| VID |
14024 |
| Severity |
30 |
| Port |
22 |
| Protocol |
TCP |
| Class |
Ssh |
| Detailed Description |
The OpenSSH server is a version of OpenSSH between 2.5.x and 2.9.x. The OpenSSH server, according to its version number, could allow a remote attacker to bypass access control and login from disallowed source IP addresses.
Depending on the order of the user keys in ~/.ssh/authorized_keys2, sshd might fail to apply the source IP based access control restriction to the correct key. This allows an attacker to bypass key-based access control to login from an unauthorized host. |
| Recommendation |
Upgrade to the latest version of OpenSSH (2.9.9 or later), available from the OpenSSH ftp site:
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/openssh-2.9.9.tgz |
| Related URL |
CVE-2001-1380 (CVE) |
| Related URL |
3369 (SecurityFocus) |
| Related URL |
7179 (ISS) |
|
