Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Lysator LSH Seed-file File Descriptor Leak (deprecated)

Low

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running Lysator's LSH, a version of Secure Shell (SSH) that is available for Unix-like platforms. This version of LSH is reported to be vulnerable to a local flaw. Specifically, this version of LSH leaks its file descriptors. A local attacker armed with this knowledge may be able to access confidential data or cause the LSH server to fail.

Solution

Upgrade or patch according to vendor recommendations.