Test Kennung:	1.3.6.1.4.1.25623.1.0.11031
Kategorie:	Gain root remotely
Titel:	OpenSSH <= 3.3
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: You are running a version of OpenSSH which is older than 3.4 There is a flaw in this version that can be exploited remotely to give an attacker a shell on this host. Note that several distribution patched this hole without changing the version number of OpenSSH. Since Nessus solely relied on the banner of the remote SSH server to perform this check, this might be a false positive. If you are running a RedHat host, make sure that the command : rpm -q openssh-server Returns : openssh-server-3.1p1-6 Solution : Upgrade to OpenSSH 3.4 or contact your vendor for a patch Risk factor : Critical CVSS Score: 10.0
Querverweis:	BugTraq ID: 5093 Common Vulnerability Exposure (CVE) ID: CVE-2002-0639 http://www.securityfocus.com/bid/5093 Bugtraq: 20020626 OpenSSH Security Advisory (adv.iss) (Google Search) http://marc.info/?l=bugtraq&m=102514371522793&w=2 Bugtraq: 20020626 Revised OpenSSH Security Advisory (adv.iss) (Google Search) http://marc.info/?l=bugtraq&m=102514631524575&w=2 Bugtraq: 20020626 [OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh) (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html Bugtraq: 20020627 How to reproduce OpenSSH Overflow. (Google Search) http://marc.info/?l=bugtraq&m=102521542826833&w=2 Caldera Security Advisory: CSSA-2002-030.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt http://www.cert.org/advisories/CA-2002-18.html CERT/CC vulnerability note: VU#369347 http://www.kb.cert.org/vuls/id/369347 Conectiva Linux advisory: CLA-2002:502 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502 Debian Security Information: DSA-134 (Google Search) http://www.debian.org/security/2002/dsa-134 En Garde Linux Advisory: ESA-20020702-016 http://www.linuxsecurity.com/advisories/other_advisory-2177.html HPdes Security Advisory: HPSBUX0206-195 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195 ISS Security Advisory: 20020626 OpenSSH Remote Challenge Vulnerability https://web.archive.org/web/20080622172542/www.iss.net/threats/advise123.html http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040 https://twitter.com/RooneyMcNibNug/status/1152332585349111810 NETBSD Security Advisory: 2002-005 http://www.osvdb.org/6245 http://www.iss.net/security_center/static/9169.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0640 Bugtraq: 20020628 Sun statement on the OpenSSH Remote Challenge Vulnerability (Google Search) http://marc.info/?l=bugtraq&m=102532054613894&w=2 http://www.osvdb.org/839 http://www.redhat.com/support/errata/RHSA-2002-127.html http://www.redhat.com/support/errata/RHSA-2002-131.html SuSE Security Announcement: SuSE-SA:2002:024 (Google Search) http://www.novell.com/linux/security/advisories/2002_024_openssh_txt.html
Copyright	This script is Copyright (C) 2002 Renaud Deraison

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.