Re: [Openvas-discuss] FP: OpenSSH 'auth_password' Denial of Service Vulnerability

Sun, 02 Oct 2016 06:19:50 -0700 

On 10/02/2016 02:55 PM, Reindl Harald wrote:
> Am 02.10.2016 um 13:20 schrieb Christian Fischer:
>> On 10/02/2016 01:02 PM, Reindl Harald wrote:
>>> besides that i doubt on a server responding with "Permission denied
>>> (publickey)" (means: no password auth) "The flaw exists due to the
>>> auth_password function in 'auth-passwd.c' script does not limit password
>>> lengths for password authentication" can be triggered
>>
>> the linux NVT has a QoD of 30% which means it is not shown by default
>> unless you're configure your filter to show results from NVTs prone to
>> false positives.
> 
> well, why is the Windows NVT shown at all on Fedora machines :-)
> 
> NVT: OpenSSH 'auth_password' Denial of Service Vulnerability (Windows)
> (OID: 1.3.6.1.4.1.25623.1.0.809121)
> 
> Vulnerability Detection Result
> Best matching OS:
> cpe:/o:linux:kernel
> Found by NVT 1.3.6.1.4.1.25623.1.0.102002 (Detects remote operating
> system version)
> Other OS detections (in order of reliability):
> OS: cpe:/o:microsoft:windows found by 1.3.6.1.4.1.25623.1.0.102002
> (Detects remote operati?
> ng system version)
> 

Outsch, have missed the "(Windows)" in your initial mail (yeah, its
Sunday :-)).

Strange that the OS is correctly detected as Linux but the:

## exit, if its not Windows
if(host_runs("Windows") != "yes") exit(0);

doesn't kick in. Will have a look at this at Tuesday, thanks for the notice.

>> Besides that you can configure your sshd_conf to contain something like:
>>
>> *snip*
>> PasswordAuthentication no
>>
>> Match User foo
>>         PasswordAuthentication yes
>>
>> *snip*
>>
>> which means that your server would be still vulnerable even if the
>> initial connection from OpenVAS has identified "Permission denied
>> (publickey)".
>>
>> Nothing to be done here from my PoV.
>> Regards


-- 

Christian Fischer | Greenbone Networks GmbH | http://greenbone.net
Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Reply via email to