AIX OpenSSH Vulnerability : openssh_advisory4.asc

medium Nessus Plugin ID 76168
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote AIX host has a vulnerable version of OpenSSH.

Description

The version of OpenSSH running on the remote host is affected by multiple security bypass vulnerabilities :

- sshd in OpenSSH versions before 6.6 do not properly support wildcards on AcceptEnv lines in sshd_config, which allow a remote attacker to bypass intended environment restrictions by using a substring located before a wildcard character. (CVE-2014-2532)

- The verify_host_key function in sshconnect.c in the OpenSSH client for versions 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS checking by presenting an unacceptable HostCertificate.
(CVE-2014-2653)

Solution

A fix is available and can be downloaded from the AIX website.

To extract the fixes from the tar file :

zcat OpenSSH_6.0.0.6107.tar.Z | tar xvf -

IMPORTANT : If possible, it is recommended that an mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.

To preview the fix installation :

installp -apYd . OpenSSH_6.0.0.6107

To install the fix package :

installp -aXYd . OpenSSH_6.0.0.6107

See Also

http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc

https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp

Plugin Details

Severity: Medium

ID: 76168

File Name: aix_openssh_advisory4.nasl

Version: 1.11

Type: local

Published: 6/20/2014

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Low

Score: 3.7

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:ibm:aix:5.3, cpe:/o:ibm:aix:6.1, cpe:/o:ibm:aix:7.1

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Exploit Ease: No known exploits are available

Patch Publication Date: 6/17/2014

Vulnerability Publication Date: 3/15/2014

Reference Information

CVE: CVE-2014-2532, CVE-2014-2653

BID: 66355, 66459