SSH < 1.2.25 CBC/CFB Data Stream Injection
Medium Nessus Network Monitor Plugin ID 1978
SynopsisThe remote host is vulnerable to an flaw that allows attackers to execute arbitrary commands.
DescriptionThe remote host is running a version of SSH which is older than (or as old as) 1.2.23. This version is vulnerable to a known plaintext attack that may allow an attacker to insert encrypted packets in the client - server stream that will be deciphered by the server, thus allowing an attacker to execute arbitrary commands on the remote server.
SolutionUpgrade to SSH-1.2.25 or higher.