| VID |
14021 |
| Severity |
30 |
| Port |
22 |
| Protocol |
TCP |
| Class |
Ssh |
| Detailed Description |
A version of SSH daemon which is older or equal to 1.2.27 is detected as running on the host.
SSH 1.2.27 with Kerberos authentication support stores Kerberos tickets in a file which is created in the current directory of the user who is logging in, which could allow remote attackers to sniff the ticket cache if the home directory is installed on NFS.
** If you are not using kerberos, then ignore this warning.
* References:
http://www.securityfocus.com/bid/1426
http://www.iss.net/security_center/static/4903.php |
| Recommendation |
Use ssh 1.2.32 or newer
(Note : It isn't exists the flaw in SSH 1.2.28 or newer, but the older versions than 1.2.32 have several vulnerabilities) |
| Related URL |
CVE-2000-0575 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
