|Category:||Gain a shell remotely|
|Title:||SSH Insertion Attack|
You are running a version of SSH which is
older than (or as old as) version 1.2.23.
This version is vulnerable to a known plain
text attack, which may allow an attacker to
insert encrypted packets in the client - server
stream that will be deciphered by the server,
thus allowing the attacker to execute arbitrary
commands on the remote server
Upgrade to version 1.2.25 of SSH which solves this problem.
Risk factor : High
Common Vulnerability Exposure (CVE) ID: CVE-1999-1085|
Bugtraq: 19980612 CORE-SDI-04: SSH insertion attack (Google Search)
Bugtraq: 19980703 UPDATE: SSH insertion attack (Google Search)
CERT/CC vulnerability note: VU#13877
Cisco Security Advisory: 20010627 Multiple SSH Vulnerabilities
|Copyright||This script is Copyright (C) 1999 Renaud Deraison|
|This is only one of 81291 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.