Test ID:	1.3.6.1.4.1.25623.1.0.11837
Category:	Gain root remotely
Title:	OpenSSH < 3.7.1
Summary:	NOSUMMARY
Description:	Description: You are running a version of OpenSSH which is older than 3.7.1 Versions older than 3.7.1 are vulnerable to a flaw in the buffer management functions which might allow an attacker to execute arbitrary commands on this host. An exploit for this issue is rumored to exist. Note that several distribution patched this hole without changing the version number of OpenSSH. Since Nessus solely relied on the banner of the remote SSH server to perform this check, this might be a false positive. If you are running a RedHat host, make sure that the command : rpm -q openssh-server Returns : openssh-server-3.1p1-13 (RedHat 7.x) openssh-server-3.4p1-7 (RedHat 8.0) openssh-server-3.5p1-11 (RedHat 9) Solution : Upgrade to OpenSSH 3.7.1 See also : http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375452423794&w=2 http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375456923804&w=2 Risk factor : High
Cross-Ref:	BugTraq ID: 8628 Common Vulnerability Exposure (CVE) ID: CVE-2003-0682 Bugtraq: 20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh) (Google Search) http://marc.info/?l=bugtraq&m=106381409220492&w=2 Conectiva Linux advisory: CLA-2003:741 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000741 Debian Security Information: DSA-382 (Google Search) http://www.debian.org/security/2003/dsa-382 Debian Security Information: DSA-383 (Google Search) http://www.debian.org/security/2003/dsa-383 En Garde Linux Advisory: ESA-20030918-024 FreeBSD Security Advisory: FreeBSD-SA-03:12 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A446 RedHat Security Advisories: RHSA-2003:279 http://marc.info/?l=bugtraq&m=106373546332230&w=2 http://www.redhat.com/support/errata/RHSA-2003-280.html SuSE Security Announcement: SuSE-SA:2003:039 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2003-0693 Bugtraq: 20030916 OpenSSH Buffer Management Bug Advisory (Google Search) http://marc.info/?l=bugtraq&m=106373247528528&w=2 Bugtraq: 20030916 [slackware-security] OpenSSH Security Advisory (SSA:2003-259-01) (Google Search) http://marc.info/?l=bugtraq&m=106374466212309&w=2 http://www.cert.org/advisories/CA-2003-24.html CERT/CC vulnerability note: VU#333628 http://www.kb.cert.org/vuls/id/333628 En Garde Linux Advisory: ESA-20030916-023 http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010103.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010135.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010146.html Immunix Linux Advisory: IMNX-2003-7+-020-01 http://www.mandriva.com/security/advisories?name=MDKSA-2003:090 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2719 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A447 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000620.1-1 SuSE Security Announcement: SuSE-SA:2003:038 (Google Search) http://marc.info/?l=bugtraq&m=106381396120332&w=2 XForce ISS Database: openssh-packet-bo(13191) https://exchange.xforce.ibmcloud.com/vulnerabilities/13191 Common Vulnerability Exposure (CVE) ID: CVE-2003-0695 Bugtraq: 20030917 [slackware-security] OpenSSH updated again (SSA:2003-260-01) (Google Search) http://marc.info/?l=bugtraq&m=106382542403716&w=2 http://marc.info/?l=openbsd-security-announce&m=106375582924840 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A452
Copyright	This script is Copyright (C) 2003 Tenable Network Security

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.