| VID |
14049 |
| Severity |
30 |
| Port |
22 |
| Protocol |
TCP |
| Class |
SSH |
| Detailed Description |
According to its banner, a version of OpenSSH earlier than version 6.2 is listening on this port. OpenSSH is an open source client and server implementation of the Secure Shell (SSH) protocol. The default configuration of OpenSSH installs before 6.2 could allow a remote attacker to bypass the LoginGraceTime and MaxStartups thresholds by periodically making a large number of new TCP connections and thereby prevent legitimate users from gaining access to the service.
* Note: This check solely relied on the banner of the remote SSH server to assess this vulnerability, so this might be a false positive.
* References:
http://www.openwall.com/lists/oss-security/2013/02/06/5
http://openssh.org/txt/release-6.2
http://tools.cisco.com/security/center/viewAlert.x?alertId=28883
* Platforms Affected:
OpenSSH version before 6.2
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of OpenSSH (6.2 or later), available from the OpenSSH Web site at http://www.openssh.org/ |
| Related URL |
CVE-2010-5107 (CVE) |
| Related URL |
58162 (SecurityFocus) |
| Related URL |
(ISS) |
|
