 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.11848 |
| Category: | Gain root remotely |
| Title: | Portable SSH OpenSSH < 3.7.1p2 |
| Summary: | NOSUMMARY |
| Description: | Description: You are running OpenSSH 3.7p1 or 3.7.1p1. These versions are vulnerable to a flaw in the way they handle PAM authentication and may allow an attacker to gain a shell on this host. *** Note that Nessus did not detect whether PAM is being enabled *** in the remote sshd or not, so this might be a false positive. Solution : Upgrade to OpenSSH 3.7.1p2 or disable PAM support in sshd_config Risk factor : High |
| Cross-Ref: |
BugTraq ID: 8677 Common Vulnerability Exposure (CVE) ID: CVE-2003-0786 http://www.securityfocus.com/bid/8677 Bugtraq: 20030923 Multiple PAM vulnerabilities in portable OpenSSH (Google Search) http://www.securityfocus.com/archive/1/338617 Bugtraq: 20030923 Portable OpenSSH 3.7.1p2 released (Google Search) http://www.securityfocus.com/archive/1/338616 CERT/CC vulnerability note: VU#602204 http://www.kb.cert.org/vuls/id/602204 http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html Common Vulnerability Exposure (CVE) ID: CVE-2003-0787 CERT/CC vulnerability note: VU#209807 http://www.kb.cert.org/vuls/id/209807 |
| Copyright | This script is Copyright (C) 2003 Tenable Network Security |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |