Think you have a false positive on this rule?

Sid 128-1

Summary

This event is generated when an attempt is made to exploit a known vulnerability in OpenSSH.

Impact

Denial of Service. Information disclosure. Loss of integrity. Complete admin access.

Detailed Information

Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt).

Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.

This event can be controlled using the ((ssh)) configuration options.

Affected Systems

  • OpenBSD OpenSSH 1.2.2
  • OpenBSD OpenSSH 1.2.3
  • OpenBSD OpenSSH 2.1
  • OpenBSD OpenSSH 2.1.1
  • OpenBSD OpenSSH 2.2
  • OpenBSD OpenSSH 2.3
  • OpenBSD OpenSSH 2.5
  • OpenBSD OpenSSH 2.5.1
  • OpenBSD OpenSSH 2.5.2
  • OpenBSD OpenSSH 2.9
  • OpenBSD OpenSSH 2.9.9
  • OpenBSD OpenSSH 2.9p1
  • OpenBSD OpenSSH 2.9p2
  • OpenBSD OpenSSH 3.0
  • OpenBSD OpenSSH 3.0.1
  • OpenBSD OpenSSH 3.0.1p1
  • OpenBSD OpenSSH 3.0.2
  • OpenBSD OpenSSH 3.0.2p1
  • OpenBSD OpenSSH 3.0p1
  • OpenBSD OpenSSH 3.1
  • OpenBSD OpenSSH 3.1p1
  • OpenBSD OpenSSH 3.2
  • OpenBSD OpenSSH 3.2.2p1
  • OpenBSD OpenSSH 3.2.3p1
  • OpenBSD OpenSSH 3.3
  • OpenBSD OpenSSH 3.3p1

Attack Scenarios

Ease of Attack

Simple. Exploits exist.

False Positives

None known.

False Negatives

None known.

Corrective Action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Sourcefire Vulnerability Research Team
  • This document was generated from data supplied by the National Vulnerability Database, a product of the National Institute of Standards and Technology.
  • For more information see NVD

Additional References