Portable OpenSSH < 3.7.1p2 Multiple PAM Vulnerabilities
Medium Nessus Network Monitor Plugin ID 1996
SynopsisThe remote host is vulnerable to a flaw that allows for the bypassing of authentication.
DescriptionThe remote host is portable OpenSSH 3.7p1 or 3.7.1p1.
Versions older than 3.7.1p2 are vulnerable to a flaws that handle PAM authentication and may allow an attacker to gain a shell on this host.
SolutionUpgrade to OpenSSH 3.7.1p2 or higher or disable PAM support in sshd_config.