Rapid7 Vulnerability & Exploit Database

AIX OpenSSH multiple vulnerabilities -AIX 5.2

Back to Search

AIX OpenSSH multiple vulnerabilities -AIX 5.2

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
06/10/2010
Created
07/25/2018
Added
09/05/2014
Modified
10/05/2015

Description

X11 man-in-the-middle attack: When attempting to bind(2) to a port that has previously been bound with SO_REUSEADDR set, most operating systems check that either the effective user-id matches the previous bind (common on BSD-derived systems) or that the bind addresses do not overlap. When the sshd_config(5) option X11UseLocalhost has been set to "no" - an attacker may establish a more-specific bind, which will be used in preference to sshd's wildcard listener. Plaintext Recovery Attack Against SSH: If exploited, this attack can potentially allow an attacker to recover up to 32 bits of plaintext from an arbitrary block of ciphertext from a connection secured using the SSH protocol in the standard configuration. If OpenSSH is used in the standard configuration, then the attacker's success probability for recovering 32 bits of plaintext is 2^{-18}. A variant of the attack against OpenSSH in the standard configuration can verifiably recover 14 bits of plaintext with probability 2^{-14}. The success probability of the attack for other implementations of SSH is not known. Please see the following for more information: http://www.openssh.com/txt/release-5.1 http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt http://www.openssh.org/txt/cbc.adv

Solution(s)

  • aix-5.2-openssh_advisory

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;