Results 1 to 2 of 2

Thread: OpenSSH Vulnerability Issue

  1. #1
    Join Date
    Apr 2008

    OpenSSH Vulnerability Issue

    Hello All -

    During a security scan on one of my Ubuntu 10.04 servers, a vulnerability was reported. The report mentions that it is due to the version of OpenSSH(Ver 5.3) that comes with the above Ubuntu Server. The vulnerability details are given below

    Level: Critical

    OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.

    #1) I'm not sure if the vulnerability is applicable to the version I'm using, even though the scan has flagged it and recommended I upgrade to OpenSSH 5.9.

    #2) To test out the procedure, just in case my client insists, I did a test upgrade on one of my other servers. Below is the sequence of steps that I used, please kindly let me know if you see that I'm missing something.

    sudo cp -r ~/.ssh ~/backup/
    cd /usr/local
    sudo wget
    ./configure --with-kerberos5 --with-md5-passwords 
    (No --with-pam)
    make install
    The above sequence of steps upgraded my ssh server to 5.9. Not sure, if that is all I need or do I have to do anything else.

    Any replies or suggestions are much appreciated.

    Last edited by sanjaymk; March 14th, 2012 at 04:18 AM.

  2. #2
    Join Date
    Mar 2012

    Re: OpenSSH Vulnerability Issue

    What did you use to run your security scan?

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts