OpenSSH AFS/Kerberos ticket/token passing

Published: 2005-11-03 13:08:04
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Recommendations:
Upgrade to the latest version of OpenSSH

Summary:
The remote host is running a version of OpenSSH older than 3.2.1 which is prone to a buffer overflow vulnerability.

Technical Details:
A buffer overflow exists in the daemon if AFS is enabled on the remote system, or if the options KerberosTgtPassing or AFSTokenPassing are enabled. Even in this scenario, the vulnerability may be avoided by enabling UsePrivilegeSeparation.

Affected Versions:
Versions prior to 2.9.9 are vulnerable to a remote root exploit. Versions prior to 3.2.1 are vulnerable to a local root exploit.

Detection Type:
Remote Banner Unreliable

Solution Type:
Vendor Patch

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2002-0575

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/4560

Search
Severity
High
CVSS Score
7.5

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.