| VID |
14027 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
Ssh |
| Detailed Description |
The version of SSH daemon is older than (or as old as) 1.2.27.
Secure Shell (SSH) version 1 daemons contain a potentially exploitable buffer overflow when built with the RSAREF library. This could possibly allow remote attackers to compromise root access on affected systems.
To determine if you compiled ssh against the RSAREF library, type "ssh -V" on the remote host.
* References:
http://www.securityfocus.com/bid/843
http://xforce.iss.net/xforce/xfdb/3729 |
| Recommendation |
1. Use ssh 2.x, or do not compile ssh against the RSAREF library
2. Patch : http://www.cert.org/advisories/CA-99-15/ssh-patch.txt |
| Related URL |
CVE-1999-0834 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
