Tectia SSH Server Authentication Bypass

Critical Nessus Network Monitor Plugin ID 6642

Synopsis

The remote SSH server is vulnerable to an authentication bypass vulnerability

Description

Version of Tectia SSH server earlier than 6.3.3 / 6.2.6 / 6.1.13 / 6.0.20 are vulnerable. A remote, unauthenticated attacker can bypass authentication by sending a specially crafted request, allowing the attackerto authenticate as root.

The software is only vulnerable when running on Unix or Unix-like operating systems.

Solution

Upgrade to Tectia SSH server 6.3.3 / 6.2.6 / 6.1.13 / 6.0.20. Additionally one can disable password authentication in the ssh-server-config.xml configuration file (this file needs to be created if it does not already exists)

See Also

http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0013.html

http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0065.html

Plugin Details

Severity: Critical

ID: 6642

File Name: 6642.prm

Family: SSH

Published: 2009/12/06

Modified: 2016/01/19

Dependencies: 1967

Nessus ID: 63156

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2009/12/05

Vulnerability Publication Date: 2012/12/01

Exploitable With

Metasploit (unix/ssh/tectia_passwd_changereq.rb)

Reference Information

CVE: CVE-2012-5975

BID: 56783

OSVDB: 88103