Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

SSH RSAREF Library Multiple Overflows (deprecated)

High

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running a version of SSH which is older (or as old as) 1.2.27. If this version was compiled against the RSAREF library (which can not be determined remotely), then it is very likely to be vulnerable to a buffer overflow that may allow an attacker to obtain a root shell on this host. To determine if SSH has been compiled against the RSAREF library, log into the remote host and type 'ssh -V'

Solution

Upgrade to SSH 2.x or do not use the RSAREF library.