OpenSSH < 4.5 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 701165

Synopsis

The remote SSH server is affected by multiple vulnerabilities

Description

The installed version of OpenSSH is prior to 4.5 and is affected by the following vulnerabilities:

- A client-side NULL pointer dereference, caused by a protocol error from a malicious server, which could cause the client to crash. (CVE-2006-4925)
- A privilege separation vulnerability exists, which could allow attackers to bypass authentication. The vulnerability is caused by a design error between privileged processes and their child processes. Note that this particular issue is only exploitable when other vulnerabilities are present. (CVE-2006-5794)
- An attacker that connects to the service before it has finished creating keys could force the keys to be recreated. This could result in a denial of service for any processes that relies on a trust relationship with the server. Note that this particular issue only affects the Apple implementation of OpenSSH on Mac OS X. (CVE-2007-0726)

Solution

Upgrade to OpenSSH version 4.5 or later.

See Also

http://www.openssh.com/txt/release-4.5

Plugin Details

Severity: High

ID: 701165

Family: SSH

Published: 8/21/2019

Updated: 8/21/2019

Nessus ID: 44077

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Patch Publication Date: 11/8/2006

Vulnerability Publication Date: 11/8/2006

Reference Information

CVE: CVE-2006-4925, CVE-2006-5794, CVE-2007-0726

BID: 20956