| VID |
14009 |
| Severity |
30 |
| Port |
22 |
| Protocol |
TCP |
| Class |
Ssh |
| Detailed Description |
A version of OpenSSH which is older than 3.0.1 is running. Versions older than 3.0.1 are vulnerable to a flaw in which an attacker may authenticate, provided that Kerberos V support has been enabled (which is not the case by default). The flaw with the software has been discovered that could allow an attacker to gain unauthorized access.
* You may ignore this warning if this host is not using Kerberos V. The only affected OpenSSH implementations are those that have compiled into the program the Kerberos V compatibility code. This is not usually built with a default compilation of OpenSSH. |
| Recommendation |
Upgrade to OpenSSH 3.0.1, available for download from OpenSSH ftp site, ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH |
| Related URL |
CVE-2001-1507 (CVE) |
| Related URL |
3560 (SecurityFocus) |
| Related URL |
7598 (ISS) |
|
