| VID |
14040 |
| Severity |
30 |
| Port |
22 |
| Protocol |
TCP |
| Class |
SSH |
| Detailed Description |
The installed version of SSH Tectia Server appears to be 5.0.0. SSH (Secure Shell) Tectia Server is a secure, end-to-end communications server. SSH Tectia Server version 5.0.0, when allowing host-based authentication only, could allow an attacker to bypass certain security restrictions, caused by a vulnerability in the handling of host-based authentication. This could cause an attacker to be logged on with wrong credentials to a server running SSH Tectia Server. Successful exploitation requires that host-based authentication is enabled and the user must logon from an authorized host.
* Note: This check solely relied on the banner of the remote SSH server to assess this vulnerability, so this might be a false positive.
* References:
http://www.ssh.com/company/newsroom/article/694/
http://www.frsirt.com/english/advisories/2005/2929
http://securitytracker.com/id?1015368
http://secunia.com/advisories/18001
* Platforms Affected:
SSH Communications Security, SSH Tectia Server version 5.0.0
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of SSH Tectia Server (5.0.1 or later), available from the SSH Tectia Server Download Web site at http://www.ssh.com/support/downloads/tectia-server/updates-and-packages-5-0.html |
| Related URL |
CVE-2005-4310 (CVE) |
| Related URL |
15903 (SecurityFocus) |
| Related URL |
23741 (ISS) |
|
