|Category:||Gain a shell remotely|
|Title:||SSH Insertion Attack|
|Summary:||Checks for the remote SSH version|
You are running a version of SSH which is
older than (or as old as) version 1.2.23.
This version is vulnerable to a known plain
text attack, which may allow an attacker to
insert encrypted packets in the client - server
stream that will be deciphered by the server,
thus allowing the attacker to execute arbitrary
commands on the remote server
Upgrade to version 1.2.25 of SSH which solves this problem.
Risk factor : High
Common Vulnerability Exposure (CVE) ID: CVE-1999-1085|
Bugtraq: 19980612 CORE-SDI-04: SSH insertion attack (Google Search)
Bugtraq: 19980703 UPDATE: SSH insertion attack (Google Search)
Cisco Security Advisory: 20010627 Multiple SSH Vulnerabilities
CERT/CC vulnerability note: VU#13877
|Copyright||This script is Copyright (C) 1999 Renaud Deraison|
|This is only one of 47891 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.