Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

OpenSSH AFS/Kerberos ticket/token passing

Information

Severity

Severity

High

Family

Family

Gain a shell remotely

CVSSv2 Base

CVSSv2 Base

7.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

16 years ago

Modified

Modified

3 years ago

Summary

The remote host is running a version of OpenSSH older than 3.2.1 which is prone to a buffer overflow vulnerability.

Insight

Insight

A buffer overflow exists in the daemon if AFS is enabled on the remote system, or if the options KerberosTgtPassing or AFSTokenPassing are enabled. Even in this scenario, the vulnerability may be avoided by enabling UsePrivilegeSeparation.

Affected Software

Affected Software

Versions prior to 2.9.9 are vulnerable to a remote root exploit. Versions prior to 3.2.1 are vulnerable to a local root exploit.

Solution

Solution

Upgrade to the latest version of OpenSSH

Common Vulnerabilities and Exposures (CVE)