Vulnerabilities > CVE-2000-0535

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
openssl
freebsd
nessus
NVD
Published: 2000-06-12
Updated: 2008-09-10

Summary

OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.

Vulnerable Configurations

Part Description Count
Application
Openssl
1
OS
Freebsd
2

Nessus

  • NASL familyGain a shell remotely
    NASL idOPENSSL_OVERFLOW_GENERIC_TEST.NASL
    descriptionThe remote service seems to be using a version of OpenSSL that is older than 0.9.6e or 0.9.7-beta3. Such versions are affected by a buffer overflow that may allow an attacker to execute arbitrary commands on the remote host with the privileges of the application itself.
    last seen2020-03-18
    modified2002-08-05
    plugin id11060
    published2002-08-05
    reporterThis script is Copyright (C) 2002-2018 Solar Eclipse / Renaud Deraison
    sourcehttps://www.tenable.com/plugins/nessus/11060
    titleOpenSSL < 0.9.6e / 0.9.7b3 Multiple Remote Vulnerabilities
    code
    #TRUSTED 0c735fb6d18b92e7dc463c39c93d50b398065651cd7c0ed318a5d1d34834031824c3a22050ca6e31fbcc01030a07f38ce398a73c4434f40cb325e945345c784571586ec7573bbad8187a83596ed8318eaf6fbe29658c28bbe29b37b708585e162f200a9dc8e3bb88b92c4ed92cc2ba1f3a809c28160e7ce5f02d05b54fe911864cb36397a0a6c7db4ce53e6c12d096326a0b0727e3f007c5b916a75245b03a0c89887f2a18c581d7a4c49d88672878280dc6da584f38fcfb32d39750cece204f7a4cdd4d8e5a18bc563660825d4db1ee613352088fdc75b46c9dade84128772db6b409a5b09ed95b3156e4175c6d66dea8e2f1aa3db4e4c723621cec8449ba4b4869188c9e4687fd548a2c19c20bfc66382490a21d71e882380baf0c6c9b33b4382c5ce2683444bf2988676a4abe4e2865c6782ef082ebcf0ad497a1cc0c9cb35128ba8c71af2eb86b143e720d1e461e6556cd4385e503f30cea015f9d8bbaf86087917e85775f1a89b32e0323aab41988798789ba048a32d1fda6103fee96f4c882cd51ed5020991e252eee40c145fcce7c754df18a8cac345a4b4d20a503ac645e70005c5f48de74f07b68ac07b51bb6d8c05de995db8b389dce0ca9e57291b3e43a0218c94628387c12c67ba32cf4beff50a54372c43eab3040569ff783cba5fbb9ed40b3996e373be2aeec209568a4832fd3fe0d490a0857f942f69a71b9
#
# (C) Tenable Network Security, Inc.
#

# Thanks to Solar Eclipse <[email protected]>, who did most
# of the work.
#
# Will incidentally cover CVE-2001-1141 and CVE-2000-0535
#


include("compat.inc");

if (description)
{
 script_id(11060);
 script_version("1.61");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");

 script_cve_id(
  "CVE-2000-0535",
  "CVE-2001-1141",
  "CVE-2002-0655",
  "CVE-2002-0656",
  "CVE-2002-0657",
  "CVE-2002-0659"
 );
 script_bugtraq_id(1340, 3004, 5361, 5362, 5363, 5364, 5366);
 script_xref(name:"SuSE", value:"SUSE-SA:2002:033");

 script_name(english:"OpenSSL < 0.9.6e / 0.9.7b3 Multiple Remote Vulnerabilities");
 script_summary(english:"Checks for the behavior of OpenSSL");

 script_set_attribute(attribute:"synopsis", value:
"The remote service uses a library that is affected by a buffer
overflow vulnerability.");
 script_set_attribute(attribute:"description", value:
"The remote service seems to be using a version of OpenSSL that is
older than 0.9.6e or 0.9.7-beta3.

Such versions are affected by a buffer overflow that may allow an
attacker to execute arbitrary commands on the remote host with the
privileges of the application itself.");
 script_set_attribute(attribute:"solution", value:"Upgrade to OpenSSL version 0.9.6e / 0.9.7beta3 or later.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_core", value:"true");
 script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
 script_set_attribute(attribute:"canvas_package", value:'CANVAS');

 script_set_attribute(attribute:"plugin_publication_date", value:"2002/08/05");
 script_set_attribute(attribute:"patch_publication_date", value:"2002/07/30");
 script_set_attribute(attribute:"vuln_publication_date", value:"2001/07/10");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl");
 script_end_attributes();

 script_category(ACT_MIXED_ATTACK);
 script_copyright(english:"This script is Copyright (C) 2002-2020 Solar Eclipse / Renaud Deraison");
 script_family(english:"Gain a shell remotely");
 script_dependencies("ssl_supported_versions.nasl");
 script_require_keys("SSL/Supported");

 exit(0);
}

include("byte_func.inc");
include("ftp_func.inc");
include("global_settings.inc");
include("kerberos_func.inc");
include("ldap_func.inc");
include("misc_func.inc");
include("nntp_func.inc");
include("smtp_func.inc");
include("ssl_funcs.inc");
include("telnet2_func.inc");

if ( safe_checks() && report_paranoia < 2 ) exit(0);

#------------------------------ Consts ----------------------#
client_hello = raw_string(
0x80, 0x31, 0x01, 0x00,
0x02,  0x00, 0x18,0x00,
0x00,  0x00, 0x10,0x07,
0x00, 0xC0, 0x05, 0x00,
0x80, 0x03, 0x00, 0x80,
0x01, 0x00, 0x80, 0x08,
0x00, 0x80, 0x06, 0x00,
0x40, 0x04, 0x00, 0x80,
0x02, 0x00, 0x80, 0xE4,
0xBD, 0x00, 0x00, 0xA4,
0x41, 0xB6, 0x74, 0x71,
0x2B, 0x27, 0x95, 0x44,
0xC0, 0x3D, 0xC0);


poison = raw_string(
0x80,0x5a,0x2,0x7,
0x0,0xc0,0x0,0x0,
0x0,0x40,0x0,0x10,
0x19,0x53,0xf,0x55,
0x5e,0xaa,0x68,0x71,
0x3,0x27,0x4,0x5a,
0x1f,0x5,0xea,0x33,
0x29,0x5b,0xb9,0x3f,
0x7d,0x28,0xe6,0x4c,
0xd4,0xb3,0x8e,0x36,
0x44,0xb5,0x86,0x6c,
0x6c,0x6,0xc1,0x5c,
0x45,0x73,0xb8,0x11,
0x55,0x23,0x3e,0x2a,
0x52,0xe0,0x52,0x30,
0xda,0xf8,0xee,0x15,
0x79,0xe1,0x3c,0x68,
0x36,0xd1,0x14,0x26,
0xae,0xd4,0x30,0x2,
0x0,0x0,0x0,0x0,
0x4,0x0,0x0,0x0,
0x41,0x41,0x41,0x41,
0x41,0x41,0x41,0x41);


big_poison = raw_string(
0x81, 0xca, 0x2, 0x7,
0x0, 0xc0, 0x0, 0x0,
0x0, 0x40, 0x1, 0x80,
0xa4, 0x20, 0xb4, 0x44,
0xd, 0xe, 0x7c, 0x5,
0xc2, 0x21, 0x28, 0x4d,
0xd3, 0xab, 0x6b, 0x72,
0x10, 0xa3, 0x64, 0x7e,
0x9, 0x7e, 0xe8, 0x28,
0xe, 0x98, 0x5a, 0x5,
0x2f, 0x32, 0xbb, 0xa,
0x3c, 0xe0, 0x58, 0x5a,
0xc5, 0xf1, 0x91, 0x36,
0x1a, 0x27, 0x2c, 0x37,
0x4b, 0xc2, 0xd2, 0x49,
0x28, 0xc4, 0xf1, 0x76,
0x41, 0xe5, 0xa4, 0x2d,
0xe6, 0x9a, 0x55, 0x7e,
0x27, 0x38, 0x89, 0x13,
0x0, 0x0, 0x0, 0x0,
0x4, 0x0, 0x0, 0x0,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41);



#-------- The code. We need the check what happens on each port ------------#

moderate_report =
"Note that since safe checks are enabled, this check might be fooled by
non-openssl implementations and produce a false positive.
In doubt, re-execute the scan without the safe checks";

get_kb_item_or_exit("SSL/Supported");

port = get_ssl_ports(fork:TRUE);
if (isnull(port))
  exit(1, "The host does not appear to have any SSL-based services.");

# Find out if the port is open.
if (!get_port_state(port))
  exit(0, "Port " + port + " is not open.");

# Connect to the port, issuing the StartTLS command if necessary.
soc = open_sock_ssl(port);
if (!soc)
  exit(1, "open_sock_ssl() returned NULL for port " + port + ".");

send(socket:soc, data:client_hello);
buf = recv(socket:soc, length:8192);
if(!strlen(buf))exit(0);
send(socket:soc, data:poison);
buf = recv(socket:soc, length:10);
close(soc);
if(safe_checks())
{
if(strlen(buf) > 5)security_hole(port:port, extra: moderate_report);
}
else
{
 if(strlen(buf) > 5)
 {
  # Connect to the port, issuing the StartTLS command if necessary.
  soc = open_sock_ssl(port);
  if (!soc)
    exit(1, "open_sock_ssl() returned NULL for port " + port + ".");

  send(socket:soc, data:client_hello);
  buf = recv(socket:soc, length:8192);
  if(!strlen(buf))exit(0);
  n = send(socket:soc, data:big_poison);
  if ( n != strlen(big_poison) ) exit(0);

  buf = recv(socket:soc, length:4096);
  close(soc);
  if(strlen(buf) == 0)security_hole(port);
 }
}
  • NASL familyWeb Servers
    NASL idOPENSSL_0_9_5A.NASL
    descriptionAccording to its banner, the version of OpenSSL running on the remote host is less than 0.9.5a. On a FreeBSD system running on the Alpha architecture, versions earlier than that may not use the /dev/random and /dev/urandom devices to provide a strong source of cryptographic entropy, which could lead to the generation of keys with weak cryptographic strength.
    last seen2020-06-01
    modified2020-06-02
    plugin id17707
    published2011-11-18
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17707
    titleOpenSSL < 0.9.5a /dev/random Check Failure
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(17707);
  script_version("1.7");
  script_cvs_date("Date: 2018/07/17 12:00:07");

  script_cve_id("CVE-2000-0535");
  script_bugtraq_id(1340);

  script_name(english:"OpenSSL < 0.9.5a /dev/random Check Failure");
  script_summary(english:"Checks the version of OpenSSL");

  script_set_attribute(attribute:"synopsis", value:
"The remote host uses a version of OpenSSL that may have weak
encryption keys.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the version of OpenSSL running on the remote
host is less than 0.9.5a. On a FreeBSD system running on the Alpha
architecture, versions earlier than that may not use the /dev/random
and /dev/urandom devices to provide a strong source of cryptographic
entropy, which could lead to the generation of keys with weak
cryptographic strength.");
  script_set_attribute(attribute:"see_also", value:"http://cvs.openssl.org/fileview?f=openssl/CHANGES&v=1.514");
  # https://web.archive.org/web/20000819114726/http://archives.neohapsis.com/archives/freebsd/2000-06/0083.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?16bc8320");
  script_set_attribute(attribute:"solution", value:
"Upgrade OpenSSL to version 0.9.5a or higher and re-generate encryption
keys.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/05/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/18");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");

  script_dependencie("http_version.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/www", 443);

  exit(0);
}

include("audit.inc");
include("backport.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_http_port(default:80);
banner = get_backport_banner(banner:get_http_banner(port:port));
if (!banner) exit(1, "Unable to get the banner from web server on port "+port+".");

if (!egrep(string:banner, pattern:'^Server:'))
  exit(1, "The web server on port "+port+" doesn't return a Server response header.");
if ("OpenSSL/" >!< banner)
  exit(1, "The Server response header for the web server on port "+port+" doesn't mention OpenSSL.");

pat = "^Server:.*OpenSSL/([^ ]+)";
version = "";

foreach line (split(banner, sep:'\r\n', keep:FALSE))
{
  match = eregmatch(pattern:pat, string:line);
  if (!isnull(match))
  {
    version = match[1];
    break;
  }
}
if (isnull(version)) exit(0, "Failed to extract the version of OpenSSL used by the web server on port "+port+".");

# Anything less than 0.9.5a.
if (version =~ "^0\.9\.([0-4]|5([^a-z0-9]|$))")
{
  if (report_verbosity > 0)
  {
    report =
      '\nOpenSSL version '+version+' appears to be running on the remote\n'+
      'host based on the following Server response header :\n\n'+
      '  '+line+'\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
  exit(0);
}
else exit(0, 'The web server on port ' +port+ ' uses OpenSSL '+version+', which is not affected.');
  • NASL familyMisc.
    NASL idOPENSSH_210.NASL
    descriptionAccording to its banner, the version of OpenSSH running on the remote host is less than 2.1.0. On a FreeBSD system running on the Alpha architecture, versions earlier than that may not use the /dev/random and /dev/urandom devices to provide a strong source of cryptographic entropy, which could lead to the generation of keys with weak cryptographic strength.
    last seen2020-06-01
    modified2020-06-02
    plugin id17700
    published2011-11-18
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17700
    titleOpenSSH < 2.1.0 /dev/random Check Failure
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(17700);
  script_version("1.8");
  script_cvs_date("Date: 2018/11/15 20:50:23");

  script_cve_id("CVE-2000-0535");
  script_bugtraq_id(1340);

  script_name(english:"OpenSSH < 2.1.0 /dev/random Check Failure");
  script_summary(english:"Checks the version of OpenSSH");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is running a version of SSH that may have weak
encryption keys.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the version of OpenSSH running on the remote
host is less than 2.1.0. On a FreeBSD system running on the Alpha
architecture, versions earlier than that may not use the /dev/random
and /dev/urandom devices to provide a strong source of cryptographic
entropy, which could lead to the generation of keys with weak
cryptographic strength.");
  script_set_attribute(attribute:"see_also", value:"http://cvs.openssl.org/fileview?f=openssl/CHANGES&v=1.514");
  # https://web.archive.org/web/20000819114726/http://archives.neohapsis.com/archives/freebsd/2000-06/0083.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?16bc8320");
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dca3a5e9");
  script_set_attribute(attribute:"solution", value:
"Upgrade OpenSSH to version 2.1.0 or higher / OpenSSL to version 0.9.5a
or higher and re-generate encryption keys.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/05/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/18");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:openbsd:openssh");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");

  script_dependencies("ssh_detect.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/ssh");

  exit(0);
}

include("audit.inc");
include("backport.inc");
include("global_settings.inc");
include("misc_func.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

# Ensure the port is open.
port = get_service(svc:"ssh", exit_on_fail:TRUE);

# Get banner for service.
banner = get_kb_item_or_exit("SSH/banner/"+port);

bp_banner = tolower(get_backport_banner(banner:banner));
if ("openssh" >!< bp_banner) exit(0, "The SSH service on port "+port+" is not OpenSSH.");
if (backported) exit(1, "The banner from the OpenSSH server on port "+port+" indicates patches may have been backported.");

# Check the version in the backported banner.
match = eregmatch(string:bp_banner, pattern:"openssh[-_]([0-9][-._0-9a-z]+)");
if (isnull(match)) exit(1, "Could not parse the version string in the banner from port "+port+".");
version = match[1];

match = eregmatch(string:version, pattern:"^([0-9.]+)");
if (isnull(match)) exit(1, 'Failed to parse the version (' + version + ') of the service listening on port '+port+'.');

fix = "2.1.0";
if (ver_compare(ver:match[1], fix:fix, strict:FALSE) == -1)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Version source    : ' + banner +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : ' + fix +
      '\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
}
else exit(0, "The OpenSSH version "+version+" server listening on port "+port+" is not affected.");

References