SecureScoutLogo.jpg
OpenSSH Restricted IP Login Vulnerability



Go to Vulnerabilities List

General Info

TC: 12084
Description: OpenSSH is an implementation of the Secure Shell Protocol designed to allow for secure communications between two points via strong encryption. A vulnerability exists in certain releases of the OpenSSH program which can aid an attacker in his attempt to circumvent the security policies of the target. The error exists in the authentication phase of communications and revolves around the strategy OpenSSH uses to restrict access to unknown users. Exploitation of this vulnerability can allow an attacker with a restricted IP address (one which is normally prohibited from attempting connections) to attempt to logon. Coupled with a brute force attack or another exploit this weakness could allow for the compromise of the target system or enhance the potency of future attacks.
TC Impact: Gather Info
Service: ssh


Specific Operations and Actions:

Vulnerability Publication: June 6, 2003
Advisory Copyright: Mike Harding
Summary: A vulnerability exists in your system which may allow a restricted IP to attempt to access your system via OpenSSH.
Risk: High
CVSS 2.0 metrics: Access Vector: Network
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: Partial
Availability Impact: Partial
CVSS 2.0 Base Score: 7.5
Vulnerability Impact: Attack
Host Impact: That a remote atttacker may have his chances improved of compromising your system.
Nature of Remediation: Update the software.
Step required to fix the reported vulnerability:

***** Solution type: Undefined *****

Upgrade to a version of OpenSSH greater than 3.6.1. Available from http://www.openssh.org


Glossary and References :

References: www.sans.org/top20/
Initial Advisory: http://www.securityfocus.com/archive/1/324016
Security Focus: http://www.securityfocus.com/bid/7831
CERT Vulnerability note: http://www.kb.cert.org/vuls/id/978316
Vendor Website: http://www.openssh.org/
SANS Top 20 Secure Shell (SSH): http://www.sans.org/top20/#U8

CVE Link: CVE-2003-0386
 CVE Compatible

Glossary: Banner
SSH

© 2003-2010 NexantiS Corporation (www.securescout.com)
SecureScout is a trademark of NexantiS
All Rights Reserved
All products names referenced herein are trademarks of their respective companies

SecureScout products are certified:
CVE Compatible
SANS TOP 20 Compatible
CVSS Compatible (Common Vulnerability Scoring System)