Hello All,
Im testing OpenSSH for vulnerabilites with the help of nessus. The nessus nasl script openssh_pam_timing.nasl is not reporting vulnerability even for vulnerable systems. The following change in the script makes it to report the vulnerabilities correctly.
Remove this:
-if ( now - then == 0 )
-{
-}
-if ( now - then >= 2 ) security_note(port);
Add this:
68 ret = ssh_login(socket:soc, login:"nonexistent" + rand(), password:"n3ssus");
69 now = unixtime();
+70 inval_diff=now - then;
77 ret = ssh_login(socket:soc, login:"bin", password:"n3ssus");
78 now = unixtime();
+79 val_diff=now - then;
+80 if ( (val_diff - inval_diff) >= 1) security_note(port);
As the ssh_login for a non-existent user will take some time, checking the difference value of time to be zero is not correct.
Thanks,
Senthil Kumar.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.791 / Virus Database: 535 - Release Date: 11/8/2004
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Fri Jan 07 2005 - 08:55:30 PST