AIX OpenSSH Advisory : ssh_advisory.asc

Medium Nessus Plugin ID 73565

Synopsis

The remote AIX host is running a vulnerable version of OpenSSH.

Description

The version of OpenSSH running on the remote host is affected by the following vulnerabilities :

- OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs. (CVE-2008-1483)

- OpenSSH before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file. (CVE-2008-1657)

Solution

A fix is available and can be downloaded from the OpenSSH sourceforge website for the AIX release.

See Also

http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc

https://sourceforge.net/projects/openssh-aix/files/

Plugin Details

Severity: Medium

ID: 73565

File Name: aix_ssh_advisory.nasl

Version: $Revision: 1.5 $

Type: local

Published: 2014/04/16

Modified: 2017/12/14

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.9

Temporal Score: 6

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:ibm:aix

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2008/05/21

Vulnerability Publication Date: 2008/01/29

Reference Information

CVE: CVE-2008-1483, CVE-2008-1657

BID: 28444, 28531

OSVDB: 43745, 43911

CWE: 264