topic Re: SSH vulnerability detected, please verify. in Firewall and Security Management

SSH vulnerability detected, please verify.

Vladimir — Sat, 03 Feb 2018 20:01:27 GMT

I've been using Nmap vulners plugin for the past months and it seem to be pretty accurate, so I am a bit concerned with the results of today's scan of my lab network:

Nessus sees mostly nuisance vulnerabilities and does not complain about CVE-2006-5051:

The rating of 9.3 is listed here: NVD - CVE-2006-5051 it was modified on 10/10/2017.

Re: SSH vulnerability detected, please verify.

PhoneBoy — Sat, 03 Feb 2018 20:20:31 GMT

The problem with most vulnerability scanners is they just say "On, you're running OpenSSH 4.3" and therefore must be vulnerable to this laundry list of CVEs without actually checking if it's a real issue or not.

Even though we're still running OpenSSH 4.3, we've patched the issue.

Refer to: Check Point response to OpenSSH vulnerabilities: CVE-2006-5051 and CVE-2006-4924

Re: SSH vulnerability detected, please verify.

Vladimir — Sat, 03 Feb 2018 20:24:00 GMT

Last update on CP in the link you have included is from 15-May-2014. The reclassification happen on 10/10/2017.

Re: SSH vulnerability detected, please verify.

Vladimir — Sat, 03 Feb 2018 20:25:31 GMT

That being said, the statement is still valid, maybe SK date should simply be updated.

Re: SSH vulnerability detected, please verify.

PhoneBoy — Sat, 03 Feb 2018 20:34:44 GMT

NVD may have changed the classification for the problem in October 2017, but the underlying issue (and fix) is the same as it was back in 2006 when the issue was first discovered.

Thus there's nothing to update in the SK.

Re: SSH vulnerability detected, please verify.

Vladimir — Sat, 03 Feb 2018 20:36:49 GMT

Very well. Can you delete this post?

Re: SSH vulnerability detected, please verify.

PhoneBoy — Sat, 03 Feb 2018 23:58:41 GMT

Don't see a reason to delete it as the general topic is bound to come up again.

It sure did in the days I worked in the TAC