CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
95.9%
The version of Attachmate Reflection for Secure IT UNIX server installed on the remote host is less than 7.0 SP1 and thus reportedly affected by several issues :
There is an inherited vulnerability in OpenSSL when parsing malformed ASN.1 structures leading to a denial of service vulnerability (CVE-2006-2937).
There is an inherited vulnerability in OpenSSL when parsing parasitic public keys leading to a denial of service vulnerability (CVE-2006-2940).
There is an inherited vulnerability in OpenSSL when performing Montgomery multiplication, leading to a side-channel attack vulnerability (CVE-2007-3108).
There is an inherited vulnerability in OpenSSH with the execution of the ~/.ssh2/rc session file (CVE-2008-1657).
There is an issue with the security of forwarded X11 connections, leading to possible hijacking.
(CVE-2008-1483)
There are multiple unspecified other vulnerabilities.
(CVE-2008-6021)
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(33948);
script_version("1.22");
script_cve_id(
"CVE-2006-2937",
"CVE-2006-2940",
"CVE-2007-3108",
"CVE-2008-1483",
"CVE-2008-1657",
"CVE-2008-6021"
);
script_bugtraq_id(28444, 30723);
script_xref(name:"Secunia", value:"31531");
script_name(english:"Attachmate Reflection for Secure IT UNIX server < 7.0 SP1 Multiple Vulnerabilities");
script_summary(english:"Checks if SSH banner < 7.0.1.575");
script_set_attribute(attribute:"synopsis", value:
"The remote SSH service is affected by multiple vulnerabilities." );
script_set_attribute(attribute:"description", value:
"The version of Attachmate Reflection for Secure IT UNIX server
installed on the remote host is less than 7.0 SP1 and thus reportedly
affected by several issues :
- There is an inherited vulnerability in OpenSSL when
parsing malformed ASN.1 structures leading to a
denial of service vulnerability (CVE-2006-2937).
- There is an inherited vulnerability in OpenSSL when
parsing parasitic public keys leading to a
denial of service vulnerability (CVE-2006-2940).
- There is an inherited vulnerability in OpenSSL when
performing Montgomery multiplication, leading to a
side-channel attack vulnerability (CVE-2007-3108).
- There is an inherited vulnerability in OpenSSH with the
execution of the ~/.ssh2/rc session file
(CVE-2008-1657).
- There is an issue with the security of forwarded X11
connections, leading to possible hijacking.
(CVE-2008-1483)
- There are multiple unspecified other vulnerabilities.
(CVE-2008-6021)" );
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?79d29f9f" );
script_set_attribute(attribute:"solution", value:
"Upgrade to Attachmate Reflection for Secure IT UNIX server 7.0 SP1." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cpe", value:"cpe:/a:attachmate:reflection_for_secure_it");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(264, 399);
script_set_attribute(attribute:"plugin_publication_date", value: "2008/08/20");
script_set_attribute(attribute:"vuln_publication_date", value: "2006/09/28");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/12/22");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2008-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_detect.nasl", "os_fingerprint.nasl");
script_require_ports("Services/ssh", 22);
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
# Don't flag Windows hosts
os = get_kb_item_or_exit("Host/OS");
if (os && "Windows" >< os) audit(AUDIT_OS_NOT, "a Unix and Unix-like OS", "Microsoft Windows");
port = get_kb_item("Services/ssh");
if (!port) port = 22;
if (!get_port_state(port)) audit(AUDIT_PORT_CLOSED, port);
# Check the version in the banner.
banner = get_kb_item("SSH/banner/" + port);
if (!banner) audit(AUDIT_WEB_BANNER_NOT, port);
if ("ReflectionForSecureIT_" >!< banner) audit(AUDIT_NOT_LISTEN, "Attachmate Reflection for Secure IT UNIX server", port);
ver = strstr(banner, "ReflectionForSecureIT_") - "ReflectionForSecureIT_";
if (!ver) audit(AUDIT_SERVICE_VER_FAIL, "Attachmate Reflection for Secure IT UNIX server SSH", port);
arr = split(ver, sep:".", keep:FALSE);
for ( i = 0 ; i < max_index(arr) ; i ++ )
{
arr[i] = int(arr[i]);
}
vuln = FALSE;
if (arr[0] && arr[0] < 7) vuln = TRUE;
if (arr[0] && arr[0] == 7 && arr[1] && arr[1] == 0)
{
if (arr[2] && arr[2] < 1) vuln = TRUE;
if (arr[2] && arr[2] == 1 && arr[3] && arr[3] < 575) vuln = TRUE;
}
if (vuln)
{
if (report_verbosity)
{
report = string(
"\n",
"The remote Attachmate Reflection for Secure IT UNIX server returned\n",
"the following banner :\n",
"\n",
" ", banner, "\n"
);
security_hole(port:port, extra:report);
}
else security_hole(port);
}
else audit(AUDIT_LISTEN_NOT_VULN, "Attachmate Reflection for Secure IT UNIX server", port, ver);
Vendor | Product | Version | CPE |
---|---|---|---|
attachmate | reflection_for_secure_it | cpe:/a:attachmate:reflection_for_secure_it |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1657
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6021
www.nessus.org/u?79d29f9f