[Bug 1929758] Re: OpenSSH vulnerabilities

Seth Arnold 1929758 at bugs.launchpad.net
Fri May 28 19:57:16 UTC 2021 

Great, thanks Ian.

** Package changed: ubuntu => openssh (Ubuntu)

** Changed in: openssh (Ubuntu)
       Status: Incomplete => Invalid

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1929758

Title:
  OpenSSH vulnerabilities

Status in openssh package in Ubuntu:
  Invalid

Bug description:
  Hi,

  I was using NMAP to scan my Ubuntu server and it listed some
  vulnerabilities in OpenSSH. It also came up with exploits against
  these vulnerabilities.

  On my home network, I have several computers that I use for various
  purposes; a Ubuntu 20.04 LTS computer and Kali Linux computer being
  the subject for this email. I wanted to test if I had any security
  issues on my Ubuntu computer so I was doing some scans on it from my
  Kali computer. I did a scan with NMAP and it produced some
  vulnerabilities in OpenSSH and what exploits to use. Here is some info
  on my computers and the NMAP command that I used:

  ~$ lsb_release -a
  No LSB modules are available.
  Distributor ID:	Ubuntu
  Description:	Ubuntu 20.04.2 LTS
  Release:	20.04
  Codename:	focal

  ─$ lsb_release -a
  No LSB modules are available.
  Distributor ID:	Kali
  Description:	Kali GNU/Linux Rolling
  Release:	2021.1
  Codename:	kali-rolling

  ~$ ssh -V
  OpenSSH_8.2p1 Ubuntu-4ubuntu0.2, OpenSSL 1.1.1f  31 Mar 2020

  ~$ apt-cache policy ssh
  ssh:
    Installed: (none)
    Candidate: 1:8.2p1-4ubuntu0.2
    Version table:
       1:8.2p1-4ubuntu0.2 500
          500 http://ca.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
          500 http://ca.archive.ubuntu.com/ubuntu focal-security/main amd64 Packages
       1:8.2p1-4 500
          500 http://ca.archive.ubuntu.com/ubuntu focal/main amd64 Packages

  
  ─$ sudo nmap -sV --script vuln 192.168.0.10
  Starting Nmap 7.91 ( https://nmap.org ) at 2021-05-26 17:26 PDT
  Pre-scan script results:
  | broadcast-avahi-dos: 
  |   Discovered hosts:
  |     224.0.0.251
  |   After NULL UDP avahi packet DoS (CVE-2011-1002).
  |_  Hosts are all up (not vulnerable).
  Nmap scan report for 192.168.0.10
  Host is up (0.00017s latency).
  Not shown: 995 filtered ports
  PORT    STATE  SERVICE  VERSION
  20/tcp  closed ftp-data
  21/tcp  closed ftp
  22/tcp  open   ssh      OpenSSH 8.2p1 Ubuntu 4ubuntu0.2 (Ubuntu Linux; protocol 2.0)
  | vulners: 
  |   cpe:/a:openbsd:openssh:8.2p1: 
  |     	EDB-ID:21018	10.0	https://vulners.com/exploitdb/EDB-ID:21018	*EXPLOIT*
  |     	CVE-2001-0554	10.0	https://vulners.com/cve/CVE-2001-0554
  |     	CVE-2020-15778	6.8	https://vulners.com/cve/CVE-2020-15778
  |     	CVE-2020-12062	5.0	https://vulners.com/cve/CVE-2020-12062
  |     	CVE-2021-28041	4.6	https://vulners.com/cve/CVE-2021-28041
  |     	MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145/	4.3	https://vulners.com/metasploit/MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145/	*EXPLOIT*
  |     	MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145/	4.3	https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145/	*EXPLOIT*
  |     	MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145/	4.3	https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145/	*EXPLOIT*
  |     	MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145/	4.3	https://vulners.com/metasploit/MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145/	*EXPLOIT*
  |     	MSF:ILITIES/F5-BIG-IP-CVE-2020-14145/	4.3	https://vulners.com/metasploit/MSF:ILITIES/F5-BIG-IP-CVE-2020-14145/	*EXPLOIT*
  |     	CVE-2020-14145	4.3	https://vulners.com/cve/CVE-2020-14145
  |_    	MSF:AUXILIARY/SCANNER/SSH/FORTINET_BACKDOOR/	0.0	https://vulners.com/metasploit/MSF:AUXILIARY/SCANNER/SSH/FORTINET_BACKDOOR/	*EXPLOIT*
  80/tcp  open   http     Apache httpd
  |_http-csrf: Couldn't find any CSRF vulnerabilities.
  |_http-dombased-xss: Couldn't find any DOM based XSS.
  |_http-server-header: Apache
  |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
  443/tcp open   ssl/http Apache httpd
  |_http-csrf: Couldn't find any CSRF vulnerabilities.
  |_http-dombased-xss: Couldn't find any DOM based XSS.
  |_http-server-header: Apache
  |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
  |_sslv2-drown: 
  MAC Address: 00:15:C5:F6:5D:94 (Dell)
  Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

  Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  Nmap done: 1 IP address (1 host up) scanned in 80.86 seconds

  Thanks,
  Ian

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1929758/+subscriptions

More information about the foundations-bugs mailing list