Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
low complexity
ssh
nessus
exploit available
Published: 2001-06-27
Updated: 2008-09-05
Summary
SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not log repeated login attempts, which could allow remote attackers to compromise accounts without detection via a brute force attack.
Vulnerable Configurations
| Part | Description | Count |
| Application | Ssh | 31 |
Exploit-Db
| description | SSH 1.2.30 Daemon Logging Failure Vulnerability. CVE-2001-0471. Remote exploit for unix platform |
| id | EDB-ID:20615 |
| last seen | 2016-02-02 |
| modified | 2001-02-05 |
| published | 2001-02-05 |
| reporter | Jose Nazario |
| source | https://www.exploit-db.com/download/20615/ |
| title | SSH 1.2.30 Daemon Logging Failure Vulnerability |
Nessus
| NASL family | Gain a shell remotely |
| NASL id | SSH_BRUTEFORCE.NASL |
| description | The remote host is running SSH Communications Security SSH 1.2.30 or older. The remote version of this software does not log repeated login attempts, which could allow remote attackers to compromise accounts without detection via a brute-force attack. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11341 |
| published | 2003-03-10 |
| reporter | This script is Copyright (C) 2003-2018 Xue Yong Zhi |
| source | https://www.tenable.com/plugins/nessus/11341 |
| title | SSH1 SSH Daemon Logging Failure |
| code | #
# This script was written by Xue Yong Zhi<[email protected]>
#
# See the Nessus Scripts License for details
#
# Changes by Tenable
# - Updated to use compat.inc (11/20/2009)
include("compat.inc");
if(description)
{
script_id(11341);
script_version ("1.16");
script_cve_id("CVE-2001-0471");
script_bugtraq_id(2345);
name["english"] = "SSH1 SSH Daemon Logging Failure";
script_name(english:name["english"]);
script_set_attribute(attribute:"synopsis", value:
"The remote SSH server does not properly log repeated logins attempts." );
script_set_attribute(attribute:"description", value:
"The remote host is running SSH Communications Security SSH 1.2.30 or
older.
The remote version of this software does not log repeated login
attempts, which could allow remote attackers to compromise accounts
without detection via a brute-force attack." );
#https://web.archive.org/web/20010311131915/http://archives.neohapsis.com/archives/bugtraq/2001-02/0084.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dc4157ec" );
script_set_attribute(attribute:"solution", value:
"Upgrade the remote SSH server to the newest version available from
SSH.com" );
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value: "2003/03/10");
script_set_attribute(attribute:"vuln_publication_date", value: "2001/02/05");
script_cvs_date("Date: 2018/07/30 15:31:32");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
summary["english"] = "Checks for the remote SSH version";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2003-2018 Xue Yong Zhi");
family["english"] = "Gain a shell remotely";
script_family(english:family["english"]);
script_dependencie("ssh_detect.nasl");
script_require_ports("Services/ssh", 22);
exit(0);
}
#
# The script code starts here
#
include("backport.inc");
port = get_kb_item("Services/ssh");
if(!port)port = 22;
banner = get_kb_item("SSH/banner/" + port );
if ( ! banner ) exit(0);
banner = get_backport_banner(banner:banner);
if ( "openssh" >< tolower(banner) ) exit(0);
#Looking for SSH product version number from 1.0 to 1.2.30
if(ereg(string:banner,
pattern:"^SSH-[0-9]\.[0-9]+-1\.([0-1]|[0-1]\..*|2\.([0-9]|1[0-9]|2[0-9]|30))[^0-9]*$", icase:TRUE))security_hole(port);
|