[Touch-packages] [Bug 1929758] Re: OpenSSH vulnerabilities

Fri, 28 May 2021 13:05:46 -0700 

Great, thanks Ian.

** Package changed: ubuntu => openssh (Ubuntu)

** Changed in: openssh (Ubuntu)
       Status: Incomplete => Invalid

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1929758

Title:
  OpenSSH vulnerabilities

Status in openssh package in Ubuntu:
  Invalid

Bug description:
  Hi,

  I was using NMAP to scan my Ubuntu server and it listed some
  vulnerabilities in OpenSSH. It also came up with exploits against
  these vulnerabilities.

  On my home network, I have several computers that I use for various
  purposes; a Ubuntu 20.04 LTS computer and Kali Linux computer being
  the subject for this email. I wanted to test if I had any security
  issues on my Ubuntu computer so I was doing some scans on it from my
  Kali computer. I did a scan with NMAP and it produced some
  vulnerabilities in OpenSSH and what exploits to use. Here is some info
  on my computers and the NMAP command that I used:

  ~$ lsb_release -a
  No LSB modules are available.
  Distributor ID:       Ubuntu
  Description:  Ubuntu 20.04.2 LTS
  Release:      20.04
  Codename:     focal

  ─$ lsb_release -a
  No LSB modules are available.
  Distributor ID:       Kali
  Description:  Kali GNU/Linux Rolling
  Release:      2021.1
  Codename:     kali-rolling

  ~$ ssh -V
  OpenSSH_8.2p1 Ubuntu-4ubuntu0.2, OpenSSL 1.1.1f  31 Mar 2020

  ~$ apt-cache policy ssh
  ssh:
    Installed: (none)
    Candidate: 1:8.2p1-4ubuntu0.2
    Version table:
       1:8.2p1-4ubuntu0.2 500
          500 http://ca.archive.ubuntu.com/ubuntu focal-updates/main amd64 
Packages
          500 http://ca.archive.ubuntu.com/ubuntu focal-security/main amd64 
Packages
       1:8.2p1-4 500
          500 http://ca.archive.ubuntu.com/ubuntu focal/main amd64 Packages

  
  ─$ sudo nmap -sV --script vuln 192.168.0.10
  Starting Nmap 7.91 ( https://nmap.org ) at 2021-05-26 17:26 PDT
  Pre-scan script results:
  | broadcast-avahi-dos: 
  |   Discovered hosts:
  |     224.0.0.251
  |   After NULL UDP avahi packet DoS (CVE-2011-1002).
  |_  Hosts are all up (not vulnerable).
  Nmap scan report for 192.168.0.10
  Host is up (0.00017s latency).
  Not shown: 995 filtered ports
  PORT    STATE  SERVICE  VERSION
  20/tcp  closed ftp-data
  21/tcp  closed ftp
  22/tcp  open   ssh      OpenSSH 8.2p1 Ubuntu 4ubuntu0.2 (Ubuntu Linux; 
protocol 2.0)
  | vulners: 
  |   cpe:/a:openbsd:openssh:8.2p1: 
  |             EDB-ID:21018    10.0    
https://vulners.com/exploitdb/EDB-ID:21018      *EXPLOIT*
  |             CVE-2001-0554   10.0    https://vulners.com/cve/CVE-2001-0554
  |             CVE-2020-15778  6.8     https://vulners.com/cve/CVE-2020-15778
  |             CVE-2020-12062  5.0     https://vulners.com/cve/CVE-2020-12062
  |             CVE-2021-28041  4.6     https://vulners.com/cve/CVE-2021-28041
  |             MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145/     4.3     
https://vulners.com/metasploit/MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145/      
*EXPLOIT*
  |             MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145/      4.3     
https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145/
       *EXPLOIT*
  |             MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145/      4.3     
https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145/
       *EXPLOIT*
  |             MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145/      4.3     
https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145/
       *EXPLOIT*
  |             MSF:ILITIES/F5-BIG-IP-CVE-2020-14145/   4.3     
https://vulners.com/metasploit/MSF:ILITIES/F5-BIG-IP-CVE-2020-14145/    
*EXPLOIT*
  |             CVE-2020-14145  4.3     https://vulners.com/cve/CVE-2020-14145
  |_            MSF:AUXILIARY/SCANNER/SSH/FORTINET_BACKDOOR/    0.0     
https://vulners.com/metasploit/MSF:AUXILIARY/SCANNER/SSH/FORTINET_BACKDOOR/     
*EXPLOIT*
  80/tcp  open   http     Apache httpd
  |_http-csrf: Couldn't find any CSRF vulnerabilities.
  |_http-dombased-xss: Couldn't find any DOM based XSS.
  |_http-server-header: Apache
  |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
  443/tcp open   ssl/http Apache httpd
  |_http-csrf: Couldn't find any CSRF vulnerabilities.
  |_http-dombased-xss: Couldn't find any DOM based XSS.
  |_http-server-header: Apache
  |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
  |_sslv2-drown: 
  MAC Address: 00:15:C5:F6:5D:94 (Dell)
  Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

  Service detection performed. Please report any incorrect results at 
https://nmap.org/submit/ .
  Nmap done: 1 IP address (1 host up) scanned in 80.86 seconds

  Thanks,
  Ian

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1929758/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to