 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.10472 |
| Category: | Gain a shell remotely |
| Title: | SSH Kerberos issue |
| Summary: | NOSUMMARY |
| Description: | Description: You are running a version of SSH which is older than (or as old as) version 1.2.27. If you compiled ssh with kerberos support, then an attacker may eavesdrop your users kerberos tickets, as sshd will set the environment variable KRB5CCNAME to 'none', so kerberos tickets will be stored in the current working directory of the user, as 'none'. If you have nfs/smb shared disks, then an attacker may eavesdrop the kerberos tickets of your users using this flaw. *** If you are not using kerberos, then *** ignore this warning. Solution : use ssh 1.2.28 or newer Risk factor : High |
| Cross-Ref: |
BugTraq ID: 1426 Common Vulnerability Exposure (CVE) ID: CVE-2000-0575 http://www.securityfocus.com/bid/1426 Bugtraq: 20000630 Kerberos security vulnerability in SSH-1.2.27 (Google Search) http://marc.info/?l=bugtraq&m=96256265914116&w=2 XForce ISS Database: ssh-kerberos-tickets-disclosure(4903) https://exchange.xforce.ibmcloud.com/vulnerabilities/4903 |
| Copyright | This script is Copyright (C) 2000 Renaud Deraison |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |