| VID |
14048 |
| Severity |
30 |
| Port |
22 |
| Protocol |
TCP |
| Class |
SSH |
| Detailed Description |
According to the banner, OpenSSH 5.6 or 5.7 is running on the remote
host. These versions contain an information disclosure vulnerability.
This vulnerability may cause the contents of the stack to be copied
into an SSH certificate, which is visible to a remote attacker. This
information may lead to further attacks.
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.openssh.com/txt/legacy-cert.adv
http://www.openssh.com/txt/release-5 |
| Recommendation |
Upgrade to the latest version of OpenSSH (5.8 or later) |
| Related URL |
CVE-2011-0539 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
