| VID |
14039 |
| Severity |
30 |
| Port |
22 |
| Protocol |
TCP |
| Class |
SSH |
| Detailed Description |
The OpenSSH server, according to its banner, has a GSSAPI credential delegation vulnerability. OpenSSH versions prior to 4.2 are vulnerable to two security vulnerabilities, which can be exploited a remote attacker to gain escalated privileges or bypass certain security restrictions.
1) An error in handling dynamic port forwarding ("-D" option) when a listen address is not provided, can cause the GatewayPorts functionality to be incorrectly activated.
2) An error in handling GSSAPI credential delegation can allow a user, who did not login using GSSAPI authentication, to be delegated with GSSAPI credentials. If GSSAPIDelegateCredentials is enabled, a remote attacker can login to the system without using the GSSAPI authentication scheme and be assigned GSSAPI privileges.
* Note: This check solely relied on the banner of the remote SSH server to assess this vulnerability, so this might be a false positive.
* References:
http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html
http://secunia.com/advisories/16686/
* Platforms Affected:
OpenSSH versions prior to 4.2
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of OpenSSH (4.2p1 or later), available from the OpenSSH FTP Download Web page at ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ |
| Related URL |
CVE-2005-2797,CVE-2005-2798 (CVE) |
| Related URL |
14729 (SecurityFocus) |
| Related URL |
22117 (ISS) |
|
