SSH (SSF Derivative) Detection

low Nessus Plugin ID 31421

Synopsis

The remote version of the SSH server is not maintained any more.

Description

According to its banner, the remote SSH server is the SSF derivative.

SSF had been written to be compliant with restrictive laws on cryptography in some European countries, France especially.

These regulations have been softened and OpenSSH received a formal authorisation from the French administration in 2002 and the development of SSF has been discontinued.

SSF is based on an old version of OpenSSH and it implements an old version of the protocol. As it is not maintained any more, it might be vulnerable to dangerous flaws.

Solution

Remove SSF and install an up-to-date version of OpenSSH.

See Also

http://ccweb.in2p3.fr/secur/ssf/

http://perso.univ-rennes1.fr/bernard.perrot/SSF/

Plugin Details

Severity: Low

ID: 31421

File Name: ssh_ssf.nasl

Version: 1.13

Type: remote

Published: 3/12/2008

Updated: 10/1/2019

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Low

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: x-cpe:/a:ssf:ssf