Hi folks,
When running Foundstone scan against an appliance with
SSH-1.99-OpenSSH_3.8p1, it flags the following as a high risk
vulnerability:
-------------------------
CVE: CAN-2000-0999
Name: SSH BSD Format String Root Buffer Overflow Vulnerability
Description: A format string vulnerability in SSH may allow remote root
access.
Observation:
The Secure Shell (sshd) daemon, used for remote administration on the
identified BSD system contains multiple printf format string
vulnerabilities. This allows local attackers to execute arbitrary code
and thereby escalate privileges to root level.
--------------------------
Since this vulnerability is so old, and a patch for it has been known to
exist for almost as long
(ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch),
I would conclude that this likely is no longer a problem, and the
Foundstone scan result is a false positive. However, I've been unable to
find documented evidence that this has been fixed. Does anyone know for
sure and/or can point me to the proof?
Thanks in advance,
Darryle
--
___________________________________________________________________________
Darryle Merlette, CISSP NIKSUN, Inc.
Tel: +1 732 821-5000 x3324 http://www.niksun.com
Cel: +1 908 510-3574 1100 Cornwall Road
Fax: +1 732 821-6000 Monmouth Junction, NJ 08852 USA
"There are 10 types of people. Those who know binary, and those who
don't."
___________________________________________________________________________