Lucene search
This script is Copyright (C) 2011-2024 Tenable, Inc.OPENSSH_40.NASLHistoryOct 04, 2011 - 12:00 a.m.
OpenSSH < 4.0 known_hosts Plaintext Host Information Disclosure
2011-10-0400:00:00
This script is Copyright (C) 2011-2024 Tenable, Inc.
www.tenable.com
38
5.8 Medium
AI Score
Confidence
Low
According to its banner, the remote host is running a version of OpenSSH prior to 4.0. Versions of OpenSSH earlier than 4.0 are affected by an information disclosure vulnerability because the application stores hostnames, IP addresses, and keys in plaintext in the ‘known_hosts’ file. A local attacker, exploiting this flaw, could gain access to sensitive information that could be used in subsequent attacks.
#
# (C) Tenable, Inc.
#
include('compat.inc');
if (description)
{
script_id(44075);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/27");
script_cve_id("CVE-2005-2666", "CVE-2007-4654", "CVE-2004-2760");
script_name(english:"OpenSSH < 4.0 known_hosts Plaintext Host Information Disclosure");
script_summary(english:"Checks for remote SSH version");
script_set_attribute(attribute:"synopsis", value:
"The remote SSH server is affected by an information disclosure
vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its banner, the remote host is running a version of
OpenSSH prior to 4.0. Versions of OpenSSH earlier than 4.0 are
affected by an information disclosure vulnerability because the
application stores hostnames, IP addresses, and keys in plaintext in
the 'known_hosts' file. A local attacker, exploiting this flaw, could
gain access to sensitive information that could be used in subsequent
attacks.");
script_set_attribute(attribute:"see_also", value:"https://www.openssh.com/txt/release-4.0");
script_set_attribute(attribute:"see_also", value:"http://nms.csail.mit.edu/projects/ssh/");
script_set_attribute(attribute:"see_also", value:"http://www.eweek.com/c/a/Security/Researchers-Reveal-Holes-in-Grid/");
script_set_attribute(attribute:"solution", value:"Upgrade to OpenSSH 4.0 or later.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N");
script_cwe_id(16, 255, 399);
script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/23");
script_set_attribute(attribute:"patch_publication_date", value:"2005/03/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/04");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:openbsd:openssh");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2011-2024 Tenable, Inc.");
script_family(english:"Misc.");
script_dependencies("openssh_detect.nbin");
script_require_keys("installed_sw/OpenSSH");
script_require_ports("Services/ssh", 22);
exit(0);
}
include('backport.inc');
include('vcf.inc');
include('vcf_extras.inc');
var port = get_service(svc:'ssh', default:22, exit_on_fail:TRUE);
var app_info = vcf::openssh::get_app_info(app:'OpenSSH', port:port);
vcf::check_all_backporting(app_info:app_info);
var constraints = [
{'fixed_version': '4.0'}
];
vcf::openssh::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);
Related
redhat
redhat
(RHSA-2007:0257) Low: openssh security and bug fix update
2007-05-01 00:00:00
centos
centos
openssh security update
2007-05-02 08:55:55
nessus
nessus
Scientific Linux Security Update : openssh on SL4.x i386/x86_64
2012-08-01 00:00:00
Oracle Linux 4 : openssh (ELSA-2007-0257)
2013-07-12 00:00:00
CentOS 4 : openssh (CESA-2007:0257)
2013-06-29 00:00:00
cve
cve
ubuntucve
ubuntucve
CVE-2005-2666
2005-08-23 00:00:00
debiancve
debiancve
CVE-2005-2666
2005-08-23 04:00:00
CVE-2004-2760
2004-12-31 05:00:00
oraclelinux
oraclelinux
Low: openssh security and bug fix update
2007-05-17 00:00:00
prion
prion
Design/Logic Flaw
2007-09-04 22:17:00