OpenSSH < 4.4 Multiple GSSAPI Vulnerabilities

High Nessus Network Monitor Plugin ID 3751

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

The remote host is running a version of OpenSSH that is vulnerable to a flaw in the way that it handles GSSAPI authentication. If the SSH server is configured to utilize GSSAPI authentication then the host may be compromised by a remote attacker with access to the SSH port (typically 22). Successful exploitation would result in a Denial of Service (i.e. loss of availability).

Note: PVS has solely relied on the banner of the SSH client to perform this check. Any backported patches or workarounds such as recompiling or edited configurations are not observable through the banner.

Solution

Upgrade to version 4.4 or higher.

See Also

http://www.openssh.com/txt/release-4.4

Plugin Details

Severity: High

ID: 3751

Family: SSH

Published: 2006/09/28

Modified: 2016/11/23

Dependencies: 1997, 3059

Nessus ID: 22466

Risk Information

Risk Factor: High

CVSSv2

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 8.7

Temporal Score: 7.5

Vector: CVSS3#AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Reference Information

CVE: CVE-2006-0225, CVE-2006-4924, CVE-2006-5052, CVE-2006-5051

BID: 20241, 16369, 20216, 20245