SSH RSAREF Library Multiple Overflows (deprecated)
High Nessus Network Monitor Plugin ID 1972
SynopsisThe remote host is vulnerable to a buffer overflow.
DescriptionThe remote host is running a version of SSH which is older (or as old as) 1.2.27. If this version was compiled against the RSAREF library (which can not be determined remotely), then it is very likely to be vulnerable to a buffer overflow that may allow an attacker to obtain a root shell on this host. To determine if SSH has been compiled against the RSAREF library, log into the remote host and type 'ssh -V'
SolutionUpgrade to SSH 2.x or do not use the RSAREF library.