Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

OpenSSH < 2.9.9 Multiple Key Type ACL Bypass



Remote users may be able to circumvent system policy.


The remote host is running a version of OpenSSH between 2.5.x and 2.9.x. Depending on the order of the user keys in ~/.ssh/authorized_keys2, sshd might fail to apply the source IP based access control restriction to the correct key. This problem allows users to circumvent the system policy and login from disallowed source IP address.

Note: PVS has solely relied on the banner of the SSH client to perform this check. Any backported patches or workarounds such as recompiling or edited configurations are not observable through the banner.


Upgrade to OpenSSH 2.9.9 or higher.