Detections
Analytics

OpenSSH < 3.7.1 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 701168

Synopsis

The remote SSH server is affected by various memory bugs.

Description

According to its banner, the remote SSH server is running a version of OpenSSH older than 3.7.1. Such versions are vulnerable to a flaw in the buffer management functions that might allow an attacker to execute arbitrary commands on this host.

An exploit for this issue is rumored to exist.

Note that several distributions patched this hole without changing the version number of OpenSSH. Since NNM solely relied on the banner of the remote SSH server to perform this check, this might be a false positive.

If you are running a RedHat host, make sure that the command :

rpm -q openssh-server

returns :

openssh-server-3.1p1-13 (RedHat 7.x) openssh-server-3.4p1-7 (RedHat 8.0) openssh-server-3.5p1-11 (RedHat 9)

Solution

Upgrade to OpenSSH version 3.7.1 or later.

See Also

http://www.redhat.com/support/errata/RHSA-2003-280.html

Plugin Details

Severity: Critical

ID: 701168

Family: SSH

Published: 8/21/2019

Updated: 8/21/2019

Nessus ID: 11837

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Patch Publication Date: 9/16/2003

Vulnerability Publication Date: 9/16/2003

Reference Information

CVE: CVE-2003-0682, CVE-2003-0693, CVE-2003-0695, CVE-2004-2760