|
|
Info |
Last Modified |
| 5 months ago |
|
|
|
|
Description |
OpenSSH contains a flaw that may allow a authenticated attacker to perform a port bouncing attack. The issue is triggered when the 'AllowTcpForwarding' option is enabled in the sshd_config file. This may make it possible for a malicious user to use SSH to access an anonymous service (i.e. AnonCVS) and forward connections to arbitrary ports via this vulnerable service.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Misconfiguration
Impact:
Loss of Confidentiality,
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Technical |
An attacker must supply valid authentication credentials in order to exploit this vulnerability. This could be an issue for any site with a "well known" login
credentials like "anoncvs", or become a potential problem
for other no-shell type logins for ssh services.
|
|
Solution |
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: change AllowTcpForwarding option to "no" in sshd_config file.
|
|
Products |
|
OpenSSH
 |
3.9 |
|
|
|
|
Credit |
- Dragos Ruiu - dr
 kyx.ne - PacSec
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
