SSH weak-point analysis

DaxStox · April 2, 2014, 1:09pm

Hello world,

Im using RB493 + 5.19 fw and I have the following weak-point analysis on the SSH protocol:

OpenSSH < 3.0.2 Multiple Vulnerabilities
OpenSSH < 3.1 Channel Code Off by One Remote Privilege Escalation
OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
OpenSSH < 3.4 Multiple Remote Overflows
OpenSSH < 3.6.2 Reverse DNS Lookup Bypass
OpenSSH < 3.7.1 Multiple Vulnerabilities
OpenSSH < 3.6.1p2 Multiple Vulnerabilities
OpenSSH X11 Forwarding Session Hijacking
OpenSSH < 5.2 CBC Plaintext Disclosure
OpenSSH < 2.5.2 / 2.5.2p2 Multiple Information Disclosure Vulnerabilities
OpenSSH < 2.9.9p1 Resource Limit Bypass
OpenSSH < 2.9.9p2 echo simulation Information Disclosure
OpenSSH < 3.2.3 YP Netgroups Authentication Bypass
OpenSSH With OpenPAM DoS
OpenSSH < 4.3 scp Command Line Filename Processing Command Injection
OpenSSH < 4.5 Multiple Vulnerabilities
OpenSSH < 4.7 Trusted X11 Cookie Connection Policy Bypass
OpenSSH < 4.9 “ForceCommand” Directive Bypass
OpenSSH < 3.0.1 Multiple Flaws
OpenSSH < 3.0.2 Multiple Vulnerabilities
OpenSSH < 3.1 Channel Code Off by One Remote Privilege Escalation
OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
OpenSSH < 3.4 Multiple Remote Overflows
OpenSSH < 3.6.2 Reverse DNS Lookup Bypass
OpenSSH < 3.7.1 Multiple Vulnerabilities
OpenSSH < 3.6.1p2 Multiple Vulnerabilities
OpenSSH X11 Forwarding Session Hijacking
OpenSSH < 5.2 CBC Plaintext Disclosure
OpenSSH < 2.5.2 / 2.5.2p2 Multiple Information Disclosure Vulnerabilities
OpenSSH < 2.9.9p1 Resource Limit Bypass
OpenSSH < 2.9.9p2 echo simulation Information Disclosure
OpenSSH < 3.2.3 YP Netgroups Authentication Bypass
OpenSSH With OpenPAM DoS
OpenSSH < 4.3 scp Command Line Filename Processing Command Injection
OpenSSH < 4.5 Multiple Vulnerabilities
OpenSSH < 4.7 Trusted X11 Cookie Connection Policy Bypass
OpenSSH < 4.9 “ForceCommand” Directive Bypass
OpenSSH < 3.6.1p2 Multiple Vulnerabilities
OpenSSH < 4.5 Multiple Vulnerabilities
OpenSSH < 3.0.2 Multiple Vulnerabilities
OpenSSH < 4.9 “ForceCommand” Directive Bypass
OpenSSH < 3.0.1 Multiple Flaws
OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
OpenSSH With OpenPAM DoS
OpenSSH < 2.5.2 / 2.5.2p2 Multiple Information Disclosure Vulnerabilities
OpenSSH < 3.7.1 Multiple Vulnerabilities
OpenSSH < 3.4 Multiple Remote Overflows
OpenSSH X11 Forwarding Session Hijacking
SSH Protocol Version 1 Session Key Retrieval
OpenSSH < 5.2 CBC Plaintext Disclosure
OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
OpenSSH < 5.2 CBC Plaintext Disclosure
OpenSSH < 4.3 scp Command Line Filename Processing Command Injection
OpenSSH < 3.7.1 Multiple Vulnerabilities
OpenSSH < 2.9.9p2 echo simulation Information Disclosure
OpenSSH < 4.9 “ForceCommand” Directive Bypass
OpenSSH < 2.5.2 / 2.5.2p2 Multiple Information Disclosure Vulnerabilities
OpenSSH With OpenPAM DoS
OpenSSH < 3.2.3 YP Netgroups Authentication Bypass
OpenSSH < 3.6.1p2 Multiple Vulnerabilities
OpenSSH < 3.6.1p2 Multiple Vulnerabilities
OpenSSH < 2.9.9p1 Resource Limit Bypass
OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
SSH Protocol Version 1 Session Key Retrieval
OpenSSH < 3.0.2 Multiple Vulnerabilities
OpenSSH < 3.2.3 YP Netgroups Authentication Bypass
OpenSSH X11 Forwarding Session Hijacking
OpenSSH X11 Forwarding Session Hijacking
OpenSSH < 2.9.9p1 Resource Limit Bypass
OpenSSH < 2.5.2 / 2.5.2p2 Multiple Information Disclosure Vulnerabilities
OpenSSH < 4.5 Multiple Vulnerabilities
OpenSSH < 3.2.3 YP Netgroups Authentication Bypass
OpenSSH With OpenPAM DoS
OpenSSH < 3.1 Channel Code Off by One Remote Privilege Escalation
OpenSSH < 3.0.1 Multiple Flaws
OpenSSH < 2.9.9p2 echo simulation Information Disclosure
OpenSSH < 4.3 scp Command Line Filename Processing Command Injection
OpenSSH < 3.4 Multiple Remote Overflows
OpenSSH < 3.7.1 Multiple Vulnerabilities
OpenSSH < 4.5 Multiple Vulnerabilities
OpenSSH < 4.9 “ForceCommand” Directive Bypass
OpenSSH < 4.7 Trusted X11 Cookie Connection Policy Bypass
OpenSSH < 4.7 Trusted X11 Cookie Connection Policy Bypass
OpenSSH < 2.9.9p2 echo simulation Information Disclosure
OpenSSH < 3.0.1 Multiple Flaws
OpenSSH < 5.2 CBC Plaintext Disclosure
OpenSSH < 3.0.2 Multiple Vulnerabilities
OpenSSH < 3.4 Multiple Remote Overflows
OpenSSH < 3.1 Channel Code Off by One Remote Privilege Escalation
OpenSSH < 3.6.2 Reverse DNS Lookup Bypass
OpenSSH < 3.6.2 Reverse DNS Lookup Bypass
OpenSSH < 4.7 Trusted X11 Cookie Connection Policy Bypass
OpenSSH < 3.6.2 Reverse DNS Lookup Bypass
OpenSSH < 4.3 scp Command Line Filename Processing Command Injection
SSH Protocol Version 1 Session Key Retrieval
OpenSSH < 2.9.9p1 Resource Limit Bypass
OpenSSH < 3.1 Channel Code Off by One Remote Privilege Escalation
OpenSSH < 3.0.1 Multiple Flaws

My question are:
It is possible to know the version of SSH used by mikrotik fw ? In my case 5.19 fw but in general the next versions 6.11 or 5.26 (all version).
How can I solve the weakness points?

DaxStox · April 10, 2014, 8:56am

Hi everyone,

What is the OpenSSH or SSH version used by router mikrotik firmware ?