OpenSSH Ciphersuite Specification Information Disclosure Weakness

2011-09-09T00:00:00

Description

OpenSSH is prone to a security weakness that may allow attackers to downgrade the ciphersuite.

{"id": "OPENVAS:1361412562310103247", "type": "openvas", "bulletinFamily": "scanner", "title": "OpenSSH Ciphersuite Specification Information Disclosure Weakness", "description": "OpenSSH is prone to a security weakness that may allow attackers to\n downgrade the ciphersuite.", "published": "2011-09-09T00:00:00", "modified": "2019-05-22T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103247", "reporter": "This script is Copyright (C) 2011 Greenbone Networks GmbH", "references": ["http://www.securityfocus.com/bid/49473", "http://www.kb.cert.org/vuls/id/596827"], "cvelist": ["CVE-2001-0572"], "lastseen": "2019-05-29T18:39:45", "viewCount": 53, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2001-0572"]}, {"type": "f5", "idList": ["F5:K17452", "SOL17452"]}, {"type": "nessus", "idList": ["CISCO-SA-20010627-SSHHTTP.NASL", "CISCO_SSH_MULTIPLE_VULNS.NASL", "MANDRAKE_MDKSA-2001-033.NASL", "OPENSSH_252.NASL", "SSH1_PROTO_ENABLED.NASL", "SUNSSH_PLAINTEXT_RECOVERY.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:103247", "OPENVAS:1361412562310801993"]}], "rev": 4}, "score": {"value": -0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2001-0572"]}, {"type": "f5", "idList": ["SOL17452"]}, {"type": "nessus", "idList": ["MANDRAKE_MDKSA-2001-033.NASL"]}]}, "exploitation": null, "vulnersScore": -0.3}, "pluginID": "1361412562310103247", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# OpenSSH Ciphersuite Specification Information Disclosure Weakness\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openbsd:openssh\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103247\");\n script_version(\"2019-05-22T07:58:25+0000\");\n script_bugtraq_id(49473);\n script_cve_id(\"CVE-2001-0572\");\n script_tag(name:\"last_modification\", value:\"2019-05-22 07:58:25 +0000 (Wed, 22 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-09-09 13:52:42 +0200 (Fri, 09 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"OpenSSH Ciphersuite Specification Information Disclosure Weakness\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2011 Greenbone Networks GmbH\");\n script_dependencies(\"gb_openssh_consolidation.nasl\");\n script_mandatory_keys(\"openssh/detected\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/49473\");\n script_xref(name:\"URL\", value:\"http://www.kb.cert.org/vuls/id/596827\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue in conjunction with other latent\n vulnerabilities may allow attackers to gain access to sensitive information that\n may aid in further attacks.\");\n\n script_tag(name:\"affected\", value:\"Releases prior to OpenSSH 2.9p2 are vulnerable.\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"OpenSSH is prone to a security weakness that may allow attackers to\n downgrade the ciphersuite.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_is_less( version:vers, test_version:\"2.9p2\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"2.9p2\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "naslFamily": "General", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 1659709850}}

{"nessus": [{"lastseen": "2021-08-19T13:18:59", "description": "There are several weaknesses in various implementations of the SSH (Secure Shell) protocols. When exploited, they let the attacker obtain sensitive information by passively monitoring encrypted SSH sessions.\nThe information can later be used to speed up brute-force attacks on passwords, including the initial login password and other passwords appearing in interactive SSH sessions, such as those used with su.\nVersions of OpenSSH 2.5.2 and later have been fixed to reduce the impact of these traffic analysis problems, and as such all Linux- Mandrake users are encouraged to upgrade their version of openssh immediately.\n\nUpdate :\n\nA problem was introduced with a patch applied to the OpenSSH packages released in the previous update. This problem was due to the keepalive patch included, and it broke interoperability with older versions of OpenSSH and SSH. This update removes the patch, and also provides the latest version of OpenSSH which provides a number of new features and enhancements.", "cvss3": {"score": null, "vector": null}, "published": "2004-09-18T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : openssh (MDKSA-2001:033-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2001-0572"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:openssh", "p-cpe:/a:mandriva:linux:openssh-askpass", "p-cpe:/a:mandriva:linux:openssh-askpass-gnome", "p-cpe:/a:mandriva:linux:openssh-clients", "p-cpe:/a:mandriva:linux:openssh-server", "cpe:/o:mandrakesoft:mandrake_linux:7.1", "cpe:/o:mandrakesoft:mandrake_linux:7.2", "cpe:/o:mandrakesoft:mandrake_linux:8.0"], "id": "MANDRAKE_MDKSA-2001-033.NASL", "href": "https://www.tenable.com/plugins/nessus/14776", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2001:033. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14776);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2001-0572\");\n script_xref(name:\"MDKSA\", value:\"2001:033-2\");\n\n script_name(english:\"Mandrake Linux Security Advisory : openssh (MDKSA-2001:033-2)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"There are several weaknesses in various implementations of the SSH\n(Secure Shell) protocols. When exploited, they let the attacker obtain\nsensitive information by passively monitoring encrypted SSH sessions.\nThe information can later be used to speed up brute-force attacks on\npasswords, including the initial login password and other passwords\nappearing in interactive SSH sessions, such as those used with su.\nVersions of OpenSSH 2.5.2 and later have been fixed to reduce the\nimpact of these traffic analysis problems, and as such all Linux-\nMandrake users are encouraged to upgrade their version of openssh\nimmediately.\n\nUpdate :\n\nA problem was introduced with a patch applied to the OpenSSH packages\nreleased in the previous update. This problem was due to the keepalive\npatch included, and it broke interoperability with older versions of\nOpenSSH and SSH. This update removes the patch, and also provides the\nlatest version of OpenSSH which provides a number of new features and\nenhancements.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2001/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK7.1\", cpu:\"i386\", reference:\"openssh-2.9p1-3.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.1\", cpu:\"i386\", reference:\"openssh-askpass-2.9p1-3.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.1\", cpu:\"i386\", reference:\"openssh-askpass-gnome-2.9p1-3.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.1\", cpu:\"i386\", reference:\"openssh-clients-2.9p1-3.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.1\", cpu:\"i386\", reference:\"openssh-server-2.9p1-3.3mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"openssh-2.9p1-3.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"openssh-askpass-2.9p1-3.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"openssh-askpass-gnome-2.9p1-3.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"openssh-clients-2.9p1-3.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"openssh-server-2.9p1-3.2mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"openssh-2.9p1-3.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"openssh-askpass-2.9p1-3.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"openssh-askpass-gnome-2.9p1-3.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"openssh-clients-2.9p1-3.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"openssh-server-2.9p1-3.1mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T02:37:39", "description": "Four different Cisco product lines are susceptible to multiple vulnerabilities discovered in the Secure Shell (SSH) protocol version 1.5. These issues have been addressed, and fixes have been integrated into the Cisco products that support this protocol.\nBy exploiting the weakness in the SSH protocol, it is possible to insert arbitrary commands into an established SSH session, collect information that may help in brute-force key recovery, or brute force a session key.\nAffected product lines are:\nNo other Cisco products are vulnerable. It is possible to mitigate this vulnerability by preventing, or having control over, the interception of SSH traffic.\nCisco IOS is not vulnerable to any of known exploits that are currently used to compromise UNIX hosts. For the warning regarding increased scanning activity for hosts running SSH consult CERT/CC.", "cvss3": {"score": null, "vector": null}, "published": "2010-09-01T00:00:00", "type": "nessus", "title": "Multiple SSH Vulnerabilities - Cisco Systems", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2001-0572"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/o:cisco:ios"], "id": "CISCO-SA-20010627-SSHHTTP.NASL", "href": "https://www.tenable.com/plugins/nessus/48957", "sourceData": "#TRUSTED 134089c79ffa0d35d71016e7647f060cad6858c0642f2f316a02eb9c4220913f85a199d77553bad67b55ee5eeccf369cc49c4b7cbd84eb8481286cee2b9e2a98fdad77cf62756c0816c75e1e78878ebdb38741da1a65219159a05c42987892b4acca6f4f163b56368ed716865ec7b36a3ec40056d0078bf055c9b1ae8b02083a8776b413da4b6559aa1d9dabcd88985247471ad4a27a2865d50881097a6586348a8ed4972bcbabd060e5590571f7864ab376607e5c1e9add0705bed139e32412ab00b0d2db8b9d311c2ad8a7e3366fb00139ebf3a0bd6a765d9c6b2182eeb8758b53686ea5a3b2e26366f75d0d3bcdf215d0f92d9219487047bae27b223b53c1b2db7e92e0570cb7139b8908fa5d964b213f80c3fc699ecd3f90e2479be2e6cb77a22447c2ff55a06afaf9e180ad3b7dab84d56c0be19fb2b684d37a2417e736bac08265c699eb4667093daabe6259573d65cae39eb9fa8f24dfe70fac7fe5ddf170ffe8e39bce0736bf339ce8618a3561ef70f1c2bf242c77224e03c85e8e4007965cd99cccf6325de576ebd112107ac23f65ed06495d0cc11a2e0d54b36cab0691078711a80163dda147c9630b5052cb519b788188fdce6db328b1a70c69fc6a70894b2d9606698109365a843b4123edd52370aebfb5cebec6803e7d220266c09cb58bf5d6625ff3a0606e28c8e36f3ff3a04eeb12252d4844c23e3325fb34\n#\n# (C) Tenable Network Security, Inc.\n#\n# Security advisory is (C) CISCO, Inc.\n# See https://www.cisco.com/en/US/products/products_security_advisory09186a00800b168e.shtml\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48957);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/11/15\");\n\n script_cve_id(\"CVE-2001-0572\");\n script_xref(name:\"CERT\", value:\"596827\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCdt55357\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCdt57231\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCdt72996\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCdt73353\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCdt96253\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCdu37371\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCdv34668\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCdv34676\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCdv34679\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20010627-ssh\");\n\n script_name(english:\"Multiple SSH Vulnerabilities - Cisco Systems\");\n script_summary(english:\"Checks the IOS version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n'Four different Cisco product lines are susceptible to multiple\nvulnerabilities discovered in the Secure Shell (SSH) protocol version\n1.5. These issues have been addressed, and fixes have been integrated\ninto the Cisco products that support this protocol.\nBy exploiting the weakness in the SSH protocol, it is possible to\ninsert arbitrary commands into an established SSH session, collect\ninformation that may help in brute-force key recovery, or brute force a\nsession key.\nAffected product lines are:\nNo other Cisco products are vulnerable. It is possible to mitigate this\nvulnerability by preventing, or having control over, the interception\nof SSH traffic.\nCisco IOS is not vulnerable to any of known exploits that are currently\nused to compromise UNIX hosts. For the warning regarding increased\nscanning activity for hosts running SSH consult CERT/CC.');\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openwall.com/articles/SSH-Traffic-Analysis\");\n script_set_attribute(attribute:\"see_also\", value: \"https://seclists.org/bugtraq/2001/Mar/262\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20010627-ssh\n script_set_attribute(attribute:\"see_also\", value: \"http://www.nessus.org/u?fb584d2f\");\n # https://www.cisco.com/en/US/products/products_security_advisory09186a00800b168e.shtml\n script_set_attribute(attribute:\"see_also\", value: \"http://www.nessus.org/u?2ead856a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant patch referenced in Cisco Security Advisory\ncisco-sa-20010627-ssh.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:ios\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2001/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/01\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CISCO\");\n\n script_dependencie(\"cisco_ios_version.nasl\");\n script_require_keys(\"Host/Cisco/IOS/Version\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_func.inc\");\ninclude(\"cisco_kb_cmd_func.inc\");\n\nflag = 0;\nreport_extra = \"\";\nversion = get_kb_item_or_exit(\"Host/Cisco/IOS/Version\");\noverride = 0;\n\n# Affected: 12.0S\nif (check_release(version: version,\n patched: make_list(\"12.0(20)S\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.1DB\nif (deprecated_version(version, \"12.1DB\")) {\n report_extra = '\\nNo updates are scheduled for 12.1DB. Upgrade to a supported version\\n'; flag++;\n}\n# Affected: 12.1DC\nif (deprecated_version(version, \"12.1DC\")) {\n report_extra = '\\nNo updates are scheduled for 12.1DC. Upgrade to a supported version\\n'; flag++;\n}\n# Affected: 12.1E\nif (check_release(version: version,\n patched: make_list(\"12.1(8a)E\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.1EC\nif (check_release(version: version,\n patched: make_list(\"12.1(6.5)EC3\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.1EX\nif (deprecated_version(version, \"12.1EX\")) {\n report_extra = '\\nUpdate to 12.1(8a)E or later\\n'; flag++;\n}\n# Affected: 12.1EY\nif (check_release(version: version,\n patched: make_list(\"12.1(6)EY\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.1EZ\nif (check_release(version: version,\n patched: make_list(\"12.1(6)EZ2\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.1T\nif (deprecated_version(version, \"12.1T\")) {\n report_extra = '\\nUpdate to 12.2(1b) or later\\n'; flag++;\n}\n# Affected: 12.1XA\nif (deprecated_version(version, \"12.1XA\")) {\n report_extra = '\\nUpdate to 12.2(1b) or later\\n'; flag++;\n}\n# Affected: 12.1XB\nif (deprecated_version(version, \"12.1XB\")) {\n report_extra = '\\nNo updates are scheduled for 12.1XB. Upgrade to a supported version\\n'; flag++;\n}\n# Affected: 12.1XC\nif (deprecated_version(version, \"12.1XC\")) {\n report_extra = '\\nUpdate to 12.2(1b) or later\\n'; flag++;\n}\n# Affected: 12.1XD\nif (deprecated_version(version, \"12.1XD\")) {\n report_extra = '\\nUpdate to 12.2(1b) or later\\n'; flag++;\n}\n# Affected: 12.1XE\nif (deprecated_version(version, \"12.1XE\")) {\n report_extra = '\\nNo updates are scheduled for 12.1XE. Upgrade to a supported version\\n'; flag++;\n}\n# Affected: 12.1XF\nif (check_release(version: version,\n patched: make_list(\"12.1(2)XF4\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.1XG\nif (deprecated_version(version, \"12.1XG\")) {\n report_extra = '\\nUpdate to 12.1(2)XF4 or later\\n'; flag++;\n}\n# Affected: 12.1XH\nif (deprecated_version(version, \"12.1XH\")) {\n report_extra = '\\nUpdate to 12.2(1b) or later\\n'; flag++;\n}\n# Affected: 12.1XI\nif (deprecated_version(version, \"12.1XI\")) {\n report_extra = '\\nUpdate to 12.2(1b) or later\\n'; flag++;\n}\n# Affected: 12.1XJ\nif (deprecated_version(version, \"12.1XJ\")) {\n report_extra = '\\nUpdate to 12.1(5)YB4 or later\\n'; flag++;\n}\n# Affected: 12.1XL\nif (deprecated_version(version, \"12.1XL\")) {\n report_extra = '\\nUpdate to 12.2(1b) or later\\n'; flag++;\n}\n# Affected: 12.1XM\nif (check_release(version: version,\n patched: make_list(\"12.1(4)XM4\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.1XP\nif (check_release(version: version,\n patched: make_list(\"12.1(3)XP4\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.1XQ\nif (deprecated_version(version, \"12.1XQ\")) {\n report_extra = '\\nUpdate to 12.2(1b) or later\\n'; flag++;\n}\n# Affected: 12.1XR\nif (check_release(version: version,\n patched: make_list(\"12.1(5)XR2\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.1XS\nif (check_release(version: version,\n patched: make_list(\"12.1(5)XS2\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.1XT\nif (check_release(version: version,\n patched: make_list(\"12.1(3)XT3\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.1XU\nif (check_release(version: version,\n patched: make_list(\"12.1(5)XU1\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.1XV\nif (check_release(version: version,\n patched: make_list(\"12.1(5)XV3\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.1XY\nif (check_release(version: version,\n patched: make_list(\"12.1(5)XY6\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.1YA\nif (deprecated_version(version, \"12.1YA\")) {\n report_extra = '\\nUpdate to 12.2(2)XB or later\\n'; flag++;\n}\n# Affected: 12.1YB\nif (check_release(version: version,\n patched: make_list(\"12.1(5)YB4\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.1YC\nif (check_release(version: version,\n patched: make_list(\"12.1(5)YC1\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.1YD\nif (check_release(version: version,\n patched: make_list(\"12.1(5)YD2\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.1YF\nif (check_release(version: version,\n patched: make_list(\"12.1(5)YF2\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.2\nif (check_release(version: version,\n patched: make_list(\"12.2(1.1)\", \"12.2(1b)\", \"12.2(3)\"))) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.2T\nif (check_release(version: version,\n patched: make_list(\"12.2(2.2)T\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.2XA\nif (check_release(version: version,\n patched: make_list(\"12.2(2)XA\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.2XD\nif (check_release(version: version,\n patched: make_list(\"12.2(1)XD1\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.2XE\nif (check_release(version: version,\n patched: make_list(\"12.2(1)XE\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.2XH\nif (check_release(version: version,\n patched: make_list(\"12.2(1)XH\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.2XQ\nif (check_release(version: version,\n patched: make_list(\"12.2(1)XQ\") )) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n\nif (get_kb_item(\"Host/local_checks_enabled\"))\n{\n if (flag)\n {\n flag = 0;\n buf = cisco_command_kb_item(\"Host/Cisco/Config/show_ip_ssh\", \"show ip ssh\");\n if (check_cisco_result(buf))\n {\n if (preg(pattern:\"version\\s+1\\.5\", multiline:TRUE, string:buf)) { flag = 1; }\n } else if (cisco_needs_enable(buf)) { flag = 1; override = 1; }\n }\n}\n\nif (flag)\n{\n security_hole(port:0, extra:report_extra + cisco_caveat(override));\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:20:43", "description": "According to its version number, the remote host is a Cisco router or switch running a vulnerable SSH daemon.\n\nBy exploiting weaknesses in the SSH protocol, it is possible to insert arbitrary commands into an established SSH session, collect information that may help in brute-force key recovery, or brute-force a session key.", "cvss3": {"score": null, "vector": null}, "published": "2002-06-05T00:00:00", "type": "nessus", "title": "Cisco Devices Multiple SSH Information Disclosure Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2001-0361", "CVE-2001-0572"], "modified": "2018-11-15T00:00:00", "cpe": [], "id": "CISCO_SSH_MULTIPLE_VULNS.NASL", "href": "https://www.tenable.com/plugins/nessus/10972", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif(description)\n{\n script_id(10972);\n script_version(\"1.29\");\n\n script_cve_id(\"CVE-2001-0361\", \"CVE-2001-0572\");\n script_bugtraq_id(2344);\n\n script_name(english:\"Cisco Devices Multiple SSH Information Disclosure Vulnerabilities\");\n script_summary(english:\"Uses SNMP to determine if a flaw is present\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote network device is running an SSH server with multiple\nvulnerabilities.\" );\n script_set_attribute( attribute:\"description\", value:\n\"According to its version number, the remote host is a Cisco router\nor switch running a vulnerable SSH daemon.\n\nBy exploiting weaknesses in the SSH protocol, it is possible to\ninsert arbitrary commands into an established SSH session, collect\ninformation that may help in brute-force key recovery, or brute-force\na session key.\" );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/bugtraq/2001/Mar/262\"\n );\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20010627-ssh\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fb584d2f\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Apply the fix referenced in the vendor's advisory.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(310);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2002/06/05\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2001/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2001/06/27\");\n script_cvs_date(\"Date: 2018/11/15 20:50:20\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is (C) 2002-2018 Tenable Network Security, Inc.\");\n\n script_dependencie(\"snmp_sysDesc.nasl\",\n\t\t\t \"snmp_cisco_type.nasl\",\n\t\t\t \"find_service1.nasl\");\n script_require_keys(\"SNMP/community\",\n\t\t\t \"SNMP/sysDesc\",\n\t\t\t \"CISCO/model\");\n exit(0);\n}\n\n\n# The code starts here\nok=0;\nos = get_kb_item(\"SNMP/sysDesc\"); if(!os)exit(0);\nhardware = get_kb_item(\"CISCO/model\"); if(!hardware)exit(0);\n\n\n# Make sure SSH is running first...\nssh = get_kb_item(\"Services/ssh\");\nif(!ssh)ssh = 22;\n\nif(!get_port_state(ssh))exit(0);\nsoc = open_sock_tcp(ssh);\nif(!soc)exit(0);\n\n\n# Check for the required operating system...\n#----------------------------------------------------------------\n# Is this IOS ?\nif(!egrep(pattern:\".*(Internetwork Operating|IOS).*\", string:os))exit(0);\n# 12.0S\nif(egrep(string:os, pattern:\"(12\\.0\$([0-9]|1[0-9])\$|12\\.0)S[0-9]*,\"))ok=1;\n\n# 12.1DB\nif(egrep(string:os, pattern:\"(12\\.1\$[0-9]*\$|12\\.1)DB[0-9]*,\"))ok=1;\n\n# 12.1DC\nif(egrep(string:os, pattern:\"(12\\.1\$[0-9]*\$|12\\.1)DC[0-9]*,\"))ok=1;\n\n# 12.1E\nif(egrep(string:os, pattern:\"(12\\.1\$[0-8]\$|12\\.1)E[0-9]*,\"))ok=1;\n\n# 12.1EC\nif(egrep(string:os, pattern:\"((12\\.1\$[0-6]\$|12\\.1)EC[0-9]*|12\\.1\$7\$EC[0-2]),\"))ok=1;\n\n# 12.1EX\nif(egrep(string:os, pattern:\"(12\\.1\$[0-9]*\$|12\\.1)EX[0-9]*,\"))ok=1;\n\n# 12.1EY\nif(egrep(string:os, pattern:\"(12\\.1\$[0-5]\$|12\\.1)EY[0-9]*,\"))ok=1;\n\n# 12.1EZ\nif(egrep(string:os, pattern:\"((12\\.1\$[0-5]\$|12\\.1)EZ[0-9]*|12\\.1\$6\$EZ[0-1]),\"))ok=1;\n\n# 12.1T\nif(egrep(string:os, pattern:\"(12\\.1\$[0-9]*\$|12\\.1)T[0-9]*,\"))ok=1;\n\n# 12.1XA\nif(egrep(string:os, pattern:\"(12\\.1\$[0-9]*\$|12\\.1)XA[0-9]*,\"))ok=1;\n\n# 12.1XB\nif(egrep(string:os, pattern:\"(12\\.1\$[0-9]*\$|12\\.1)XB[0-9]*,\"))ok=1;\n\n# 12.1XC\nif(egrep(string:os, pattern:\"(12\\.1\$[0-9]*\$|12\\.1)XC[0-9]*,\"))ok=1;\n\n# 12.1XD\nif(egrep(string:os, pattern:\"(12\\.1\$[0-9]*\$|12\\.1)XD[0-9]*,\"))ok=1;\n\n# 12.1XE\nif(egrep(string:os, pattern:\"(12\\.1\$[0-9]*\$|12\\.1)XE[0-9]*,\"))ok=1;\n\n# 12.1XF\nif(egrep(string:os, pattern:\"((12\\.1\$[0-1]\$|12\\.1)XF[0-9]*|12\\.1\$2\$XF[0-3]),\"))ok=1;\n\n# 12.1XG\nif(egrep(string:os, pattern:\"((12\\.1\$[0-4]\$|12\\.1)XG[0-9]*|12\\.1\$5\$XG[0-4]),\"))ok=1;\n\n# 12.1XH\nif(egrep(string:os, pattern:\"(12\\.1\$[0-9]*\$|12\\.1)XH[0-9]*,\"))ok=1;\n\n# 12.1XI\nif(egrep(string:os, pattern:\"(12\\.1\$[0-9]*\$|12\\.1)XI[0-9]*,\"))ok=1;\n\n# 12.1XJ\nif(egrep(string:os, pattern:\"(12\\.1\$[0-9]*\$|12\\.1)XJ[0-9]*,\"))ok=1;\n\n# 12.1XL\nif(egrep(string:os, pattern:\"(12\\.1\$[0-9]*\$|12\\.1)XL[0-9]*,\"))ok=1;\n\n# 12.1XM\nif(egrep(string:os, pattern:\"((12\\.1\$[0-3]\$|12\\.1)XM[0-9]*|12\\.1\$4\$XM[0-3]),\"))ok=1;\n\n# 12.1XP\nif(egrep(string:os, pattern:\"((12\\.1\$[0-2]\$|12\\.1)XP[0-9]*|12\\.1\$3\$XP[0-3]),\"))ok=1;\n\n# 12.1XQ\nif(egrep(string:os, pattern:\"(12\\.1\$[0-9]*\$|12\\.1)XQ[0-9]*,\"))ok=1;\n\n# 12.1XR\nif(egrep(string:os, pattern:\"((12\\.1\$[0-4]\$|12\\.1)XR[0-9]*|12\\.1\$5\$XR[0-1]),\"))ok=1;\n\n# 12.1XS\nif(egrep(string:os, pattern:\"((12\\.1\$[0-4]\$|12\\.1)XS[0-9]*|12\\.1\$5\$XS[0-1]),\"))ok=1;\n\n# 12.1XT\nif(egrep(string:os, pattern:\"((12\\.1\$[0-2]\$|12\\.1)XT[0-9]*|12\\.1\$3\$XT[0-2]),\"))ok=1;\n\n# 12.1XU\nif(egrep(string:os, pattern:\"((12\\.1\$[0-4]\$|12\\.1)XU[0-9]*|12\\.1\$5\$XU[0-0]),\"))ok=1;\n\n# 12.1XV\nif(egrep(string:os, pattern:\"((12\\.1\$[0-4]\$|12\\.1)XV[0-9]*|12\\.1\$5\$XV[0-2]),\"))ok=1;\n\n# 12.1XY\nif(egrep(string:os, pattern:\"((12\\.1\$[0-4]\$|12\\.1)XY[0-9]*|12\\.1\$5\$XY[0-5]),\"))ok=1;\n\n# 12.1YA\nif(egrep(string:os, pattern:\"(12\\.1\$[0-9]*\$|12\\.1)YA[0-9]*,\"))ok=1;\n\n# 12.1YB\nif(egrep(string:os, pattern:\"((12\\.1\$[0-4]\$|12\\.1)YB[0-9]*|12\\.1\$5\$YB[0-3]),\"))ok=1;\n\n# 12.1YD\nif(egrep(string:os, pattern:\"((12\\.1\$[0-4]\$|12\\.1)YD[0-9]*|12\\.1\$5\$YD[0-1]),\"))ok=1;\n\n# 12.1YF\nif(egrep(string:os, pattern:\"((12\\.1\$[0-4]\$|12\\.1)YF[0-9]*|12\\.1\$5\$YF[0-1]),\"))ok=1;\n\n# 12.2\nif(egrep(string:os, pattern:\"(12\\.2\$[0-2]\$|12\\.2),\"))ok=1;\n\n# 12.2T\nif(egrep(string:os, pattern:\"(12\\.2\$[0-2]\$|12\\.2)T[0-9]*,\"))ok=1;\n\n# 12.2XA\nif(egrep(string:os, pattern:\"(12\\.2\$[0-1]\$|12\\.2)XA[0-9]*,\"))ok=1;\n\n# 12.2XD\nif(egrep(string:os, pattern:\"((12\\.2\$[0-0]\$|12\\.2)XD[0-9]*|12\\.2\$1\$XD[0-0]),\"))ok=1;\n\n# 12.2XE\nif(egrep(string:os, pattern:\"(12\\.2\$[0-0]\$|12\\.2)XE[0-9]*,\"))ok=1;\n\n# 12.2XH\nif(egrep(string:os, pattern:\"(12\\.2\$[0-0]\$|12\\.2)XH[0-9]*,\"))ok=1;\n\n# 12.2XQ\nif(egrep(string:os, pattern:\"(12\\.2\$[0-0]\$|12\\.2)XQ[0-9]*,\"))ok=1;\n\n\n#----------------------------------------------\n\nif(ok)security_hole(port:161, proto:\"udp\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:49", "description": "According to its banner, the remote host appears to be running a version of OpenSSH earlier than 2.5.2 / 2.5.2p2. It, therefore, reportedly contains weaknesses in its implementation of the SSH protocol, both versions 1 and 2. These weaknesses could allow an attacker to sniff password lengths, and ranges of length (this could make brute-force password guessing easier), determine whether RSA or DSA authentication is being used, the number of authorized_keys in RSA authentication and/or the length of shell commands.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-04T00:00:00", "type": "nessus", "title": "OpenSSH < 2.5.2 / 2.5.2p2 Multiple Information Disclosure Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2001-0361", "CVE-2001-0572"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:openbsd:openssh"], "id": "OPENSSH_252.NASL", "href": "https://www.tenable.com/plugins/nessus/44068", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44068);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\"CVE-2001-0361\", \"CVE-2001-0572\");\n script_bugtraq_id(2344, 49473);\n script_xref(name:\"CERT\", value:\"596827\");\n\n script_name(english:\"OpenSSH < 2.5.2 / 2.5.2p2 Multiple Information Disclosure Vulnerabilities\");\n script_summary(english:\"Checks the version reported in the SSH banner.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"Remote attackers may be able to infer information about traffic\ninside an SSH session.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the remote host appears to be running a\nversion of OpenSSH earlier than 2.5.2 / 2.5.2p2. It, therefore,\nreportedly contains weaknesses in its implementation of the SSH\nprotocol, both versions 1 and 2. These weaknesses could allow an\nattacker to sniff password lengths, and ranges of length (this could\nmake brute-force password guessing easier), determine whether RSA or\nDSA authentication is being used, the number of authorized_keys in RSA\nauthentication and/or the length of shell commands.\"\n );\n\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to OpenSSH 2.5.2 / 2.5.2p2 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openwall.com/articles/SSH-Traffic-Analysis\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.openssh.com/txt/release-2.5.2p2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2001/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2001/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openbsd:openssh\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_detect.nasl\");\n script_require_ports(\"Services/ssh\");\n\n exit(0);\n}\n\ninclude(\"backport.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Ensure the port is open.\nport = get_service(svc:\"ssh\", exit_on_fail:TRUE);\n\n# Get banner for service.\nbanner = get_kb_item_or_exit(\"SSH/banner/\"+port);\n\nbp_banner = tolower(get_backport_banner(banner:banner));\nif (\"openssh\" >!< bp_banner) exit(0, \"The SSH service on port \"+port+\" is not OpenSSH.\");\nif (backported) exit(1, \"The banner from the OpenSSH server on port \"+port+\" indicates patches may have been backported.\");\n\n# Check the version in the backported banner.\nmatch = eregmatch(string:bp_banner, pattern:\"openssh[-_]([0-9][-._0-9a-z]+)\");\nif (isnull(match)) exit(1, \"Could not parse the version string in the banner from port \"+port+\".\");\nversion = match[1];\n\nif (version !~ \"^[0-9.]+p[0-9]+\")\n{\n # Pull out numeric portion of version of the native OpenBSD version.\n matches = eregmatch(string:version, pattern:\"^([0-9.]+)\");\n if (isnull(matches)) # this should never happen due to the previous eregmatch() call, but let's code defensively anyway\n exit(1, 'Failed to parse the version (' + version + ') of the service listening on port '+port+'.');\n\n fix = \"2.5.2\";\n if (ver_compare(ver:matches[1], fix:fix, strict:FALSE) >= 0)\n exit(0, \"The OpenSSH server on port \"+port+\" is not affected as it's version \"+version+\".\");\n}\nelse\n{\n # Pull out numeric portion of version of the portable version.\n matches = eregmatch(string:version, pattern:\"^([0-9.]+)p([0-9]+)\");\n if (isnull(matches)) # this should never happen due to the previous eregmatch() call, but let's code defensively anyway\n exit(1, 'Failed to parse the version (' + version + ') of the service listening on port '+port+'.');\n\n fix = \"2.5.2p2\";\n if (\n (ver_compare(ver:matches[1], fix:\"2.5.2\", strict:FALSE) > 0) ||\n (matches[1] == \"2.5.2\" && int(matches[2]) >= 2)\n ) exit(0, \"The OpenSSH server on port \"+port+\" is not affected as it's version \"+version+\".\");\n}\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port, extra:report);\n}\nelse security_warning(port);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T13:20:46", "description": "The remote SSH daemon supports connections made using the version 1.33 and/or 1.5 of the SSH protocol. \n\nThese protocols are not completely cryptographically safe so they should not be used.", "cvss3": {"score": null, "vector": null}, "published": "2002-03-06T00:00:00", "type": "nessus", "title": "SSH Protocol Version 1 Session Key Retrieval", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2001-0361", "CVE-2001-0572", "CVE-2001-1473"], "modified": "2020-04-27T00:00:00", "cpe": [], "id": "SSH1_PROTO_ENABLED.NASL", "href": "https://www.tenable.com/plugins/nessus/10882", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(10882);\n script_version (\"1.36\");\n\n script_cve_id(\"CVE-2001-0361\", \"CVE-2001-0572\", \"CVE-2001-1473\");\n script_bugtraq_id(2344);\n \n\n script_name(english:\"SSH Protocol Version 1 Session Key Retrieval\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service offers an insecure cryptographic protocol.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote SSH daemon supports connections made using the version 1.33\nand/or 1.5 of the SSH protocol. \n\nThese protocols are not completely cryptographically safe so they\nshould not be used.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Disable compatibility with version 1 of the SSH protocol.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2001-1473\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2002/03/06\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2001/02/06\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/27\");\n\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n \n script_summary(english:\"Negotiate SSH connections\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2002-2020 Tenable Network Security, Inc.\");\n script_family(english:\"General\");\n script_dependencie(\"ssh_proto_version.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n exit(0);\n}\n\n\nport = get_kb_item(\"Services/ssh\");\nif(!port)port = 22;\n\nif ( get_kb_item(\"SSH/\" + port + \"/v1_supported\" ) )\n\tsecurity_hole(port);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:58", "description": "The version of SunSSH running on the remote host has an information disclosure vulnerability. A design flaw in the SSH specification could allow a man-in-the-middle attacker to recover up to 32 bits of plaintext from an SSH-protected connection in the standard configuration. An attacker could exploit this to gain access to sensitive information.\n\nNote that this version of SunSSH is also prone to several additional issues but Nessus did not test for them.", "cvss3": {"score": null, "vector": null}, "published": "2011-08-29T00:00:00", "type": "nessus", "title": "SunSSH < 1.1.1 / 1.3 CBC Plaintext Disclosure", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2000-0525", "CVE-2000-1169", "CVE-2001-0361", "CVE-2001-0529", "CVE-2001-0572", "CVE-2001-0816", "CVE-2001-0872", "CVE-2001-1380", "CVE-2001-1382", "CVE-2001-1459", "CVE-2001-1507", "CVE-2001-1585", "CVE-2002-0083", "CVE-2002-0575", "CVE-2002-0639", "CVE-2002-0640", "CVE-2002-0765", "CVE-2003-0190", "CVE-2003-0386", "CVE-2003-0682", "CVE-2003-0693", "CVE-2003-0695", "CVE-2003-0786", "CVE-2003-0787", "CVE-2003-1562", "CVE-2004-0175", "CVE-2004-1653", "CVE-2004-2069", "CVE-2004-2760", "CVE-2005-2666", "CVE-2005-2797", "CVE-2005-2798", "CVE-2006-0225", "CVE-2006-4924", "CVE-2006-4925", "CVE-2006-5051", "CVE-2006-5052", "CVE-2006-5229", "CVE-2006-5794", "CVE-2007-2243", "CVE-2007-2768", "CVE-2007-3102", "CVE-2007-4752", "CVE-2008-1483", "CVE-2008-1657", "CVE-2008-3259", "CVE-2008-4109", "CVE-2008-5161"], "modified": "2020-09-21T00:00:00", "cpe": ["cpe:/o:oracle:solaris"], "id": "SUNSSH_PLAINTEXT_RECOVERY.NASL", "href": "https://www.tenable.com/plugins/nessus/55992", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude('compat.inc');\n\n\nif (description)\n{\n script_id(55992);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/21\");\n\n script_cve_id(\n \"CVE-2000-0525\",\n \"CVE-2000-1169\",\n \"CVE-2001-0361\",\n \"CVE-2001-0529\",\n \"CVE-2001-0572\",\n \"CVE-2001-0816\",\n \"CVE-2001-0872\",\n \"CVE-2001-1380\",\n \"CVE-2001-1382\",\n \"CVE-2001-1459\",\n \"CVE-2001-1507\",\n \"CVE-2001-1585\",\n \"CVE-2002-0083\",\n \"CVE-2002-0575\",\n \"CVE-2002-0639\",\n \"CVE-2002-0640\",\n \"CVE-2002-0765\",\n \"CVE-2003-0190\",\n \"CVE-2003-0386\",\n \"CVE-2003-0682\",\n \"CVE-2003-0693\",\n \"CVE-2003-0695\",\n \"CVE-2003-0786\",\n \"CVE-2003-0787\",\n \"CVE-2003-1562\",\n \"CVE-2004-0175\",\n \"CVE-2004-1653\",\n \"CVE-2004-2069\",\n \"CVE-2004-2760\",\n \"CVE-2005-2666\",\n \"CVE-2005-2797\",\n \"CVE-2005-2798\",\n \"CVE-2006-0225\",\n \"CVE-2006-4924\",\n \"CVE-2006-4925\",\n \"CVE-2006-5051\",\n \"CVE-2006-5052\",\n \"CVE-2006-5229\",\n \"CVE-2006-5794\",\n \"CVE-2007-2243\",\n \"CVE-2007-2768\",\n \"CVE-2007-3102\",\n \"CVE-2007-4752\",\n \"CVE-2008-1483\",\n \"CVE-2008-1657\",\n \"CVE-2008-3259\",\n \"CVE-2008-4109\",\n \"CVE-2008-5161\"\n );\n script_bugtraq_id(32319);\n script_xref(name:\"CERT\", value:\"958563\");\n\n script_name(english:\"SunSSH < 1.1.1 / 1.3 CBC Plaintext Disclosure\");\n script_summary(english:\"Checks SSH banner\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The SSH service running on the remote host has an information\ndisclosure vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of SunSSH running on the remote host has an information\ndisclosure vulnerability. A design flaw in the SSH specification\ncould allow a man-in-the-middle attacker to recover up to 32 bits of\nplaintext from an SSH-protected connection in the standard\nconfiguration. An attacker could exploit this to gain access to\nsensitive information.\n\nNote that this version of SunSSH is also prone to several additional\nissues but Nessus did not test for them.\" );\n\n # http://web.archive.org/web/20090523091544/http://www.cpni.gov.uk/docs/vulnerability_advisory_ssh.txt\n script_set_attribute(attribute:\"see_also\",value:\"http://www.nessus.org/u?4984aeb9\");\n # http://hub.opensolaris.org/bin/view/Community+Group+security/SSH#HHistoryofSunSSH\n script_set_attribute(attribute:\"see_also\",value:\"http://www.nessus.org/u?b679208a\");\n script_set_attribute(attribute:\"see_also\",value:\"http://blogs.oracle.com/janp/entry/on_sunssh_versioning\");\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to SunSSH 1.1.1 / 1.3 or later\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16, 20, 22, 189, 200, 255, 264, 287, 310, 362, 399);\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris\");\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2008/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2008/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\",value:\"2011/08/29\");\n script_set_attribute(attribute:\"plugin_type\",value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\");\n script_require_ports(\"Services/ssh\");\n\n exit(0);\n}\n\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\n# Ensure the port is open.\nport = get_service(svc:\"ssh\", default:22, exit_on_fail:TRUE);\n\n# Get banner for service.\nbanner = get_kb_item_or_exit(\"SSH/banner/\" + port);\n\n# Check that we're using SunSSH.\nif ('sun_ssh' >!< tolower(banner))\n exit(0, \"The SSH service on port \" + port + \" is not SunSSH.\");\n\n# Check the version in the banner.\nmatch = eregmatch(string:banner, pattern:\"sun_ssh[-_]([0-9.]+)$\", icase:TRUE);\nif (isnull(match))\n exit(1, \"Could not parse the version string from the banner on port \" + port + \".\");\nelse\n version = match[1];\n\n# the Oracle (Sun) blog above explains how the versioning works. we could\n# probably explicitly check for each vulnerable version if it came down to it\nif (\n ver_compare(ver:version, fix:'1.1.1', strict:FALSE) == -1 ||\n version == '1.2'\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.1.1 / 1.3\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse exit(0, \"The SunSSH server on port \"+port+\" is not affected as it's version \"+version+\".\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-09-04T14:19:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2001-0572"], "description": "OpenSSH is prone to a security weakness that may allow attackers to\ndowngrade the ciphersuite.\n\nSuccessfully exploiting this issue in conjunction with other latent\nvulnerabilities may allow attackers to gain access to sensitive\ninformation that may aid in further attacks.\n\nReleases prior to OpenSSH 2.9p2 are vulnerable.", "modified": "2017-08-30T00:00:00", "published": "2011-09-09T00:00:00", "id": "OPENVAS:103247", "href": "http://plugins.openvas.org/nasl.php?oid=103247", "type": "openvas", "title": "OpenSSH Ciphersuite Specification Information Disclosure Weakness", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssh_49473.nasl 7024 2017-08-30 11:51:43Z teissa $\n#\n# OpenSSH Ciphersuite Specification Information Disclosure Weakness\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"OpenSSH is prone to a security weakness that may allow attackers to\ndowngrade the ciphersuite.\n\nSuccessfully exploiting this issue in conjunction with other latent\nvulnerabilities may allow attackers to gain access to sensitive\ninformation that may aid in further attacks.\n\nReleases prior to OpenSSH 2.9p2 are vulnerable.\";\n\ntag_solution = \"Updates are available. Please see the references for more information.\";\n\nif (description)\n{\n script_id(103247);\n script_version(\"$Revision: 7024 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-30 13:51:43 +0200 (Wed, 30 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-09 13:52:42 +0200 (Fri, 09 Sep 2011)\");\n script_bugtraq_id(49473);\n script_cve_id(\"CVE-2001-0572\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_name(\"OpenSSH Ciphersuite Specification Information Disclosure Weakness\");\n\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/49473\");\n script_xref(name : \"URL\" , value : \"http://www.openssh.com\");\n script_xref(name : \"URL\" , value : \"http://www.kb.cert.org/vuls/id/596827\");\n\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2011 Greenbone Networks GmbH\");\n script_dependencies(\"ssh_detect.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_mandatory_keys(\"openssh/detected\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"global_settings.inc\");\n\nport = get_kb_item(\"Services/ssh\");\nif(!port) port = 22;\n\nif(!get_port_state(port))exit(0);\n\nbanner = get_kb_item(\"SSH/banner/\" + port);\nif ( ! banner ) exit(0);\n\nversion = eregmatch(pattern:\"ssh-.*openssh[_-]{1}([0-9.]+[p0-9]*)\", string: banner,icase:TRUE);\nif(isnull(version[1]))exit(0);\n\nif(version_is_less(version: version[1], test_version: \"2.9p2\")) {\n security_message(port);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-03-30T19:16:11", "description": "The host is running SSH and is providing / accepting one or more deprecated versions\n of the SSH protocol which have known cryptograhic flaws.", "cvss3": {}, "published": "2011-10-14T00:00:00", "type": "openvas", "title": "Deprecated SSH-1 Protocol Detection", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2001-0572", "CVE-2001-0361", "CVE-2001-1473"], "modified": "2020-03-26T00:00:00", "id": "OPENVAS:1361412562310801993", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801993", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Deprecated SSH-1 Protocol Detection\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801993\");\n script_version(\"2020-03-26T13:48:10+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-26 13:48:10 +0000 (Thu, 26 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-10-14 14:22:41 +0200 (Fri, 14 Oct 2011)\");\n # nb: Few CVEs/vulns to point out the cryptographic flaws.\n script_cve_id(\"CVE-2001-0361\", \"CVE-2001-0572\", \"CVE-2001-1473\");\n script_bugtraq_id(2344);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Deprecated SSH-1 Protocol Detection\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"ssh_proto_version.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_mandatory_keys(\"SSH/supportedversions/available\");\n\n script_xref(name:\"URL\", value:\"http://www.kb.cert.org/vuls/id/684820\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/6603\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allows remote attackers to bypass security\n restrictions and to obtain a client's public host key during a connection attempt and use it to open and\n authenticate an SSH session to another server with the same access.\");\n\n script_tag(name:\"affected\", value:\"Services providing / accepting the SSH protocol version SSH-1 (1.33 and 1.5).\");\n\n script_tag(name:\"solution\", value:\"Reconfigure the SSH service to only provide / accept the SSH protocol version SSH-2.\");\n\n script_tag(name:\"summary\", value:\"The host is running SSH and is providing / accepting one or more deprecated versions\n of the SSH protocol which have known cryptograhic flaws.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n exit(0);\n}\n\ninclude(\"ssh_func.inc\");\ninclude(\"misc_func.inc\");\n\nport = ssh_get_port( default:22 );\nversions = get_kb_list( \"SSH/supportedversions/\" + port );\nif( ! versions )\n exit( 0 );\n\nversions = sort( versions );\n\nreport = 'The service is providing / accepting the following deprecated versions of the SSH protocol which have known cryptograhic flaws:\\n';\n\nforeach version( versions ) {\n\n # nb: Don't add 1.99 which is only a backward compatibility banner\n if( version == \"1.33\" || version == \"1.5\" ) {\n report += '\\n' + version;\n VULN = TRUE;\n }\n}\n\nif( VULN ) {\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T12:29:49", "description": "The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.", "cvss3": {}, "published": "2001-08-22T04:00:00", "type": "cve", "title": "CVE-2001-0572", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2001-0572"], "modified": "2008-09-05T20:24:00", "cpe": ["cpe:/a:ssh:ssh:1.2.27", "cpe:/a:ssh:ssh:1.2.24", "cpe:/a:ssh:ssh:1.2.30", "cpe:/a:ssh:ssh:1.2.31", "cpe:/a:ssh:ssh:1.2.28", "cpe:/a:openbsd:openssh:4.5", "cpe:/a:ssh:ssh:1.2.25", "cpe:/a:ssh:ssh:1.2.29", "cpe:/a:ssh:ssh:1.2.26"], "id": "CVE-2001-0572", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0572", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ssh:ssh:1.2.29:*:*:*:*:*:*:*", "cpe:2.3:a:ssh:ssh:1.2.26:*:*:*:*:*:*:*", "cpe:2.3:a:ssh:ssh:1.2.28:*:*:*:*:*:*:*", "cpe:2.3:a:ssh:ssh:1.2.25:*:*:*:*:*:*:*", "cpe:2.3:a:ssh:ssh:1.2.24:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ssh:ssh:1.2.30:*:*:*:*:*:*:*", "cpe:2.3:a:ssh:ssh:1.2.31:*:*:*:*:*:*:*", "cpe:2.3:a:ssh:ssh:1.2.27:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2016-09-26T17:23:22", "description": "Recommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "cvss3": {}, "published": "2015-10-16T00:00:00", "type": "f5", "title": "SOL17452 - OpenSSH vulnerabilities CVE-2001-0361, CVE-2001-0572, CVE-2004-2069, CVE-2006-0225, and CVE-2006-0883", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2001-0572", "CVE-2001-0361", "CVE-2006-0225", "CVE-2006-0883", "CVE-2004-2069"], "modified": "2015-10-16T00:00:00", "id": "SOL17452", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/400/sol17452.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-06-08T00:16:13", "description": "\nF5 Product Development has assigned ID 552898 to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | \nNone \n| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| \n \nNone \n \nBIG-IP AAM | None | 12.0.0 \n11.4.0 - 11.6.0 \n| Not vulnerable \n| None \n \nBIG-IP AFM | None | 12.0.0 \n11.3.0 - 11.6.0 \n| Not vulnerable \n| None \n \nBIG-IP Analytics | None | 12.0.0 \n11.0.0 - 11.6.0 \n| Not vulnerable \n| None \n \nBIG-IP APM | None | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| None \n \nBIG-IP ASM | None | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| None \n \nBIG-IP DNS \n| None | 12.0.0 \n| Not vulnerable \n| None \n \nBIG-IP Edge Gateway \n| None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| None \n \nBIG-IP GTM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| None \n \nBIG-IP Link Controller | None | 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| None \n \nBIG-IP PEM | None | 12.0.0 \n11.3.0 - 11.6.0 \n| Not vulnerable \n| None \n \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| None \n \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| None \n \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| Not vulnerable \n| None \n \nARX | None | 6.0.0 - 6.4.0 \n| Not vulnerable \n| None \n \nEnterprise Manager | None | 3.0.0 - 3.1.1 \n| Not vulnerable \n| None \n \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 \n| Not vulnerable \n| None \n \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 \n| Not vulnerable \n| None \n \nBIG-IQ Device | None | 4.2.0 - 4.5.0 \n| Not vulnerable \n| None \n \nBIG-IQ Security | None | 4.0.0 - 4.5.0 \n| Not vulnerable \n| None \n \nBIG-IQ ADC | None | 4.5.0 \n| Not vulnerable \n| None \n \nLineRate | None | 2.5.0 - 2.6.1 \n| Not vulnerable \n| None \n \nF5 WebSafe | None | 1.0.0 \n| Not vulnerable \n| None \n \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 \n| Not vulnerable \n| None \n\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "cvss3": {}, "published": "2015-10-17T01:17:00", "type": "f5", "title": "OpenSSH vulnerabilities CVE-2001-0361, CVE-2001-0572, CVE-2004-2069, CVE-2006-0225, and CVE-2006-0883", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2001-0572", "CVE-2001-0361", "CVE-2006-0225", "CVE-2006-0883", "CVE-2004-2069"], "modified": "2016-01-09T02:32:00", "id": "F5:K17452", "href": "https://support.f5.com/csp/article/K17452", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}

OpenSSH Ciphersuite Specification Information Disclosure Weakness

Description

Related