OpenSSH < 2.9.9 Multiple Key Type ACL Bypass

Medium Nessus Network Monitor Plugin ID 1988

Synopsis

Remote users may be able to circumvent system policy.

Description

The remote host is running a version of OpenSSH between 2.5.x and 2.9.x. Depending on the order of the user keys in ~/.ssh/authorized_keys2, sshd might fail to apply the source IP based access control restriction to the correct key. This problem allows users to circumvent the system policy and login from disallowed source IP address.

Note: PVS has solely relied on the banner of the SSH client to perform this check. Any backported patches or workarounds such as recompiling or edited configurations are not observable through the banner.

Solution

Upgrade to OpenSSH 2.9.9 or higher.

See Also

http://www.kb.cert.org/vuls/id/905795

Plugin Details

Severity: Medium

ID: 1988

File Name: 1988.prm

Family: SSH

Published: 2004/08/20

Modified: 2016/11/23

Dependencies: 1997, 3059

Nessus ID: 10771

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Reference Information

CVE: CVE-2001-0816, CVE-2001-1380

BID: 3369

OSVDB: 642