ID CVE-2004-1653
Summary The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
References
Vulnerable Configurations
  • OpenBSD OpenSSH 3.9
    cpe:2.3:a:openbsd:openssh:3.9
CVSS
Base: 6.4 (as of 31-05-2005 - 20:56)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
nessus via4
  • NASL family Misc.
    NASL id SUNSSH_PLAINTEXT_RECOVERY.NASL
    description The version of SunSSH running on the remote host has an information disclosure vulnerability. A design flaw in the SSH specification could allow a man-in-the-middle attacker to recover up to 32 bits of plaintext from an SSH-protected connection in the standard configuration. An attacker could exploit this to gain access to sensitive information. Note that this version of SunSSH is also prone to several additional issues but Nessus did not test for them.
    last seen 2019-02-21
    modified 2018-07-31
    plugin id 55992
    published 2011-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55992
    title SunSSH < 1.1.1 / 1.3 CBC Plaintext Disclosure
  • NASL family Misc.
    NASL id OPENSSH_TCP_FORWARDING.NASL
    description According to its banner, the remote host is running OpenSSH, version 2.3.0 or later. Such versions of OpenSSH allow forwarding TCP connections. If the OpenSSH server is configured to allow anonymous connections (e.g. AnonCVS), remote, unauthenticated users could use the host as a proxy.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 17744
    published 2011-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17744
    title OpenSSH >= 2.3.0 AllowTcpForwarding Port Bouncing
refmap via4
bugtraq 20040831 SSHD / AnonCVS Nastyness
osvdb 9562
sectrack 1011143
xf openssh-port-bounce(17213)
statements via4
contributor Tomas Hoger
lastmodified 2009-11-25
organization Red Hat
statement Permitting TCP forwarding is the expected and known default configuration. If it is not desired, it can disabled using the AllowTcpForwarding option in the /etc/ssh/sshd_config configuration file. However, only disabling TCP forwarding does not improve security unless users are also denied shell access. For more information, see man sshd_config.
the hacker news via4
id THN:40526DA432A70837B02920D544EFE6D8
last seen 2018-01-27
modified 2016-10-14
published 2016-10-13
reporter Mohit Kumar
source https://thehackernews.com/2016/10/sshowdown-iot-security.html
title 12-Year-Old SSH Bug Exposes More than 2 Million IoT Devices
Last major update 17-10-2016 - 22:58
Published 31-08-2004 - 00:00
Last modified 10-07-2017 - 21:31
Back to Top