Joost Pol found a bug in the channel code of all versions of OpenSSH from 2.0 to 3.0.2. This bug can allow authenticated users with an existing account on the vulnerable system to obtain root privilege or by a malicious server attacking a vulnerable client. OpenSSH 3.1 is not vulnerable to this problem. The provided packages fix this vulnerability.

You are running a version of OpenSSH which is older than 3.1.

Versions prior than 3.1 are vulnerable to an off by one error that allows local users to gain root access, and it may be possible for remote users to similarly compromise the daemon for remote access.

In addition, a vulnerable SSH client may be compromised by connecting to a malicious SSH daemon that exploits this vulnerability in the client code, thus compromising the client system.

The version of SunSSH running on the remote host has an information disclosure vulnerability.  A design flaw in the SSH specification could allow a man-in-the-middle attacker to recover up to 32 bits of plaintext from an SSH-protected connection in the standard configuration.  An attacker could exploit this to gain access to sensitive information.

Note that this version of SunSSH is also prone to several additional issues but Nessus did not test for them.

遠端主機上安裝的 SunSSH 版本有資訊洩漏弱點。SSH 規格的設計瑕疵允許攔截式攻擊者在標準組態中從 SSH 受保護的連線復原多達 32 位元的純文字。攻擊者可惡意利用此弱點來存取敏感資訊。

請注意，此版本的 SunSSH 也容易發生其他多個問題，但 Nessus 並未測試這些問題。

3.1 より前のバージョンの OpenSSH を実行しています。

3.1 より前のバージョンは、オフバイワンエラーに脆弱であり、これによってローカルユーザーが root アクセスを得ることができ、リモートユーザーが、リモートアクセスするために同様にデーモンに不正アクセスできることがあります。

さらに、脆弱な SSH クライアントが、クライアントコードでのこの脆弱性を悪用する悪意のある SSH デーモンに接続することによって、不正アクセスされ、クライアントシステムを危険にさらすことがあります。

リモートホストで実行されているバージョンの SunSSH に情報漏洩脆弱性があります。SSH の仕様の設計上の欠陥により、中間攻撃者が、標準構成の SSH 保護接続から最大 32 ビットまでの平文を回収できることがあります。攻撃者はこれを悪用して、機密情報にアクセスすることがあります。

このバージョンの SunSSH はいくつかのその他の問題の影響も受けやすくなっていますが、Nessus はそれらの問題をテストしていないことに、注意してください。

您正在运行版本低于 3.1 的 OpenSSH。

低于 3.1 的版本存在被错误关闭的漏洞，这允许本地用户获得根访问权限，并且可能使远程用户能够对后台程序进行类似的破解，从而进行远程访问。

此外，存在漏洞的 SSH 客户端还可能通过连接到恶意 SSH 后台程序而被破解，其的客户端代码中利用了该漏洞，因此可以破解客户端系统。

远程主机上运行的 SunSSH 版本存在信息泄露漏洞。SSH 规范中的设计缺陷可允许中间人攻击者从标准配置的受 SSH 保护的连接中恢复多达 32 位的明文。攻击者可利用这一点获取敏感信息的访问权限。

请注意，此 SunSSH 版本也易于发生多个其他问题，但 Nessus 未对其进行测试。

The remote host is running a version of OpenSSH which is older than 3.1. Versions prior than 3.1 are vulnerable to an off by one error that allows local users to gain root access, and it may be possible for remote users to similarly compromise the daemon for remote access. In addition, a vulnerable SSH client may be compromised by connecting to a malicious SSH daemon that exploits this vulnerability in the client code, thus compromising the client system.

Note: NNM has solely relied on the banner of the SSH client to perform this check. Any backported patches or workarounds such as recompiling or edited configurations are not observable through the banner. 

The remote host is running a version of OpenSSH that is older than 3.0.1. Versions older than 3.0.1 are vulnerable to a flaw in which an attacker may authenticate, provided that Kerberos V support has been enabled (which is not the case by default).  It is also vulnerable to an excessive memory clearing bug, believed to be unexploitable.

Note: NNM has solely relied on the banner of the SSH client to perform this check. Any backported patches or workarounds such as recompiling or edited configurations are not observable through the banner.

*** You may ignore this warning if this host is not using Kerberos V 

The remote host is running a version of OpenSSH older than OpenSSH 3.2.1. A buffer overflow exists in the daemon if AFS is enabled on your system, or if the options KerberosTgtPassing or AFSTokenPassing are enabled.  Even in this scenario, the vulnerability may be avoided by enabling UsePrivilegeSeparation. Versions prior to 2.9.9 are vulnerable to a remote root exploit. Versions prior to 3.2.1 are vulnerable to a local root exploit.

Note: NNM has solely relied on the banner of the SSH client to perform this check. Any backported patches or workarounds such as recompiling or edited configurations are not observable through the banner. 

ID	名稱	產品	系列	已發布	已更新	嚴重性
13927	Mandrake Linux Security Advisory : openssh (MDKSA-2002:019)	Nessus	Mandriva Local Security Checks	2004/7/31	2021/1/6	critical
10883	OpenSSH < 3.1 Channel Code Off by One Remote Privilege Escalation	Nessus	Gain a shell remotely	2002/3/7	2024/3/27	critical
55992	SunSSH < 1.1.1 / 1.3 CBC Plaintext Disclosure	Nessus	Misc.	2011/8/29	2020/9/21	critical
55992	SunSSH < 1.1.1 / 1.3 CBC 純文字洩漏	Nessus	Misc.	2011/8/29	2020/9/21	critical
10883	OpenSSH < 3.1 チャンネルコードのオフバイワンリモート権限昇格	Nessus	Gain a shell remotely	2002/3/7	2024/3/27	critical
55992	SunSSH < 1.1.1 / 1.3 CBC の平文での漏洩	Nessus	Misc.	2011/8/29	2020/9/21	critical
10883	OpenSSH < 3.1 频道代码被远程权限升级关闭	Nessus	Gain a shell remotely	2002/3/7	2024/3/27	critical
55992	SunSSH < 1.1.1 / 1.3 CBC 明文泄露	Nessus	Misc.	2011/8/29	2020/9/21	critical
1990	OpenSSH < 3.1 Channel Code Off by One Privilege Escalation	Nessus Network Monitor	SSH	2004/8/20	2019/3/6	high
1986	OpenSSH < 3.0.1 Multiple Vulnerabilities	Nessus Network Monitor	SSH	2004/8/20	2019/3/6	high
1989	OpenSSH < 3.2.1 AFS/Kerberos Ticket/Token Passing Overflow	Nessus Network Monitor	SSH	2004/8/20	2019/3/6	high

偵測

搜尋 Plugin

critical

critical

critical

critical

critical

critical

critical

critical

high

high

high