Article 10908 at 07/10/19 03:04:52 From: kenmarcus (at mark) precisionweb.net Subject: [coba-e:10908] ssh vulnerability question

Index: [Article Count Order] [Thread]

Date:  Thu, 18 Oct 2007 11:04:35 -0700
From:  "Ken Marcus - Precision Web Hosting, Inc." <kenmarcus (at mark) precisionweb.net>
Subject:  [coba-e:10908] ssh vulnerability question
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <091801c811b1$58c50690$6700a8c0@OfficeKen>
References:  <bb9e5a970710161411o6659e0atd46dda2d838bad62 (at mark) mail.gmail.com> <002601c8104c$ec6107c0$1e64a8c0 (at mark) nuonce.net> <bb9e5a970710171636g4a4e4564i72569ed2d8fe87db (at mark) mail.gmail.com>
X-Mail-Count: 10908


Scanalert.com is showing a vulnerability for SSH where
GssapiAuthentication is set to yes

http://www.openssh.com/txt/release-4.4
Solution : Upgrade to OpenSSH 4.4 or later.
Risk factor :  High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVE : CVE-2006-5051, CVE-2006-5052
BID : 20241, 20245
Other references : OSVDB:29264 


Is this actually a vulnerability?

(I did disable the GssapiAuthentication since I don't use it.)



----
Ken Marcus
Ecommerce Web Hosting by
Precision Web Hosting, Inc.
http://www.precisionweb.net