AIX OpenSSH Advisory : openssh_advisory8.asc

Medium Nessus Plugin ID 90942

Synopsis

The remote AIX host has a version of OpenSSH installed that is affected by multiple vulnerabilities.

Description

The remote AIX host has a version of OpenSSH installed that is affected by the following vulnerabilities :

- A remote code execution vulnerability exists in the sshd server component of OpenSSH due to improper sanitization of X11 authentication credentials. An authenticated, remote attacker can exploit this vulnerability to inject arbitrary xauth commands.
(CVE-2016-3115)

- A security bypass vulnerability exists in the sshd server component of OpenSSH due to improper error handling. An authenticated, remote attacker can exploit this vulnerability, when an authentication cookie is generated during untrusted X11 forwarding, to gain access to the X server on the host system.
(CVE-2016-1908)

Solution

A fix is available and can be downloaded from the IBM AIX website.

See Also

http://aix.software.ibm.com/aix/efixes/security/openssh_advisory8.asc

Plugin Details

Severity: Medium

ID: 90942

File Name: aix_openssh_advisory8.nasl

Version: $Revision: 1.4 $

Type: local

Published: 2016/05/06

Modified: 2016/09/01

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5.5

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/o:ibm:aix, cpe:/a:openbsd:openssh

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/05/03

Vulnerability Publication Date: 2016/01/14

Reference Information

CVE: CVE-2016-1908, CVE-2016-3115

OSVDB: 132941, 135714

EDB-ID: 39569