AIX OpenSSH Advisory: openssh_advisory.asc

Low Nessus Plugin ID 73557


The remote AIX host is running a vulnerable version of OpenSSH.


The version of OpenSSH running on the remote host is affected by the following vulnerabilities :

- X11 man-in-the-middle attack:
When attempting to bind(2) to a port that has previously been bound with SO_REUSEADDR set, most operating systems check that either the effective user-id matches the previous bind (common on BSD-derived systems) or that the bind addresses do not overlap. When the sshd_config(5) option X11UseLocalhost has been set to 'no' - an attacker may establish a more-specific bind, which will be used in preference to sshd's wildcard listener. (CVE-2008-3259)

- Plaintext Recovery Attack Against SSH:
If exploited, this attack can potentially allow an attacker to recover up to 32 bits of plaintext from an arbitrary block of ciphertext from a connection secured using the SSH protocol in the standard configuration.
If OpenSSH is used in the standard configuration, then the attacker's success probability for recovering 32 bits of plaintext is 2^{-18}. A variant of the attack against OpenSSH in the standard configuration can verifiably recover 14 bits of plaintext with probability 2^{-14}. The success probability of the attack for other implementations of SSH is not known. (CVE-2008-5161)


A fix is available for AIX versions 5.3 and 6.1, and it can be downloaded from the OpenSSH sourceforge website for the AIX release.
There is no fix for AIX version 5.2.

See Also

Plugin Details

Severity: Low

ID: 73557

File Name: aix_openssh_advisory.nasl

Version: 1.7

Type: local

Published: 2014/04/16

Modified: 2018/06/29

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 2.6

Temporal Score: 1.9

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:ibm:aix

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2010/06/10

Vulnerability Publication Date: 2008/07/21

Reference Information

CVE: CVE-2008-3259, CVE-2008-5161

BID: 30339, 32319

CERT: 958563

CWE: 200