Lucene search

K
openvasCopyright (C) 2021 Greenbone AGOPENVAS:1361412562310150635
HistoryMay 27, 2021 - 12:00 a.m.

OpenSSH < 4.7 Improper Authentication Vulnerabilities

2021-05-2700:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
13
openssh
improper authentication
vulnerabilities
cve-2007-2243
cve-2007-2768
remote banner unreliable
vendorfix
s/key authentication
information disclosure
opie
one-time passwords
openssh version 4.6

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.007

Percentile

80.7%

OpenSSH is prone to multiple improper authentication
vulnerabilities.

# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:openbsd:openssh";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.150635");
  script_version("2023-06-27T05:05:30+0000");
  script_tag(name:"last_modification", value:"2023-06-27 05:05:30 +0000 (Tue, 27 Jun 2023)");
  script_tag(name:"creation_date", value:"2021-05-27 14:42:43 +0000 (Thu, 27 May 2021)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");

  script_cve_id("CVE-2007-2243", "CVE-2007-2768");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("OpenSSH < 4.7 Improper Authentication Vulnerabilities");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2021 Greenbone AG");
  script_family("General");
  script_dependencies("gb_openssh_consolidation.nasl");
  script_mandatory_keys("openssh/detected");

  script_tag(name:"summary", value:"OpenSSH is prone to multiple improper authentication
  vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"- CVE-2007-2243: OpenSSH, when configured to use S/KEY
  authentication, is prone to a remote information disclosure weakness. The issue occurs due to the
  S/KEY challenge/response system being used for valid accounts. If a remote attacker systematically
  attempts authentication against a list of usernames, he can watch the response to determine which
  accounts are valid.

  If 'ChallengeResponseAuthentication' is set to 'Yes', which is the default setting, OpenSSH allows
  the user to login by using S/KEY in the form of 'ssh userid:skey at hostname'.

  - CVE-2007-2768: OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows
  remote attackers to determine the existence of certain user accounts, which displays a different
  response if the user account exists and is configured to use one-time passwords (OTP), a similar
  issue to CVE-2007-2243.");

  script_tag(name:"affected", value:"OpenSSH version 4.6 and prior.");

  script_tag(name:"solution", value:"Update to version 4.7 or later.");

  script_xref(name:"URL", value:"https://cxsecurity.com/issue/WLB-2007040138");
  script_xref(name:"URL", value:"https://web.archive.org/web/20131127034915/http://archives.neohapsis.com:80/archives/fulldisclosure/2007-04/0590.html");
  script_xref(name:"URL", value:"https://web.archive.org/web/20140831195656/http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html");

  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if( isnull( port = get_app_port( cpe:CPE ) ) )
  exit( 0 );

if( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )
  exit( 0 );

vers = infos["version"];
path = infos["location"];

if( version_is_less_equal(version:vers, test_version:"4.6" ) ) {
  report = report_fixed_ver( installed_version:vers, fixed_version:"4.7", install_path:path );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.007

Percentile

80.7%