HPE Community
Operating System - HP-UX
1819791 Members
3155 Online
109607 Solutions
New Discussion юеВ

pam_ssh login security issue in HP-UX

 
Harikrishnan L
Frequent Advisor

тАО08-01-2010 09:40 PM

тАО08-01-2010 09:40 PM

pam_ssh login security issue in HP-UX

HI Friends,

We are scanned our hp-unix machines(11.00,11.23 and 11.31)using Nesses tool. It gives the below security risk alert. Kindly help me to close this vulnerability.


pam_ssh Login Prompt Remote Username Enumeration

Synopsis :

The remote host is running a SSH server with an information
disclosure vulnerability.

Description :

The remote host is running a SSH server that responds differently to
login attempts depending on whether or not a valid username is
given. This is likely due to a vulnerable version of pam_ssh.
A remote attacker could use this to enumerate valid usernames,
which could be used to mount further attacks.
See also :
http://bugs.gentoo.org/show_bug.cgi?id=263579

Solution :
There is no known solution at this time.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE :
CVE-2009-1273
BID : 34333

Other references :
Secunia:34536, OSVDB:53693

Nessus ID : 38197


0 Kudos
Reply
5 REPLIES 5
Wim Rombauts
Honored Contributor

тАО08-01-2010 10:59 PM

тАО08-01-2010 10:59 PM

Re: pam_ssh login security issue in HP-UX

Maybe you could tell us what version of ssh you are using (swlist -l product | grep -i -e pam -e ssh).

At my end, ssh reacts no differently for existing or nonexisting usernames.
0 Kudos
Reply
Kapil Jha
Honored Contributor

тАО08-01-2010 11:03 PM

тАО08-01-2010 11:03 PM

Re: pam_ssh login security issue in HP-UX

can you check if you have pam_ssh.so file in the server.
If not then probably its OK to ignore.

BR,
Kapil+

I am in this small bowl, I wane see the real world......
0 Kudos
Reply
Kapil Jha
Honored Contributor

тАО08-01-2010 11:12 PM

тАО08-01-2010 11:12 PM

Re: pam_ssh login security issue in HP-UX

whats your /etc/pam.conf says
it should be having 3 section
Account/Authentication/Password and Session Management

what does sshd line says there

from pam_hpsec(5) it seems that hpsec is the module which actually comes above all other authentication.

I do not see any specific libpam_ssh.so in my server i suppose its being handles by hpsec only.

BR,
Kapil+
I am in this small bowl, I wane see the real world......
0 Kudos
Reply
Harikrishnan L
Frequent Advisor

тАО08-06-2010 02:04 AM

тАО08-06-2010 02:04 AM

Re: pam_ssh login security issue in HP-UX

Hi fokes,

Problem solved after installed the latest version of ssh and ssl
0 Kudos
Reply
Mick_chair
Advisor

тАО09-08-2010 06:44 AM

тАО09-08-2010 06:44 AM

Re: pam_ssh login security issue in HP-UX

Hi - Where did you get it from and what version ?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.