OpenSSH < 7.9 Access Validation Error

Medium Nessus Network Monitor Plugin ID 701157

Synopsis

The remote SSH server may be affected by an access validation error vulnerability.

Description

The installed version of OpenSSH is prior to 7.9 and is affected by a access validation error vulnerability in OpenSSH through 7.8 that could be used by remote attackers to detect existence of users on a target system when GSS2 is in use.

Solution

Upgrade to OpenSSH 7.x version 7.9 or later.

See Also

http://www.openssh.com/txt/release-7.9

Plugin Details

Severity: Medium

ID: 701157

Family: SSH

Published: 2019/08/21

Updated: 2019/08/21

Dependencies: 1997

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 5.3

Temporal Score: 4.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:U/RC:R

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Patch Publication Date: 2018/08/28

Vulnerability Publication Date: 2018/08/28

Reference Information

CVE: CVE-2018-15919

BID: 105163