modes for key exchange (ECDH) and host user keys (ECDSA) as specified by RFC5656 has been added to the openssh packages. However, they are not enabled by default and the user has to enable them manually.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/5054

Plugin Details

Severity: Medium

ID: 291469

File Name: miracle_linux_AXSA-2014-596.nasl

Version: 1.1

Type: local

Published: 1/19/2026

Updated: 1/19/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2014-2653

CVSS v3

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 4.4

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2014-2532

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:openssh-clients, p-cpe:/a:miracle:linux:openssh, p-cpe:/a:miracle:linux:openssh-askpass, cpe:/o:miracle:linux:4, p-cpe:/a:miracle:linux:openssh-server

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/16/2014

Vulnerability Publication Date: 3/18/2014

Reference Information

CVE: CVE-2014-2532, CVE-2014-2653