Vulnerabilities > CVE-2000-0535

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
openssl
freebsd
nessus

Summary

OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.

Vulnerable Configurations

Part Description Count
Application
Openssl
1
OS
Freebsd
2

Nessus

  • NASL familyGain a shell remotely
    NASL idOPENSSL_OVERFLOW_GENERIC_TEST.NASL
    descriptionThe remote service seems to be using a version of OpenSSL that is older than 0.9.6e or 0.9.7-beta3. Such versions are affected by a buffer overflow that may allow an attacker to execute arbitrary commands on the remote host with the privileges of the application itself.
    last seen2020-03-18
    modified2002-08-05
    plugin id11060
    published2002-08-05
    reporterThis script is Copyright (C) 2002-2018 Solar Eclipse / Renaud Deraison
    sourcehttps://www.tenable.com/plugins/nessus/11060
    titleOpenSSL < 0.9.6e / 0.9.7b3 Multiple Remote Vulnerabilities
    code
    #TRUSTED 0c735fb6d18b92e7dc463c39c93d50b398065651cd7c0ed318a5d1d34834031824c3a22050ca6e31fbcc01030a07f38ce398a73c4434f40cb325e945345c784571586ec7573bbad8187a83596ed8318eaf6fbe29658c28bbe29b37b708585e162f200a9dc8e3bb88b92c4ed92cc2ba1f3a809c28160e7ce5f02d05b54fe911864cb36397a0a6c7db4ce53e6c12d096326a0b0727e3f007c5b916a75245b03a0c89887f2a18c581d7a4c49d88672878280dc6da584f38fcfb32d39750cece204f7a4cdd4d8e5a18bc563660825d4db1ee613352088fdc75b46c9dade84128772db6b409a5b09ed95b3156e4175c6d66dea8e2f1aa3db4e4c723621cec8449ba4b4869188c9e4687fd548a2c19c20bfc66382490a21d71e882380baf0c6c9b33b4382c5ce2683444bf2988676a4abe4e2865c6782ef082ebcf0ad497a1cc0c9cb35128ba8c71af2eb86b143e720d1e461e6556cd4385e503f30cea015f9d8bbaf86087917e85775f1a89b32e0323aab41988798789ba048a32d1fda6103fee96f4c882cd51ed5020991e252eee40c145fcce7c754df18a8cac345a4b4d20a503ac645e70005c5f48de74f07b68ac07b51bb6d8c05de995db8b389dce0ca9e57291b3e43a0218c94628387c12c67ba32cf4beff50a54372c43eab3040569ff783cba5fbb9ed40b3996e373be2aeec209568a4832fd3fe0d490a0857f942f69a71b9
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # Thanks to Solar Eclipse <[email protected]>, who did most
    # of the work.
    #
    # Will incidentally cover CVE-2001-1141 and CVE-2000-0535
    #
    
    
    include("compat.inc");
    
    if (description)
    {
     script_id(11060);
     script_version("1.61");
     script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
    
     script_cve_id(
      "CVE-2000-0535",
      "CVE-2001-1141",
      "CVE-2002-0655",
      "CVE-2002-0656",
      "CVE-2002-0657",
      "CVE-2002-0659"
     );
     script_bugtraq_id(1340, 3004, 5361, 5362, 5363, 5364, 5366);
     script_xref(name:"SuSE", value:"SUSE-SA:2002:033");
    
     script_name(english:"OpenSSL < 0.9.6e / 0.9.7b3 Multiple Remote Vulnerabilities");
     script_summary(english:"Checks for the behavior of OpenSSL");
    
     script_set_attribute(attribute:"synopsis", value:
    "The remote service uses a library that is affected by a buffer
    overflow vulnerability.");
     script_set_attribute(attribute:"description", value:
    "The remote service seems to be using a version of OpenSSL that is
    older than 0.9.6e or 0.9.7-beta3.
    
    Such versions are affected by a buffer overflow that may allow an
    attacker to execute arbitrary commands on the remote host with the
    privileges of the application itself.");
     script_set_attribute(attribute:"solution", value:"Upgrade to OpenSSL version 0.9.6e / 0.9.7beta3 or later.");
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     script_set_attribute(attribute:"exploit_framework_core", value:"true");
     script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
     script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
     script_set_attribute(attribute:"plugin_publication_date", value:"2002/08/05");
     script_set_attribute(attribute:"patch_publication_date", value:"2002/07/30");
     script_set_attribute(attribute:"vuln_publication_date", value:"2001/07/10");
     script_set_attribute(attribute:"plugin_type", value:"remote");
     script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl");
     script_end_attributes();
    
     script_category(ACT_MIXED_ATTACK);
     script_copyright(english:"This script is Copyright (C) 2002-2020 Solar Eclipse / Renaud Deraison");
     script_family(english:"Gain a shell remotely");
     script_dependencies("ssl_supported_versions.nasl");
     script_require_keys("SSL/Supported");
    
     exit(0);
    }
    
    include("byte_func.inc");
    include("ftp_func.inc");
    include("global_settings.inc");
    include("kerberos_func.inc");
    include("ldap_func.inc");
    include("misc_func.inc");
    include("nntp_func.inc");
    include("smtp_func.inc");
    include("ssl_funcs.inc");
    include("telnet2_func.inc");
    
    if ( safe_checks() && report_paranoia < 2 ) exit(0);
    
    #------------------------------ Consts ----------------------#
    client_hello = raw_string(
    0x80, 0x31, 0x01, 0x00,
    0x02,  0x00, 0x18,0x00,
    0x00,  0x00, 0x10,0x07,
    0x00, 0xC0, 0x05, 0x00,
    0x80, 0x03, 0x00, 0x80,
    0x01, 0x00, 0x80, 0x08,
    0x00, 0x80, 0x06, 0x00,
    0x40, 0x04, 0x00, 0x80,
    0x02, 0x00, 0x80, 0xE4,
    0xBD, 0x00, 0x00, 0xA4,
    0x41, 0xB6, 0x74, 0x71,
    0x2B, 0x27, 0x95, 0x44,
    0xC0, 0x3D, 0xC0);
    
    
    poison = raw_string(
    0x80,0x5a,0x2,0x7,
    0x0,0xc0,0x0,0x0,
    0x0,0x40,0x0,0x10,
    0x19,0x53,0xf,0x55,
    0x5e,0xaa,0x68,0x71,
    0x3,0x27,0x4,0x5a,
    0x1f,0x5,0xea,0x33,
    0x29,0x5b,0xb9,0x3f,
    0x7d,0x28,0xe6,0x4c,
    0xd4,0xb3,0x8e,0x36,
    0x44,0xb5,0x86,0x6c,
    0x6c,0x6,0xc1,0x5c,
    0x45,0x73,0xb8,0x11,
    0x55,0x23,0x3e,0x2a,
    0x52,0xe0,0x52,0x30,
    0xda,0xf8,0xee,0x15,
    0x79,0xe1,0x3c,0x68,
    0x36,0xd1,0x14,0x26,
    0xae,0xd4,0x30,0x2,
    0x0,0x0,0x0,0x0,
    0x4,0x0,0x0,0x0,
    0x41,0x41,0x41,0x41,
    0x41,0x41,0x41,0x41);
    
    
    big_poison = raw_string(
    0x81, 0xca, 0x2, 0x7,
    0x0, 0xc0, 0x0, 0x0,
    0x0, 0x40, 0x1, 0x80,
    0xa4, 0x20, 0xb4, 0x44,
    0xd, 0xe, 0x7c, 0x5,
    0xc2, 0x21, 0x28, 0x4d,
    0xd3, 0xab, 0x6b, 0x72,
    0x10, 0xa3, 0x64, 0x7e,
    0x9, 0x7e, 0xe8, 0x28,
    0xe, 0x98, 0x5a, 0x5,
    0x2f, 0x32, 0xbb, 0xa,
    0x3c, 0xe0, 0x58, 0x5a,
    0xc5, 0xf1, 0x91, 0x36,
    0x1a, 0x27, 0x2c, 0x37,
    0x4b, 0xc2, 0xd2, 0x49,
    0x28, 0xc4, 0xf1, 0x76,
    0x41, 0xe5, 0xa4, 0x2d,
    0xe6, 0x9a, 0x55, 0x7e,
    0x27, 0x38, 0x89, 0x13,
    0x0, 0x0, 0x0, 0x0,
    0x4, 0x0, 0x0, 0x0,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41,
    0x41, 0x41, 0x41, 0x41);
    
    
    
    #-------- The code. We need the check what happens on each port ------------#
    
    moderate_report =
    "Note that since safe checks are enabled, this check might be fooled by
    non-openssl implementations and produce a false positive.
    In doubt, re-execute the scan without the safe checks";
    
    get_kb_item_or_exit("SSL/Supported");
    
    port = get_ssl_ports(fork:TRUE);
    if (isnull(port))
      exit(1, "The host does not appear to have any SSL-based services.");
    
    # Find out if the port is open.
    if (!get_port_state(port))
      exit(0, "Port " + port + " is not open.");
    
    # Connect to the port, issuing the StartTLS command if necessary.
    soc = open_sock_ssl(port);
    if (!soc)
      exit(1, "open_sock_ssl() returned NULL for port " + port + ".");
    
    send(socket:soc, data:client_hello);
    buf = recv(socket:soc, length:8192);
    if(!strlen(buf))exit(0);
    send(socket:soc, data:poison);
    buf = recv(socket:soc, length:10);
    close(soc);
    if(safe_checks())
    {
    if(strlen(buf) > 5)security_hole(port:port, extra: moderate_report);
    }
    else
    {
     if(strlen(buf) > 5)
     {
      # Connect to the port, issuing the StartTLS command if necessary.
      soc = open_sock_ssl(port);
      if (!soc)
        exit(1, "open_sock_ssl() returned NULL for port " + port + ".");
    
      send(socket:soc, data:client_hello);
      buf = recv(socket:soc, length:8192);
      if(!strlen(buf))exit(0);
      n = send(socket:soc, data:big_poison);
      if ( n != strlen(big_poison) ) exit(0);
    
      buf = recv(socket:soc, length:4096);
      close(soc);
      if(strlen(buf) == 0)security_hole(port);
     }
    }
    
  • NASL familyWeb Servers
    NASL idOPENSSL_0_9_5A.NASL
    descriptionAccording to its banner, the version of OpenSSL running on the remote host is less than 0.9.5a. On a FreeBSD system running on the Alpha architecture, versions earlier than that may not use the /dev/random and /dev/urandom devices to provide a strong source of cryptographic entropy, which could lead to the generation of keys with weak cryptographic strength.
    last seen2020-06-01
    modified2020-06-02
    plugin id17707
    published2011-11-18
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17707
    titleOpenSSL < 0.9.5a /dev/random Check Failure
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(17707);
      script_version("1.7");
      script_cvs_date("Date: 2018/07/17 12:00:07");
    
      script_cve_id("CVE-2000-0535");
      script_bugtraq_id(1340);
    
      script_name(english:"OpenSSL < 0.9.5a /dev/random Check Failure");
      script_summary(english:"Checks the version of OpenSSL");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host uses a version of OpenSSL that may have weak
    encryption keys.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of OpenSSL running on the remote
    host is less than 0.9.5a. On a FreeBSD system running on the Alpha
    architecture, versions earlier than that may not use the /dev/random
    and /dev/urandom devices to provide a strong source of cryptographic
    entropy, which could lead to the generation of keys with weak
    cryptographic strength.");
      script_set_attribute(attribute:"see_also", value:"http://cvs.openssl.org/fileview?f=openssl/CHANGES&v=1.514");
      # https://web.archive.org/web/20000819114726/http://archives.neohapsis.com/archives/freebsd/2000-06/0083.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?16bc8320");
      script_set_attribute(attribute:"solution", value:
    "Upgrade OpenSSL to version 0.9.5a or higher and re-generate encryption
    keys.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/05/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/18");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
    
      script_dependencie("http_version.nasl");
      script_require_keys("Settings/ParanoidReport");
      script_require_ports("Services/www", 443);
    
      exit(0);
    }
    
    include("audit.inc");
    include("backport.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    port = get_http_port(default:80);
    banner = get_backport_banner(banner:get_http_banner(port:port));
    if (!banner) exit(1, "Unable to get the banner from web server on port "+port+".");
    
    if (!egrep(string:banner, pattern:'^Server:'))
      exit(1, "The web server on port "+port+" doesn't return a Server response header.");
    if ("OpenSSL/" >!< banner)
      exit(1, "The Server response header for the web server on port "+port+" doesn't mention OpenSSL.");
    
    pat = "^Server:.*OpenSSL/([^ ]+)";
    version = "";
    
    foreach line (split(banner, sep:'\r\n', keep:FALSE))
    {
      match = eregmatch(pattern:pat, string:line);
      if (!isnull(match))
      {
        version = match[1];
        break;
      }
    }
    if (isnull(version)) exit(0, "Failed to extract the version of OpenSSL used by the web server on port "+port+".");
    
    # Anything less than 0.9.5a.
    if (version =~ "^0\.9\.([0-4]|5([^a-z0-9]|$))")
    {
      if (report_verbosity > 0)
      {
        report =
          '\nOpenSSL version '+version+' appears to be running on the remote\n'+
          'host based on the following Server response header :\n\n'+
          '  '+line+'\n';
        security_warning(port:port, extra:report);
      }
      else security_warning(port);
      exit(0);
    }
    else exit(0, 'The web server on port ' +port+ ' uses OpenSSL '+version+', which is not affected.');
    
  • NASL familyMisc.
    NASL idOPENSSH_210.NASL
    descriptionAccording to its banner, the version of OpenSSH running on the remote host is less than 2.1.0. On a FreeBSD system running on the Alpha architecture, versions earlier than that may not use the /dev/random and /dev/urandom devices to provide a strong source of cryptographic entropy, which could lead to the generation of keys with weak cryptographic strength.
    last seen2020-06-01
    modified2020-06-02
    plugin id17700
    published2011-11-18
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17700
    titleOpenSSH < 2.1.0 /dev/random Check Failure
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(17700);
      script_version("1.8");
      script_cvs_date("Date: 2018/11/15 20:50:23");
    
      script_cve_id("CVE-2000-0535");
      script_bugtraq_id(1340);
    
      script_name(english:"OpenSSH < 2.1.0 /dev/random Check Failure");
      script_summary(english:"Checks the version of OpenSSH");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is running a version of SSH that may have weak
    encryption keys.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of OpenSSH running on the remote
    host is less than 2.1.0. On a FreeBSD system running on the Alpha
    architecture, versions earlier than that may not use the /dev/random
    and /dev/urandom devices to provide a strong source of cryptographic
    entropy, which could lead to the generation of keys with weak
    cryptographic strength.");
      script_set_attribute(attribute:"see_also", value:"http://cvs.openssl.org/fileview?f=openssl/CHANGES&v=1.514");
      # https://web.archive.org/web/20000819114726/http://archives.neohapsis.com/archives/freebsd/2000-06/0083.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?16bc8320");
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dca3a5e9");
      script_set_attribute(attribute:"solution", value:
    "Upgrade OpenSSH to version 2.1.0 or higher / OpenSSL to version 0.9.5a
    or higher and re-generate encryption keys.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/05/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/18");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:openbsd:openssh");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_detect.nasl");
      script_require_keys("Settings/ParanoidReport");
      script_require_ports("Services/ssh");
    
      exit(0);
    }
    
    include("audit.inc");
    include("backport.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    # Ensure the port is open.
    port = get_service(svc:"ssh", exit_on_fail:TRUE);
    
    # Get banner for service.
    banner = get_kb_item_or_exit("SSH/banner/"+port);
    
    bp_banner = tolower(get_backport_banner(banner:banner));
    if ("openssh" >!< bp_banner) exit(0, "The SSH service on port "+port+" is not OpenSSH.");
    if (backported) exit(1, "The banner from the OpenSSH server on port "+port+" indicates patches may have been backported.");
    
    # Check the version in the backported banner.
    match = eregmatch(string:bp_banner, pattern:"openssh[-_]([0-9][-._0-9a-z]+)");
    if (isnull(match)) exit(1, "Could not parse the version string in the banner from port "+port+".");
    version = match[1];
    
    match = eregmatch(string:version, pattern:"^([0-9.]+)");
    if (isnull(match)) exit(1, 'Failed to parse the version (' + version + ') of the service listening on port '+port+'.');
    
    fix = "2.1.0";
    if (ver_compare(ver:match[1], fix:fix, strict:FALSE) == -1)
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Version source    : ' + banner +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fix +
          '\n';
        security_warning(port:port, extra:report);
      }
      else security_warning(port);
    }
    else exit(0, "The OpenSSH version "+version+" server listening on port "+port+" is not affected.");